File name:

VisualCppRedist_AIO_x86_x64.exe

Full analysis: https://app.any.run/tasks/9c703d73-9c5e-4582-bcb3-b7463f4a3175
Verdict: Malicious activity
Analysis date: August 14, 2024, 09:53:35
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

0ED3EFB716D505769ED181E19C5FE9F5

SHA1:

6499C8109339AE028AB50B347F976EE283ABE413

SHA256:

BFC56A0E6AA6FCAA013FC9BBD0A39F060E8E7CA84E5E16C1B62A99E94D4CC26C

SSDEEP:

196608:WxuVuSKXt4GPCa0bdQDfPayL0rELdaAuUowkfZZaeLRZTOW1IL458AGJYV:WuV497PCVIKyL0rYj5owsZVRZp4RAGc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • vcredist_x64.exe (PID: 320)
      • VC_redist.x86.exe (PID: 1748)
      • VC_redist.x64.exe (PID: 5944)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • VisualCppRedist_AIO_x86_x64.exe (PID: 6764)
      • vcredist_x64.exe (PID: 2384)
      • msiexec.exe (PID: 7048)
      • vcredist_x64.exe (PID: 320)
      • VC_redist.x86.exe (PID: 1748)
      • VC_redist.x64.exe (PID: 5944)
      • TiWorker.exe (PID: 300)

    • Starts a Microsoft application from unusual location

      • VisualCppRedist_AIO_x86_x64.exe (PID: 6508)
      • VisualCppRedist_AIO_x86_x64.exe (PID: 6764)

    • Executable content was dropped or overwritten

      • VisualCppRedist_AIO_x86_x64.exe (PID: 6764)
      • vcredist_x64.exe (PID: 2384)
      • vcredist_x64.exe (PID: 320)
      • VC_redist.x86.exe (PID: 3188)
      • VC_redist.x86.exe (PID: 1748)
      • VC_redist.x64.exe (PID: 6188)
      • VC_redist.x64.exe (PID: 5944)
      • TiWorker.exe (PID: 300)

    • Drops the executable file immediately after the start

      • VisualCppRedist_AIO_x86_x64.exe (PID: 6764)
      • vcredist_x64.exe (PID: 2384)
      • msiexec.exe (PID: 7048)
      • VC_redist.x86.exe (PID: 3188)
      • vcredist_x64.exe (PID: 320)
      • VC_redist.x86.exe (PID: 1748)
      • VC_redist.x64.exe (PID: 6188)
      • VC_redist.x64.exe (PID: 5944)
      • TiWorker.exe (PID: 300)

    • Reads security settings of Internet Explorer

      • VisualCppRedist_AIO_x86_x64.exe (PID: 6764)
      • VC_redist.x86.exe (PID: 3188)
      • VC_redist.x64.exe (PID: 6188)

    • Reads the date of Windows installation

      • VisualCppRedist_AIO_x86_x64.exe (PID: 6764)
      • VC_redist.x86.exe (PID: 3188)
      • VC_redist.x64.exe (PID: 6188)

    • The process drops C-runtime libraries

      • VisualCppRedist_AIO_x86_x64.exe (PID: 6764)
      • msiexec.exe (PID: 7048)
      • TiWorker.exe (PID: 300)

    • Executing commands from ".cmd" file

      • VisualCppRedist_AIO_x86_x64.exe (PID: 6764)

    • Starts CMD.EXE for commands execution

      • VisualCppRedist_AIO_x86_x64.exe (PID: 6764)
      • cmd.exe (PID: 7144)

    • Uses WMIC.EXE to obtain computer system information

      • cmd.exe (PID: 7144)

    • Application launched itself

      • cmd.exe (PID: 7144)
      • vcredist_x64.exe (PID: 320)
      • VC_redist.x86.exe (PID: 3188)
      • VC_redist.x86.exe (PID: 7020)
      • VC_redist.x64.exe (PID: 1132)
      • VC_redist.x64.exe (PID: 6188)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 7144)

    • Hides command output

      • cmd.exe (PID: 6508)
      • cmd.exe (PID: 2464)

    • Creates FileSystem object to access computer's file system (SCRIPT)

