File name:

HackTool;Win32.crack.exe

Full analysis: https://app.any.run/tasks/c0a3728e-e30f-4d80-ba6c-52ceedb21fb2
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: June 15, 2024, 23:48:48
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
innosetup
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

F38A8E3A1842CC33F70E9BE7E817786D

SHA1:

6E32C1F5F5D7D812E47B44B0934D176DFD480C12

SHA256:

0A40F289DBD204C6CC6AF8E1AF73E571FE3DAF72F05CA172FA7340EB0BBD6877

SSDEEP:

98304:9l/SMPUQ+ku/mMjvswRsgwASXybygXyonKDolYN/aK8TKfjMVyaeQVFLL5kMfzZd:B5e94zo6S1/SQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • HackTool;Win32.crack.exe (PID: 1772)
      • HackTool;Win32.crack.tmp (PID: 1628)
      • unins000.exe (PID: 2532)
      • _iu14D2N.tmp (PID: 2516)

    • Creates a writable file in the system directory

      • hosts.exe (PID: 2504)
      • hosts.exe (PID: 2656)
      • hosts.exe (PID: 2324)
      • hosts.exe (PID: 2392)
      • hosts.exe (PID: 2668)
      • hosts.exe (PID: 2616)
      • hosts.exe (PID: 2832)
      • hosts.exe (PID: 2904)
      • hosts.exe (PID: 2964)
      • hosts.exe (PID: 3180)
      • hosts.exe (PID: 3256)
      • hosts.exe (PID: 3416)
      • hosts.exe (PID: 3564)
      • hosts.exe (PID: 3536)
      • hosts.exe (PID: 3488)
      • hosts.exe (PID: 4076)
      • hosts.exe (PID: 3968)
      • hosts.exe (PID: 3936)
      • hosts.exe (PID: 312)
      • hosts.exe (PID: 372)
      • hosts.exe (PID: 2312)
      • hosts.exe (PID: 3156)
      • hosts.exe (PID: 2368)
      • hosts.exe (PID: 692)
      • hosts.exe (PID: 3496)
      • hosts.exe (PID: 2196)
      • hosts.exe (PID: 1072)
      • hosts.exe (PID: 580)
      • hosts.exe (PID: 3160)
      • hosts.exe (PID: 3620)
      • hosts.exe (PID: 3428)
      • hosts.exe (PID: 2480)
      • hosts.exe (PID: 2900)
      • hosts.exe (PID: 3612)
      • hosts.exe (PID: 2064)
      • hosts.exe (PID: 2624)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • HackTool;Win32.crack.exe (PID: 1772)
      • HackTool;Win32.crack.tmp (PID: 1628)
      • unins000.exe (PID: 2532)
      • _iu14D2N.tmp (PID: 2516)

    • Reads the Windows owner or organization settings

      • HackTool;Win32.crack.tmp (PID: 1628)
      • _iu14D2N.tmp (PID: 2516)

    • Process drops legitimate windows executable

      • HackTool;Win32.crack.tmp (PID: 1628)
      • _iu14D2N.tmp (PID: 2516)

    • Reads the Internet Settings

      • HackTool;Win32.crack.tmp (PID: 1628)

    • Reads security settings of Internet Explorer

      • HackTool;Win32.crack.tmp (PID: 1628)

    • Potential Corporate Privacy Violation

      • HackTool;Win32.crack.tmp (PID: 1628)

    • Process requests binary or script from the Internet

      • HackTool;Win32.crack.tmp (PID: 1628)

    • Starts CMD.EXE for commands execution

      • HackTool;Win32.crack.tmp (PID: 1628)

    • Starts application with an unusual extension

      • unins000.exe (PID: 2532)

    • Starts itself from another location

      • unins000.exe (PID: 2532)

    • Reads the date of Windows installation

      • _iu14D2N.tmp (PID: 2516)

    • Executing commands from ".cmd" file

      • HackTool;Win32.crack.tmp (PID: 1628)

