File name:

HackTool;Win32.crack.exe

Full analysis: https://app.any.run/tasks/c0a3728e-e30f-4d80-ba6c-52ceedb21fb2
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: June 15, 2024, 23:48:48
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
innosetup
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

F38A8E3A1842CC33F70E9BE7E817786D

SHA1:

6E32C1F5F5D7D812E47B44B0934D176DFD480C12

SHA256:

0A40F289DBD204C6CC6AF8E1AF73E571FE3DAF72F05CA172FA7340EB0BBD6877

SSDEEP:

98304:9l/SMPUQ+ku/mMjvswRsgwASXybygXyonKDolYN/aK8TKfjMVyaeQVFLL5kMfzZd:B5e94zo6S1/SQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • HackTool;Win32.crack.tmp (PID: 1628)
      • unins000.exe (PID: 2532)
      • _iu14D2N.tmp (PID: 2516)
      • HackTool;Win32.crack.exe (PID: 1772)

    • Creates a writable file in the system directory

      • hosts.exe (PID: 2324)
      • hosts.exe (PID: 2504)
      • hosts.exe (PID: 2656)
      • hosts.exe (PID: 2616)
      • hosts.exe (PID: 2392)
      • hosts.exe (PID: 2668)
      • hosts.exe (PID: 2832)
      • hosts.exe (PID: 2904)
      • hosts.exe (PID: 2964)
      • hosts.exe (PID: 3180)
      • hosts.exe (PID: 3256)
      • hosts.exe (PID: 3416)
      • hosts.exe (PID: 3564)
      • hosts.exe (PID: 3536)
      • hosts.exe (PID: 3488)
      • hosts.exe (PID: 3936)
      • hosts.exe (PID: 3968)
      • hosts.exe (PID: 2312)
      • hosts.exe (PID: 4076)
      • hosts.exe (PID: 372)
      • hosts.exe (PID: 312)
      • hosts.exe (PID: 692)
      • hosts.exe (PID: 2196)
      • hosts.exe (PID: 2368)
      • hosts.exe (PID: 1072)
      • hosts.exe (PID: 3156)
      • hosts.exe (PID: 3496)
      • hosts.exe (PID: 3160)
      • hosts.exe (PID: 580)
      • hosts.exe (PID: 2480)
      • hosts.exe (PID: 3620)
      • hosts.exe (PID: 3428)
      • hosts.exe (PID: 2624)
      • hosts.exe (PID: 2900)
      • hosts.exe (PID: 3612)
      • hosts.exe (PID: 2064)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • HackTool;Win32.crack.tmp (PID: 1628)
      • unins000.exe (PID: 2532)
      • _iu14D2N.tmp (PID: 2516)
      • HackTool;Win32.crack.exe (PID: 1772)

    • Reads the Internet Settings

      • HackTool;Win32.crack.tmp (PID: 1628)

    • Process drops legitimate windows executable

      • HackTool;Win32.crack.tmp (PID: 1628)
      • _iu14D2N.tmp (PID: 2516)

    • Reads security settings of Internet Explorer

      • HackTool;Win32.crack.tmp (PID: 1628)

    • Potential Corporate Privacy Violation

      • HackTool;Win32.crack.tmp (PID: 1628)

    • Process requests binary or script from the Internet

      • HackTool;Win32.crack.tmp (PID: 1628)

    • Starts itself from another location

      • unins000.exe (PID: 2532)

    • Starts application with an unusual extension

      • unins000.exe (PID: 2532)

    • Starts CMD.EXE for commands execution

      • HackTool;Win32.crack.tmp (PID: 1628)

    • Reads the date of Windows installation

      • _iu14D2N.tmp (PID: 2516)

    • Executing commands from ".cmd" file

      • HackTool;Win32.crack.tmp (PID: 1628)

