File name:

VisualCppRedist_AIO_x86_x64.exe

Full analysis: https://app.any.run/tasks/a8c95042-1998-4b8e-bc3d-24df4095b39c
Verdict: Malicious activity
Analysis date: May 24, 2025, 13:08:52
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
MD5:

8E9A608C5754C574CE87A28164A411F9

SHA1:

A2C74BDDFE01FEAC9A43566CB845E9F99246AF84

SHA256:

341513A8C49E3780BC01ACDE9C893E8176072412F042E83F2A9F296E6328EBA4

SSDEEP:

196608:mDdDvu3NvBIFuE7FIUsUpdJJFacCagqlcan4xc6SSh6Y8Dk:mDdq3NvOz7FgUYjacUWqSh65Dk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Starts a Microsoft application from unusual location

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • VisualCppRedist_AIO_x86_x64.exe (PID: 7396)

    • Process drops legitimate windows executable

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • msiexec.exe (PID: 5668)
      • vcredist_x64.exe (PID: 6660)
      • VC_redist.x86.exe (PID: 7396)
      • VC_redist.x64.exe (PID: 1676)
      • vcredist_x64.exe (PID: 8152)
      • TiWorker.exe (PID: 4608)

    • Executable content was dropped or overwritten

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • vcredist_x64.exe (PID: 6660)
      • vcredist_x64.exe (PID: 8152)
      • VC_redist.x86.exe (PID: 4652)
      • VC_redist.x86.exe (PID: 7396)
      • VC_redist.x64.exe (PID: 1676)
      • VC_redist.x64.exe (PID: 7528)
      • TiWorker.exe (PID: 4608)

    • Starts CMD.EXE for commands execution

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • cmd.exe (PID: 7980)

    • Application launched itself

      • cmd.exe (PID: 7980)
      • vcredist_x64.exe (PID: 8152)
      • VC_redist.x86.exe (PID: 4652)
      • VC_redist.x64.exe (PID: 7560)
      • VC_redist.x64.exe (PID: 7528)
      • VC_redist.x86.exe (PID: 7352)

    • Uses WMIC.EXE to obtain computer system information

      • cmd.exe (PID: 7980)

    • Hides command output

      • cmd.exe (PID: 5408)
      • cmd.exe (PID: 1324)

    • Reads security settings of Internet Explorer

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)

    • Executing commands from ".cmd" file

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)

    • The process executes VB scripts

      • cmd.exe (PID: 5064)
      • cmd.exe (PID: 5380)
      • cmd.exe (PID: 2088)
      • cmd.exe (PID: 1240)
      • cmd.exe (PID: 5328)
      • cmd.exe (PID: 7920)
      • cmd.exe (PID: 8020)

    • Creates FileSystem object to access computer's file system (SCRIPT)

      • cscript.exe (PID: 5512)
      • cscript.exe (PID: 5988)
      • cscript.exe (PID: 4696)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 7980)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 7980)

    • Searches for installed software

      • vcredist_x64.exe (PID: 6660)
      • dllhost.exe (PID: 720)

    • Executes as Windows Service

      • VSSVC.exe (PID: 8188)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 5668)
      • TiWorker.exe (PID: 4608)
      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)

  • INFO

    • Checks supported languages

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • vcredist_x64.exe (PID: 8152)
      • vcredist_x64.exe (PID: 6660)

    • Create files in a temporary directory

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • vcredist_x64.exe (PID: 6660)

    • Reads the computer name

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • vcredist_x64.exe (PID: 6660)
      • vcredist_x64.exe (PID: 8152)

    • The sample compiled with english language support

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • vcredist_x64.exe (PID: 6660)
      • msiexec.exe (PID: 5668)
      • vcredist_x64.exe (PID: 8152)
      • VC_redist.x86.exe (PID: 4652)
      • VC_redist.x86.exe (PID: 7396)
      • VC_redist.x64.exe (PID: 7528)
      • VC_redist.x64.exe (PID: 1676)
      • TiWorker.exe (PID: 4608)

    • The sample compiled with chinese language support

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • msiexec.exe (PID: 5668)
      • TiWorker.exe (PID: 4608)

    • The sample compiled with german language support

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • msiexec.exe (PID: 5668)
      • TiWorker.exe (PID: 4608)

    • The sample compiled with spanish language support

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • msiexec.exe (PID: 5668)
      • TiWorker.exe (PID: 4608)