    • The executable file from the user directory is run by the CMD process

      • hosts.exe (PID: 2656)
      • hosts.exe (PID: 2504)
      • hosts.exe (PID: 2324)
      • hosts.exe (PID: 2392)
      • hosts.exe (PID: 2668)
      • hosts.exe (PID: 2616)
      • hosts.exe (PID: 2904)
      • hosts.exe (PID: 2964)
      • hosts.exe (PID: 2832)
      • hosts.exe (PID: 3180)
      • hosts.exe (PID: 3256)
      • hosts.exe (PID: 3416)
      • hosts.exe (PID: 3564)
      • hosts.exe (PID: 3488)
      • hosts.exe (PID: 3536)
      • hosts.exe (PID: 3936)
      • hosts.exe (PID: 4076)
      • hosts.exe (PID: 3968)
      • hosts.exe (PID: 2312)
      • hosts.exe (PID: 372)
      • hosts.exe (PID: 312)
      • hosts.exe (PID: 692)
      • hosts.exe (PID: 3156)
      • hosts.exe (PID: 2368)
      • hosts.exe (PID: 3496)
      • hosts.exe (PID: 2196)
      • hosts.exe (PID: 1072)
      • hosts.exe (PID: 3160)
      • hosts.exe (PID: 2480)
      • hosts.exe (PID: 580)
      • hosts.exe (PID: 3428)
      • hosts.exe (PID: 3620)
      • hosts.exe (PID: 2624)
      • hosts.exe (PID: 2900)
      • hosts.exe (PID: 3612)
      • hosts.exe (PID: 2064)

    • Creates files in the driver directory

      • hosts.exe (PID: 2504)
      • hosts.exe (PID: 2656)
      • hosts.exe (PID: 2324)
      • hosts.exe (PID: 2616)
      • hosts.exe (PID: 2392)
      • hosts.exe (PID: 2668)
      • hosts.exe (PID: 2832)
      • hosts.exe (PID: 2904)
      • hosts.exe (PID: 2964)
      • hosts.exe (PID: 3180)
      • hosts.exe (PID: 3256)
      • hosts.exe (PID: 3416)
      • hosts.exe (PID: 3536)
      • hosts.exe (PID: 3488)
      • hosts.exe (PID: 3564)
      • hosts.exe (PID: 4076)
      • hosts.exe (PID: 3968)
      • hosts.exe (PID: 3936)
      • hosts.exe (PID: 372)
      • hosts.exe (PID: 312)
      • hosts.exe (PID: 2312)
      • hosts.exe (PID: 692)
      • hosts.exe (PID: 3156)
      • hosts.exe (PID: 1072)
      • hosts.exe (PID: 2368)
      • hosts.exe (PID: 2196)
      • hosts.exe (PID: 3160)
      • hosts.exe (PID: 580)
      • hosts.exe (PID: 3496)
      • hosts.exe (PID: 3620)
      • hosts.exe (PID: 3428)
      • hosts.exe (PID: 2480)
      • hosts.exe (PID: 2900)
      • hosts.exe (PID: 3612)
      • hosts.exe (PID: 2064)
      • hosts.exe (PID: 2624)

  • INFO

    • Checks supported languages

      • HackTool;Win32.crack.exe (PID: 1772)
      • HackTool;Win32.crack.tmp (PID: 1628)
      • FlushFileCache.exe (PID: 2240)
      • unins000.exe (PID: 2532)
      • _iu14D2N.tmp (PID: 2516)
      • fart.exe (PID: 2260)
      • fart.exe (PID: 736)
      • hosts.exe (PID: 2656)
      • hosts.exe (PID: 2324)
      • hosts.exe (PID: 2504)
      • hosts.exe (PID: 2392)
      • hosts.exe (PID: 2668)
      • hosts.exe (PID: 2616)
      • hosts.exe (PID: 2832)
      • hosts.exe (PID: 2904)
      • hosts.exe (PID: 2964)
      • hosts.exe (PID: 3180)
      • hosts.exe (PID: 3256)
      • hosts.exe (PID: 3416)
      • hosts.exe (PID: 3564)
      • hosts.exe (PID: 3488)
      • hosts.exe (PID: 3936)
      • hosts.exe (PID: 3536)
      • hosts.exe (PID: 4076)
      • hosts.exe (PID: 3968)
      • hosts.exe (PID: 692)
      • hosts.exe (PID: 2312)
      • hosts.exe (PID: 372)
      • hosts.exe (PID: 312)
      • hosts.exe (PID: 2368)
      • hosts.exe (PID: 3156)
      • wmpnscfg.exe (PID: 2984)
      • hosts.exe (PID: 3496)
      • hosts.exe (PID: 2196)
      • hosts.exe (PID: 1072)
      • hosts.exe (PID: 3160)
      • hosts.exe (PID: 2480)
      • hosts.exe (PID: 580)
      • hosts.exe (PID: 3620)
      • hosts.exe (PID: 3428)
      • hosts.exe (PID: 2624)
      • hosts.exe (PID: 2900)
      • hosts.exe (PID: 3612)
      • hosts.exe (PID: 2064)