      • cscript.exe (PID: 252)
      • cscript.exe (PID: 5760)
      • cscript.exe (PID: 1236)
      • cscript.exe (PID: 5588)
      • cscript.exe (PID: 3908)
      • cscript.exe (PID: 840)
      • cscript.exe (PID: 2608)

    • The process executes VB scripts

      • cmd.exe (PID: 2384)
      • cmd.exe (PID: 1060)
      • cmd.exe (PID: 1448)
      • cmd.exe (PID: 6368)
      • cmd.exe (PID: 6800)
      • cmd.exe (PID: 4592)
      • cmd.exe (PID: 7016)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 7144)

    • Searches for installed software

      • reg.exe (PID: 3292)
      • reg.exe (PID: 6416)
      • reg.exe (PID: 6384)
      • reg.exe (PID: 3076)
      • reg.exe (PID: 6856)
      • reg.exe (PID: 2324)
      • reg.exe (PID: 2584)
      • reg.exe (PID: 6152)
      • reg.exe (PID: 6716)
      • reg.exe (PID: 6728)
      • reg.exe (PID: 2632)
      • reg.exe (PID: 6992)
      • reg.exe (PID: 6676)
      • reg.exe (PID: 5980)
      • reg.exe (PID: 4996)
      • reg.exe (PID: 5140)
      • reg.exe (PID: 6052)
      • reg.exe (PID: 904)
      • reg.exe (PID: 1812)
      • reg.exe (PID: 3972)
      • reg.exe (PID: 7032)
      • reg.exe (PID: 6680)
      • reg.exe (PID: 5144)
      • reg.exe (PID: 5916)
      • reg.exe (PID: 3844)
      • reg.exe (PID: 3372)
      • reg.exe (PID: 4004)
      • reg.exe (PID: 232)
      • reg.exe (PID: 1964)
      • reg.exe (PID: 6944)
      • reg.exe (PID: 5504)
      • reg.exe (PID: 6208)
      • vcredist_x64.exe (PID: 2384)
      • dllhost.exe (PID: 4404)
      • vcredist_x64.exe (PID: 320)
      • VC_redist.x86.exe (PID: 3188)
      • VC_redist.x86.exe (PID: 1748)
      • VC_redist.x64.exe (PID: 6188)
      • VC_redist.x64.exe (PID: 5944)
      • reg.exe (PID: 3116)
      • reg.exe (PID: 6216)
      • reg.exe (PID: 3188)
      • reg.exe (PID: 2464)
      • reg.exe (PID: 5904)
      • reg.exe (PID: 1044)
      • reg.exe (PID: 4016)
      • reg.exe (PID: 5088)
      • reg.exe (PID: 4276)
      • reg.exe (PID: 6812)
      • reg.exe (PID: 6796)
      • reg.exe (PID: 4060)
      • reg.exe (PID: 3692)
      • reg.exe (PID: 6852)
      • reg.exe (PID: 3864)
      • reg.exe (PID: 2324)
      • reg.exe (PID: 4280)
      • reg.exe (PID: 7124)

    • Creates a software uninstall entry

      • vcredist_x64.exe (PID: 320)
      • VC_redist.x86.exe (PID: 1748)
      • VC_redist.x64.exe (PID: 5944)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 7048)

    • Executes as Windows Service

      • VSSVC.exe (PID: 2128)

  • INFO

    • Create files in a temporary directory

      • VisualCppRedist_AIO_x86_x64.exe (PID: 6764)
      • vcredist_x64.exe (PID: 2384)
      • vcredist_x64.exe (PID: 320)
      • VC_redist.x86.exe (PID: 3188)
      • VC_redist.x86.exe (PID: 1748)
      • VC_redist.x64.exe (PID: 6188)
      • VC_redist.x64.exe (PID: 5944)

    • Checks supported languages

      • VisualCppRedist_AIO_x86_x64.exe (PID: 6764)
      • vcredist_x64.exe (PID: 2384)
      • vcredist_x64.exe (PID: 320)
      • msiexec.exe (PID: 7048)
      • VC_redist.x86.exe (PID: 7020)
      • VC_redist.x86.exe (PID: 3188)
      • VC_redist.x86.exe (PID: 1748)
      • VC_redist.x64.exe (PID: 1132)
      • VC_redist.x64.exe (PID: 6188)
      • VC_redist.x64.exe (PID: 5944)