    • Checks operating system version

      • cmd.exe (PID: 7980)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 8188)
      • cscript.exe (PID: 5512)
      • cscript.exe (PID: 5988)
      • cscript.exe (PID: 4696)

    • The sample compiled with french language support

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • msiexec.exe (PID: 5668)
      • TiWorker.exe (PID: 4608)

    • The sample compiled with Italian language support

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • msiexec.exe (PID: 5668)
      • TiWorker.exe (PID: 4608)

    • The sample compiled with korean language support

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • msiexec.exe (PID: 5668)
      • TiWorker.exe (PID: 4608)

    • The sample compiled with russian language support

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • msiexec.exe (PID: 5668)
      • TiWorker.exe (PID: 4608)

    • The sample compiled with japanese language support

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • msiexec.exe (PID: 5668)
      • TiWorker.exe (PID: 4608)

    • Process checks computer location settings

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)

    • Manages system restore points

      • SrTasks.exe (PID: 4724)
      • SrTasks.exe (PID: 3968)
      • SrTasks.exe (PID: 4008)
      • SrTasks.exe (PID: 1040)
      • SrTasks.exe (PID: 5172)
      • SrTasks.exe (PID: 8132)
      • SrTasks.exe (PID: 3012)
      • SrTasks.exe (PID: 6148)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 5668)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:03:05 12:48:36+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 96256
InitializedDataSize: 345600
UninitializedDataSize: -
EntryPoint: 0x17d2f
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 14.44.35112.1
ProductVersionNumber: 14.44.35112.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: Microsoft Corporation
FileDescription: Microsoft Visual C++ Redistributable Setup
FileVersion: 14.44.35112.1
InternalName: VCRedist_AIO_x86_x64.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
ProductName: Microsoft® Visual Studio®
OriginalFileName: VCRedist_AIO_x86_x64.exe
ProductVersion: 14.44.35112.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
417
Monitored processes
284
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start visualcppredist_aio_x86_x64.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs reg.exe no specs wmic.exe no specs find.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs reg.exe no specs find.exe no specs reg.exe no specs find.exe no specs cmd.exe no specs cscript.exe no specs cmd.exe no specs cmd.exe no specs cscript.exe no specs cmd.exe no specs cmd.exe no specs cscript.exe no specs cmd.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs find.exe no specs reg.exe no specs reg.exe no specs find.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs findstr.exe no specs vcredist_x64.exe vcredist_x64.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe reg.exe no specs vc_redist.x86.exe no specs vc_redist.x86.exe vc_redist.x86.exe reg.exe no specs vc_redist.x64.exe no specs vc_redist.x64.exe vc_redist.x64.exe reg.exe no specs findstr.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs cscript.exe no specs cmd.exe no specs reg.exe no specs reg.exe no specs find.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs cmd.exe no specs cscript.exe no specs cmd.exe no specs cmd.exe no specs cscript.exe no specs cmd.exe no specs cmd.exe no specs cscript.exe no specs cmd.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs find.exe no specs reg.exe no specs reg.exe no specs find.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs findstr.exe no specs msiexec.exe no specs slui.exe srtasks.exe no specs conhost.exe no specs msiexec.exe no specs tiworker.exe msiexec.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs visualcppredist_aio_x86_x64.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208find /i "HKEY_LOCAL_MACHINE" C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
208find /i "HKEY_LOCAL_MACHINE" C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
300reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{610487D9-3460-328A-9333-219D43A75CC5} /v UninstallString C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
496find /i "VC_RED_enu_" C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
516findstr /r "{.*-.*-.*-.*-.*}" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
536find /i "HKEY_LOCAL_MACHINE" C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
536findstr /r "{.*-.*-.*-.*-.*}" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
632find /i "HKEY_LOCAL_MACHINE" C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
660find /i "HKEY_LOCAL_MACHINE" C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
660reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53CF6934-A98D-3D84-9146-FC4EDF3D5641} /v UninstallString C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
82 920
Read events
78 151
Write events
3 605
Delete events
1 164

Modification events

(PID) Process:(720) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
480000000000000022950C18ADCCDB01D0020000201C0000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(8152) vcredist_x64.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
400000000000000022950C18ADCCDB01D81F0000CC1F0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(720) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
480000000000000060096018ADCCDB01D0020000201C0000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(720) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4800000000000000416C6218ADCCDB01D0020000201C0000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(720) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
480000000000000082A55D18ADCCDB01D0020000201C0000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(720) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
480000000000000082A55D18ADCCDB01D0020000201C0000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(720) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
480000000000000015270219ADCCDB01D0020000201C0000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(720) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
480000000000000082872319ADCCDB01D0020000F4180000E80300000100000000000000000000002F819076CB39314A9379276B6071E1E300000000000000000000000000000000
(PID) Process:(8188) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Enter)
Value:
480000000000000094152D19ADCCDB01FC1F00004C1B0000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(8188) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Enter)
Value:
480000000000000094152D19ADCCDB01FC1F000090170000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
800
Suspicious files
357
Text files
318
Unknown types
0