    • Create files in a temporary directory

      • HackTool;Win32.crack.exe (PID: 1772)
      • HackTool;Win32.crack.tmp (PID: 1628)
      • unins000.exe (PID: 2532)
      • _iu14D2N.tmp (PID: 2516)

    • Reads the computer name

      • HackTool;Win32.crack.tmp (PID: 1628)
      • FlushFileCache.exe (PID: 2240)
      • _iu14D2N.tmp (PID: 2516)
      • hosts.exe (PID: 2504)
      • hosts.exe (PID: 2656)
      • hosts.exe (PID: 2324)
      • hosts.exe (PID: 2392)
      • hosts.exe (PID: 2668)
      • hosts.exe (PID: 2616)
      • hosts.exe (PID: 2832)
      • hosts.exe (PID: 2964)
      • hosts.exe (PID: 2904)
      • hosts.exe (PID: 3180)
      • hosts.exe (PID: 3256)
      • hosts.exe (PID: 3416)
      • hosts.exe (PID: 3564)
      • hosts.exe (PID: 3488)
      • hosts.exe (PID: 3536)
      • hosts.exe (PID: 3968)
      • hosts.exe (PID: 3936)
      • hosts.exe (PID: 4076)
      • hosts.exe (PID: 372)
      • hosts.exe (PID: 312)
      • hosts.exe (PID: 2312)
      • hosts.exe (PID: 3156)
      • hosts.exe (PID: 2368)
      • hosts.exe (PID: 692)
      • hosts.exe (PID: 1072)
      • wmpnscfg.exe (PID: 2984)
      • hosts.exe (PID: 2196)
      • hosts.exe (PID: 3496)
      • hosts.exe (PID: 580)
      • hosts.exe (PID: 2480)
      • hosts.exe (PID: 3160)
      • hosts.exe (PID: 3428)
      • hosts.exe (PID: 2624)
      • hosts.exe (PID: 3620)
      • hosts.exe (PID: 2900)
      • hosts.exe (PID: 3612)
      • hosts.exe (PID: 2064)

    • Checks proxy server information

      • HackTool;Win32.crack.tmp (PID: 1628)

    • Reads the machine GUID from the registry

      • HackTool;Win32.crack.tmp (PID: 1628)
      • hosts.exe (PID: 2324)
      • hosts.exe (PID: 2504)
      • hosts.exe (PID: 2656)
      • hosts.exe (PID: 2392)
      • hosts.exe (PID: 2616)
      • hosts.exe (PID: 2832)
      • hosts.exe (PID: 2964)
      • hosts.exe (PID: 2668)
      • hosts.exe (PID: 2904)
      • hosts.exe (PID: 3180)
      • hosts.exe (PID: 3256)
      • hosts.exe (PID: 3416)
      • hosts.exe (PID: 3536)
      • hosts.exe (PID: 3488)
      • hosts.exe (PID: 3564)
      • hosts.exe (PID: 4076)
      • hosts.exe (PID: 3968)
      • hosts.exe (PID: 3936)
      • hosts.exe (PID: 2312)
      • hosts.exe (PID: 372)
      • hosts.exe (PID: 312)
      • hosts.exe (PID: 3156)
      • hosts.exe (PID: 2368)
      • hosts.exe (PID: 692)
      • hosts.exe (PID: 2196)
      • hosts.exe (PID: 1072)
      • hosts.exe (PID: 3496)
      • hosts.exe (PID: 3160)
      • hosts.exe (PID: 580)
      • hosts.exe (PID: 2480)
      • hosts.exe (PID: 3620)
      • hosts.exe (PID: 3428)
      • hosts.exe (PID: 2900)
      • hosts.exe (PID: 3612)
      • hosts.exe (PID: 2624)
      • hosts.exe (PID: 2064)