    • Reads the computer name

      • VisualCppRedist_AIO_x86_x64.exe (PID: 6764)
      • vcredist_x64.exe (PID: 320)
      • vcredist_x64.exe (PID: 2384)
      • msiexec.exe (PID: 7048)
      • VC_redist.x86.exe (PID: 3188)
      • VC_redist.x86.exe (PID: 1748)
      • VC_redist.x64.exe (PID: 6188)
      • VC_redist.x64.exe (PID: 5944)

    • Process checks computer location settings

      • VisualCppRedist_AIO_x86_x64.exe (PID: 6764)
      • VC_redist.x86.exe (PID: 3188)
      • VC_redist.x64.exe (PID: 6188)

    • Checks operating system version

      • cmd.exe (PID: 7144)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 4924)
      • cscript.exe (PID: 252)
      • cscript.exe (PID: 1236)
      • cscript.exe (PID: 5760)
      • cscript.exe (PID: 5588)
      • cscript.exe (PID: 3908)
      • cscript.exe (PID: 840)
      • cscript.exe (PID: 2608)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 7048)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:03:05 12:48:36+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 96256
InitializedDataSize: 345600
UninitializedDataSize: -
EntryPoint: 0x17d2f
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 14.42.34226.3
ProductVersionNumber: 14.42.34226.3
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: Microsoft Corporation
FileDescription: Microsoft Visual C++ Redistributable Setup
FileVersion: 14.42.34226.3
InternalName: VCRedist_AIO_x86_x64.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
ProductName: Microsoft® Visual Studio®
OriginalFileName: VCRedist_AIO_x86_x64.exe
ProductVersion: 14.42.34226.3
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
404
Monitored processes
283
Malicious processes
61
Suspicious processes
2

Behavior graph

Click at the process to see the details
start visualcppredist_aio_x86_x64.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs reg.exe no specs wmic.exe no specs find.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs reg.exe no specs find.exe no specs reg.exe no specs find.exe no specs cmd.exe no specs cscript.exe no specs cmd.exe no specs cmd.exe no specs cscript.exe no specs cmd.exe no specs cmd.exe no specs cscript.exe no specs cmd.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs find.exe no specs reg.exe no specs reg.exe no specs find.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs findstr.exe no specs vcredist_x64.exe vcredist_x64.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe reg.exe no specs vc_redist.x86.exe no specs vc_redist.x86.exe vc_redist.x86.exe reg.exe no specs vc_redist.x64.exe no specs vc_redist.x64.exe vc_redist.x64.exe reg.exe no specs findstr.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs cscript.exe no specs cmd.exe no specs reg.exe no specs reg.exe no specs find.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs cmd.exe no specs cscript.exe no specs cmd.exe no specs cmd.exe no specs cscript.exe no specs cmd.exe no specs cmd.exe no specs cscript.exe no specs cmd.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs find.exe no specs reg.exe no specs reg.exe no specs find.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs findstr.exe no specs msiexec.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs tiworker.exe msiexec.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs visualcppredist_aio_x86_x64.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:18C:\Windows\System32\SrTasks.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Windows System Protection background tasks.
Version:
10.0.19041.1 (WinBuild.160101.0800)
232reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall /f "Microsoft Visual C++ 2015-2019 Redistributable" /s C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
240find /i "HKEY_LOCAL_MACHINE" C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
240find /i "TRIN_TRIR_SETUP" C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
240find /i "HKEY_LOCAL_MACHINE" C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
252cscript.exe //nologo filever.vbs "C:\WINDOWS\SysWOW64\msvcp110.dll"C:\Windows\System32\cscript.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft ® Console Based Script Host
Exit code:
0
Version:
5.812.10240.16384
Modules
Images
c:\windows\system32\cscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
300reg query "hklm\software\microsoft\Windows NT\currentversion" /v buildlabexC:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
300C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.3989_none_7ddb45627cb30e03\TiWorker.exe -EmbeddingC:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.3989_none_7ddb45627cb30e03\TiWorker.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Modules Installer Worker
Version:
10.0.19041.3989 (WinBuild.160101.0800)
320"C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe" /uninstall /passive /norestartC:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Exit code:
0
Version:
12.0.30501.0
Modules
Images
c:\programdata\package cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
400find /i "HKEY_LOCAL_MACHINE" C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (grep) Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
Total events
88 603
Read events
87 228
Write events
374
Delete events
1 001