    • The executable file from the user directory is run by the CMD process

      • hosts.exe (PID: 2656)
      • hosts.exe (PID: 2324)
      • hosts.exe (PID: 2504)
      • hosts.exe (PID: 2616)
      • hosts.exe (PID: 2392)
      • hosts.exe (PID: 2668)
      • hosts.exe (PID: 2832)
      • hosts.exe (PID: 2904)
      • hosts.exe (PID: 2964)
      • hosts.exe (PID: 3180)
      • hosts.exe (PID: 3256)
      • hosts.exe (PID: 3416)
      • hosts.exe (PID: 3564)
      • hosts.exe (PID: 3536)
      • hosts.exe (PID: 3488)
      • hosts.exe (PID: 3936)
      • hosts.exe (PID: 3968)
      • hosts.exe (PID: 2312)
      • hosts.exe (PID: 372)
      • hosts.exe (PID: 4076)
      • hosts.exe (PID: 312)
      • hosts.exe (PID: 692)
      • hosts.exe (PID: 3156)
      • hosts.exe (PID: 2368)
      • hosts.exe (PID: 2196)
      • hosts.exe (PID: 1072)
      • hosts.exe (PID: 3496)
      • hosts.exe (PID: 3160)
      • hosts.exe (PID: 580)
      • hosts.exe (PID: 3620)
      • hosts.exe (PID: 3428)
      • hosts.exe (PID: 2480)
      • hosts.exe (PID: 2624)
      • hosts.exe (PID: 2900)
      • hosts.exe (PID: 2064)
      • hosts.exe (PID: 3612)

    • Reads the Windows owner or organization settings

      • _iu14D2N.tmp (PID: 2516)
      • HackTool;Win32.crack.tmp (PID: 1628)

    • Creates files in the driver directory

      • hosts.exe (PID: 2324)
      • hosts.exe (PID: 2504)
      • hosts.exe (PID: 2656)
      • hosts.exe (PID: 2616)
      • hosts.exe (PID: 2392)
      • hosts.exe (PID: 2668)
      • hosts.exe (PID: 2832)
      • hosts.exe (PID: 2904)
      • hosts.exe (PID: 2964)
      • hosts.exe (PID: 3180)
      • hosts.exe (PID: 3256)
      • hosts.exe (PID: 3416)
      • hosts.exe (PID: 3564)
      • hosts.exe (PID: 3536)
      • hosts.exe (PID: 3488)
      • hosts.exe (PID: 3936)
      • hosts.exe (PID: 3968)
      • hosts.exe (PID: 2312)
      • hosts.exe (PID: 4076)
      • hosts.exe (PID: 372)
      • hosts.exe (PID: 312)
      • hosts.exe (PID: 692)
      • hosts.exe (PID: 2368)
      • hosts.exe (PID: 2196)
      • hosts.exe (PID: 3156)
      • hosts.exe (PID: 3496)
      • hosts.exe (PID: 3160)
      • hosts.exe (PID: 1072)
      • hosts.exe (PID: 580)
      • hosts.exe (PID: 2480)
      • hosts.exe (PID: 3620)
      • hosts.exe (PID: 3428)
      • hosts.exe (PID: 2624)
      • hosts.exe (PID: 2900)
      • hosts.exe (PID: 3612)
      • hosts.exe (PID: 2064)

  • INFO

    • Checks supported languages

      • HackTool;Win32.crack.tmp (PID: 1628)
      • fart.exe (PID: 2260)
      • fart.exe (PID: 736)
      • unins000.exe (PID: 2532)
      • _iu14D2N.tmp (PID: 2516)
      • FlushFileCache.exe (PID: 2240)
      • hosts.exe (PID: 2656)
      • hosts.exe (PID: 2324)
      • hosts.exe (PID: 2504)
      • hosts.exe (PID: 2616)
      • hosts.exe (PID: 2668)
      • hosts.exe (PID: 2832)
      • hosts.exe (PID: 2904)
      • hosts.exe (PID: 2964)
      • HackTool;Win32.crack.exe (PID: 1772)
      • hosts.exe (PID: 3180)
      • hosts.exe (PID: 2392)
      • hosts.exe (PID: 3256)
      • hosts.exe (PID: 3416)
      • hosts.exe (PID: 3564)
      • hosts.exe (PID: 3536)
      • hosts.exe (PID: 3488)
      • hosts.exe (PID: 3936)
      • hosts.exe (PID: 3968)
      • hosts.exe (PID: 2312)
      • hosts.exe (PID: 4076)
      • hosts.exe (PID: 372)
      • hosts.exe (PID: 312)
      • hosts.exe (PID: 692)
      • hosts.exe (PID: 3156)
      • hosts.exe (PID: 2368)
      • hosts.exe (PID: 2196)
      • hosts.exe (PID: 1072)
      • hosts.exe (PID: 3496)
      • hosts.exe (PID: 3160)
      • hosts.exe (PID: 580)
      • wmpnscfg.exe (PID: 2984)
      • hosts.exe (PID: 2480)
      • hosts.exe (PID: 3620)
      • hosts.exe (PID: 3428)
      • hosts.exe (PID: 2624)
      • hosts.exe (PID: 2900)
      • hosts.exe (PID: 3612)
      • hosts.exe (PID: 2064)