    • Creates a software uninstall entry

      • HackTool;Win32.crack.tmp (PID: 1628)

    • Application launched itself

      • msedge.exe (PID: 960)
      • msedge.exe (PID: 2644)

    • Manual execution by a user

      • msedge.exe (PID: 2644)
      • wmpnscfg.exe (PID: 2984)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (77.7)
.exe | Win32 Executable Delphi generic (10)
.dll | Win32 Dynamic Link Library (generic) (4.6)
.exe | Win32 Executable (generic) (3.1)
.exe | Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:10:02 05:04:04+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 86016
InitializedDataSize: 53760
UninitializedDataSize: -
EntryPoint: 0x16478
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: Red Dead Redemption Setup
FileVersion:
LegalCopyright: FitGirl
ProductName: Red Dead Redemption
ProductVersion:
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
116
Monitored processes
72
Malicious processes
5
Suspicious processes
36

Behavior graph

Click at the process to see the details
start hacktool;win32.crack.exe hacktool;win32.crack.tmp flushfilecache.exe no specs fart.exe no specs fart.exe no specs cmd.exe no specs unins000.exe _iu14d2n.tmp msedge.exe no specs cmd.exe no specs hosts.exe no specs msedge.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe hosts.exe no specs msedge.exe no specs hosts.exe no specs hosts.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs hosts.exe no specs hosts.exe no specs msedge.exe no specs msedge.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs msedge.exe no specs hosts.exe no specs msedge.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs msedge.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs wmpnscfg.exe no specs hosts.exe no specs hosts.exe no specs msedge.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs msedge.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs hacktool;win32.crack.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
312hosts.exe add www.fitgirlpack.site 109.94.209.70 # Fake FitGirl site C:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\hosts.execmd.exe
User:
admin
Company:
Vegalogic Software
Integrity Level:
HIGH
Description:
Hosts Commander
Exit code:
0
Version:
1.6.1.0
Modules
Images
c:\users\admin\appdata\local\temp\is-bnrj6.tmp\hosts.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
372hosts.exe add fitgirlpack.site 109.94.209.70 # Fake FitGirl site C:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\hosts.execmd.exe
User:
admin
Company:
Vegalogic Software
Integrity Level:
HIGH
Description:
Hosts Commander
Exit code:
0
Version:
1.6.1.0
Modules
Images
c:\users\admin\appdata\local\temp\is-bnrj6.tmp\hosts.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
580hosts.exe add www.fitgirl-repacks-site.org 109.94.209.70 # Fake FitGirl site C:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\hosts.execmd.exe
User:
admin
Company:
Vegalogic Software
Integrity Level:
HIGH
Description:
Hosts Commander
Exit code:
0
Version:
1.6.1.0
Modules
Images
c:\users\admin\appdata\local\temp\is-bnrj6.tmp\hosts.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
692hosts.exe add fitgirl-repack.org 109.94.209.70 # Fake FitGirl site C:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\hosts.execmd.exe
User:
admin
Company:
Vegalogic Software
Integrity Level:
HIGH
Description:
Hosts Commander
Exit code:
0
Version:
1.6.1.0
Modules
Images
c:\users\admin\appdata\local\temp\is-bnrj6.tmp\hosts.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
736"C:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\fart.exe" qt-config.txt \ \\C:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\fart.exeHackTool;Win32.crack.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
5
Modules
Images
c:\users\admin\appdata\local\temp\is-bnrj6.tmp\fart.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
948"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1352,i,3461766279509493289,10510786063823245569,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
960"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument http://bit.ly/fitgirl-repacks-siteC:\Program Files\Microsoft\Edge\Application\msedge.exeHackTool;Win32.crack.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
972"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3760 --field-trial-handle=1368,i,17715296986502312282,101373496725605211,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1072hosts.exe add fitgirlrepack.games 109.94.209.70 # Fake FitGirl site C:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\hosts.execmd.exe
User:
admin
Company:
Vegalogic Software
Integrity Level:
HIGH
Description:
Hosts Commander
Exit code:
0
Version:
1.6.1.0
Modules
Images
c:\users\admin\appdata\local\temp\is-bnrj6.tmp\hosts.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1628"C:\Users\admin\AppData\Local\Temp\is-EOEIP.tmp\HackTool;Win32.crack.tmp" /SL5="$3012C,7564513,140800,C:\Users\admin\Desktop\HackTool;Win32.crack.exe" C:\Users\admin\AppData\Local\Temp\is-EOEIP.tmp\HackTool;Win32.crack.tmp
HackTool;Win32.crack.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-eoeip.tmp\hacktool;win32.crack.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
24 036
Read events
23 752
Write events
256
Delete events
28