Modification events

(PID) Process:(6764) VisualCppRedist_AIO_x86_x64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6764) VisualCppRedist_AIO_x86_x64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6764) VisualCppRedist_AIO_x86_x64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6764) VisualCppRedist_AIO_x86_x64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(320) vcredist_x64.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
4000000000000000C7E8C6FD2FEEDA0140010000FC000000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(4404) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
4800000000000000C7E8C6FD2FEEDA0134110000BC000000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(4404) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
48000000000000008C3D32FE2FEEDA0134110000BC000000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(4404) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
48000000000000008C3D32FE2FEEDA0134110000BC000000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(4404) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
480000000000000070754CFE2FEEDA0134110000BC000000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(4404) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4800000000000000EAA153FE2FEEDA0134110000BC000000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
800
Suspicious files
296
Text files
318
Unknown types
59

Dropped files

PID
Process
Filename
Type
6764VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2005\x86\vcredist.msiexecutable
MD5:DDB68A521894E865A124A6E1ECE28760
SHA256:2D7C6BACD113C6ED88021F84D3FFAB54B44D3D141D07A12870293D9900D985A3
6764VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2008\x86\vc_red.msiexecutable
MD5:824F1F188704D3DE77660D90FEA6B136
SHA256:72A46F29C780949C1151EFADD899806EE192B6FB4A87A9646D638DF95F3A0BBF
6764VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2010\x64\vc_red.msiexecutable
MD5:18ABB8390D8BA02E680FF4741B4D5600
SHA256:52FAB93D99E35BF50402EE4963F9184E4B37167855B64E4B7D6523D2AB6F03ED
6764VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2005\x64\vcredist.msiexecutable
MD5:75A443807EF22CB222A1882A0776EBFF
SHA256:DC35915B2747B9EE661FA00630C0983099240BF3231B4B4C1575AEF19D6D2D9B
6764VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\vbc\vbrun.msiexecutable
MD5:B077FE549C72B2BB5C978299D9893731
SHA256:C150BAB189860BE3742601D9CCC6F1DDF94CA641499942E48B571DAC4C29F846
6764VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2022\x64\vc_runtimeAdditional_x64.msiexecutable
MD5:56BCA98CB6CB20BBAC93559ABEA3F267
SHA256:3B0E0B52234B3081B90939FECAAFBC6C5C9271FC0998B924ABDD30C280044C3C
6764VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2008\x64\vc_red.msiexecutable
MD5:0ADDB501B3B96ED396CC8E7115DC309D
SHA256:BE98639D76E927263D64E49DF858B64710F5BF484B30ECAD2974C4C4AAE949C6
6764VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2013\x64\vc_runtimeAdditional_x64.msiexecutable
MD5:ABC7059A508909821213119089E3A000
SHA256:9D8601FD63C85823E0864BD5B6DE6D2100BF34FFAC69DD3FC0EE764520A58409
6764VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2013\x64\vc_runtimeMinimum_x64.msiexecutable
MD5:E01F1118A06A0F79762DCB20BA95F49F
SHA256:3460996E006A36C919A5D3B122B7E5BE0DDC349341A63C520AFC5744A3AFEAAE
6764VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2022\x64\vc_runtimeMinimum_x64.msiexecutable
MD5:4F1ACDF4E02EEA1F7BA5D99DA7C83B50
SHA256:2D551CA4E289B1C6DFDCD8C6DB78BB5CA551AFB7338DC80D332F55D3DD7F7903
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
15
DNS requests
4
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
239.255.255.250:1900
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
192.168.100.255:138
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5240
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4324
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
  • 51.124.78.146
whitelisted
google.com
  • 216.58.212.174
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
VisualCppRedist_AIO_x86_x64.exe