Dropped files

PID
Process
Filename
Type
7544VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2022\x64\vc_runtimeMinimum_x64.msiexecutable
MD5:17A157D8C65FDF24E76E8CB709BCDEDC
SHA256:396F6AD924A8ECC03E46640FB9D36033293358DE5F43779B50E2D7F7436456FE
7544VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2012\x86\vc_runtimeMinimum_x86.msiexecutable
MD5:DE2760871392670D3A3DA4DE2720283C
SHA256:D659D56620B6A7EF34DDC33A6D92CEAF1A3153FDBE6030873AF9A65048CAEB80
7544VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2012\x86\vc_runtimeAdditional_x86.msiexecutable
MD5:0305347AEEC002BAD2C343A5DFE77A51
SHA256:E7459F2AB253634B59A63C7B0326F1CB765D2713869DB85A02163E89F75B68AF
7544VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2012\x64\vc_runtimeMinimum_x64.msiexecutable
MD5:921BAB4220B28DDB685B45DDB12D4341
SHA256:3AF92A99CA2177EF54893A6EE89F5771EB551E706AA15D0AED587E32F3A34566
7544VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2013\x64\vc_runtimeAdditional_x64.msiexecutable
MD5:ABC7059A508909821213119089E3A000
SHA256:9D8601FD63C85823E0864BD5B6DE6D2100BF34FFAC69DD3FC0EE764520A58409
7544VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2010\x64\vc_red.msiexecutable
MD5:18ABB8390D8BA02E680FF4741B4D5600
SHA256:52FAB93D99E35BF50402EE4963F9184E4B37167855B64E4B7D6523D2AB6F03ED
7544VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2022\x86\vc_runtimeAdditional_x86.msiexecutable
MD5:523E2F91008BCB0F161D7939675DDEA2
SHA256:9ADCE8E397B1ED9FB349D9E6EFFAB088FC5B0B3A195F3B9835F6E19DA6DD6731
7544VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2013\x64\vc_runtimeMinimum_x64.msiexecutable
MD5:E01F1118A06A0F79762DCB20BA95F49F
SHA256:3460996E006A36C919A5D3B122B7E5BE0DDC349341A63C520AFC5744A3AFEAAE
7544VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2013\x86\vc_runtimeAdditional_x86.msiexecutable
MD5:DD9A3B56FBB8B4875F14E7E84D75A433
SHA256:5D27CE80AA2A736111FA396C987029803019D93058744FADA2BB2A959630A3E2
7544VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2008\x64\vc_red.msiexecutable
MD5:0ADDB501B3B96ED396CC8E7115DC309D
SHA256:BE98639D76E927263D64E49DF858B64710F5BF484B30ECAD2974C4C4AAE949C6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
51
TCP/UDP connections
68
DNS requests
18
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6652
RUXIMICS.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6652
RUXIMICS.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2104
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
200
20.190.160.65:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
POST
400
40.126.32.140:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
POST
400
20.190.160.14:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
POST
400
20.190.160.2:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
POST
400
20.190.160.14:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
POST
400
20.190.160.22:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
6652
RUXIMICS.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2104
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6652
RUXIMICS.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6652
RUXIMICS.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
2104
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.46
whitelisted
crl.microsoft.com
  • 2.16.241.19
  • 2.16.241.12
  • 23.32.238.112
  • 23.32.238.107
whitelisted
www.microsoft.com
  • 95.101.149.131
  • 2.23.181.156
whitelisted
client.wns.windows.com
  • 172.211.123.248
  • 172.211.123.250
whitelisted
login.live.com
  • 40.126.32.133
  • 20.190.160.128
  • 20.190.160.4
  • 40.126.32.76
  • 40.126.32.140
  • 40.126.32.72
  • 40.126.32.68
  • 20.190.160.67
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
whitelisted
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.242.39.171
whitelisted
go.microsoft.com
  • 23.218.210.69
  • 95.100.186.9
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
VisualCppRedist_AIO_x86_x64.exe