Modification events

(PID) Process:(1628) HackTool;Win32.crack.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
5C0600000CAD659A7EBFDA01
(PID) Process:(1628) HackTool;Win32.crack.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
FC4E954D1793FE01582C502B83DCBE658D751C5445906B6C83E606FAC0B561CD
(PID) Process:(1628) HackTool;Win32.crack.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(1628) HackTool;Win32.crack.tmpKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\DirectSound\Speaker Configuration
Operation:writeName:Speaker Configuration
Value:
4
(PID) Process:(1628) HackTool;Win32.crack.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(1628) HackTool;Win32.crack.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(1628) HackTool;Win32.crack.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(1628) HackTool;Win32.crack.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
(PID) Process:(1628) HackTool;Win32.crack.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoDetect
Value:
(PID) Process:(1628) HackTool;Win32.crack.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005D010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
56
Suspicious files
123
Text files
114
Unknown types
2

Dropped files

PID
Process
Filename
Type
1628HackTool;Win32.crack.tmpC:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\ISDone.dllexecutable
MD5:63DC27B7BC65243EFAA59A9797A140BA
SHA256:C652B4B564B3C85C399155CBB45C6FB5A9F56F074E566BFD20F01DA6E0412C74
1628HackTool;Win32.crack.tmpC:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\cls-lollypop.dllexecutable
MD5:0EF04BC15FD1B28975AFF2951B857F03
SHA256:F84677643D9977AA1E8A4AA8C85A12665D29A4E8292485A0B4DF846DD161F824
1772HackTool;Win32.crack.exeC:\Users\admin\AppData\Local\Temp\is-EOEIP.tmp\HackTool;Win32.crack.tmpexecutable
MD5:AE9890548F2FCAB56A4E9AE446F55B3F
SHA256:09AF8004B85478E1ECA09FA4CB5E3081DDDCB2F68A353F3EF6849D92BE47B449
1628HackTool;Win32.crack.tmpC:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\cls-magic2_x64.exeexecutable
MD5:7234C4334A7523B1AC6F51C072497071
SHA256:D92F7C60256509F74E36D9B5AAB041FE44999B1A3910D70AA83C9D01F062EA29
1628HackTool;Win32.crack.tmpC:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\CallbackCtrl.dllexecutable
MD5:F07E819BA2E46A897CFABF816D7557B2
SHA256:68F42A7823ED7EE88A5C59020AC52D4BBCADF1036611E96E470D986C8FAA172D
1628HackTool;Win32.crack.tmpC:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\BASS.dllexecutable
MD5:8005750EC63EB5292884AD6183AE2E77
SHA256:DF9F56C4DA160101567B0526845228EE481EE7D2F98391696FA27FE41F8ACF15
1628HackTool;Win32.crack.tmpC:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\cls-magic2_x86.exeexecutable
MD5:7CBE7DB7FC9258B6A43551140C343BB3
SHA256:6EA07AA4F5565AC289402ADE3B2E52BF8089AD6185E0ECF0E1F36CEA39C091A9
1628HackTool;Win32.crack.tmpC:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\cls-lollypop_x64.exeexecutable
MD5:5B848A24126F54A2C3C7B7393B536D33
SHA256:2D32C4F4522BC62F63C7949313434F6CA0EAA6B65B44EE5AA8B6B877988B1AA8
1628HackTool;Win32.crack.tmpC:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\CLS.initext
MD5:5C92BA1C6CE75537F304D5BB4D6CE5E5
SHA256:FBBF18F351711497EF2CF2573DF7D6AFF7CB0E682A3E6EDF12D14CBD5F43FA39
1628HackTool;Win32.crack.tmpC:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\innocallback.dllexecutable
MD5:1C55AE5EF9980E3B1028447DA6105C75
SHA256:6AFA2D104BE6EFE3D9A2AB96DBB75DB31565DAD64DD0B791E402ECC25529809F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
65
DNS requests
92
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1628
HackTool;Win32.crack.tmp
HEAD
200
68.232.34.200:80
http://download.visualstudio.microsoft.com/download/pr/9565895b-35a6-434b-a881-11a6f4beec76/4A8157B2FF422C259DDAA2D0E568C0C0AFAB940E1F6E0E482EF83E90DDBAD2D6/VC_redist.x86.exe
unknown
unknown
1628
HackTool;Win32.crack.tmp
HEAD
200
68.232.34.200:80
http://download.visualstudio.microsoft.com/download/pr/9565895b-35a6-434b-a881-11a6f4beec76/EE84FED2552E018E854D4CD2496DF4DD516F30733A27901167B8A9882119E57C/VC_redist.x64.exe
unknown
unknown
1628
HackTool;Win32.crack.tmp
GET
200
68.232.34.200:80
http://download.visualstudio.microsoft.com/download/pr/9565895b-35a6-434b-a881-11a6f4beec76/EE84FED2552E018E854D4CD2496DF4DD516F30733A27901167B8A9882119E57C/VC_redist.x64.exe
unknown
unknown
1628
HackTool;Win32.crack.tmp
GET
200
68.232.34.200:80
http://download.visualstudio.microsoft.com/download/pr/9565895b-35a6-434b-a881-11a6f4beec76/4A8157B2FF422C259DDAA2D0E568C0C0AFAB940E1F6E0E482EF83E90DDBAD2D6/VC_redist.x86.exe
unknown
unknown
2948
msedge.exe
GET
301
67.199.248.10:80
http://bit.ly/fitgirl-repacks-site
unknown
unknown
2948
msedge.exe
GET
301
190.115.31.179:80
http://fitgirl-repacks.site/
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1628
HackTool;Win32.crack.tmp
68.232.34.200:80
download.visualstudio.microsoft.com
EDGECAST
US
whitelisted
2644
msedge.exe
239.255.255.250:1900
unknown
2948
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2948
msedge.exe
67.199.248.10:80
bit.ly
GOOGLE-CLOUD-PLATFORM
US
shared
2948
msedge.exe
190.115.31.179:80
fitgirl-repacks.site
DDOS-GUARD CORP.
BZ
unknown
2948
msedge.exe
190.115.31.179:443
fitgirl-repacks.site
DDOS-GUARD CORP.
BZ
unknown
2948
msedge.exe
192.0.76.3:443
stats.wp.com
AUTOMATTIC
US
unknown

DNS requests

Domain
IP
Reputation
download.visualstudio.microsoft.com
  • 68.232.34.200
whitelisted
config.edge.skype.com
unknown
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
bit.ly
  • 67.199.248.10
  • 67.199.248.11
shared
fitgirl-repacks.site
  • 190.115.31.179
unknown
stats.wp.com
  • 192.0.76.3
whitelisted
i7.imageban.ru
  • 62.109.19.95
unknown
i6.imageban.ru
  • 80.87.200.35
unknown
i4.imageban.ru
  • 37.230.117.113
unknown
i2.imageban.ru
  • 62.109.31.142
unknown

Threats

PID
Process
Class
Message
1628
HackTool;Win32.crack.tmp
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
1628
HackTool;Win32.crack.tmp
Misc activity
ET INFO EXE - Served Attached HTTP
4 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
HackTool;Win32.crack.exe