    • Checks proxy server information

      • HackTool;Win32.crack.tmp (PID: 1628)

    • Reads the machine GUID from the registry

      • HackTool;Win32.crack.tmp (PID: 1628)
      • hosts.exe (PID: 2656)
      • hosts.exe (PID: 2324)
      • hosts.exe (PID: 2504)
      • hosts.exe (PID: 2616)
      • hosts.exe (PID: 2392)
      • hosts.exe (PID: 2668)
      • hosts.exe (PID: 2964)
      • hosts.exe (PID: 2832)
      • hosts.exe (PID: 2904)
      • hosts.exe (PID: 3180)
      • hosts.exe (PID: 3256)
      • hosts.exe (PID: 3416)
      • hosts.exe (PID: 3564)
      • hosts.exe (PID: 3488)
      • hosts.exe (PID: 3536)
      • hosts.exe (PID: 4076)
      • hosts.exe (PID: 3968)
      • hosts.exe (PID: 2312)
      • hosts.exe (PID: 3936)
      • hosts.exe (PID: 372)
      • hosts.exe (PID: 312)
      • hosts.exe (PID: 692)
      • hosts.exe (PID: 2368)
      • hosts.exe (PID: 2196)
      • hosts.exe (PID: 3156)
      • hosts.exe (PID: 1072)
      • hosts.exe (PID: 3496)
      • hosts.exe (PID: 3160)
      • hosts.exe (PID: 2480)
      • hosts.exe (PID: 3620)
      • hosts.exe (PID: 580)
      • hosts.exe (PID: 2624)
      • hosts.exe (PID: 2900)
      • hosts.exe (PID: 3612)
      • hosts.exe (PID: 3428)
      • hosts.exe (PID: 2064)

    • Reads the computer name

      • FlushFileCache.exe (PID: 2240)
      • HackTool;Win32.crack.tmp (PID: 1628)
      • _iu14D2N.tmp (PID: 2516)
      • hosts.exe (PID: 2656)
      • hosts.exe (PID: 2324)
      • hosts.exe (PID: 2504)
      • hosts.exe (PID: 2616)
      • hosts.exe (PID: 2392)
      • hosts.exe (PID: 2668)
      • hosts.exe (PID: 2832)
      • hosts.exe (PID: 2904)
      • hosts.exe (PID: 2964)
      • hosts.exe (PID: 3180)
      • hosts.exe (PID: 3256)
      • hosts.exe (PID: 3416)
      • hosts.exe (PID: 3564)
      • hosts.exe (PID: 3536)
      • hosts.exe (PID: 3488)
      • hosts.exe (PID: 3936)
      • hosts.exe (PID: 4076)
      • hosts.exe (PID: 3968)
      • hosts.exe (PID: 2312)
      • hosts.exe (PID: 372)
      • hosts.exe (PID: 312)
      • hosts.exe (PID: 692)
      • hosts.exe (PID: 3156)
      • hosts.exe (PID: 2368)
      • hosts.exe (PID: 2196)
      • hosts.exe (PID: 1072)
      • hosts.exe (PID: 3496)
      • wmpnscfg.exe (PID: 2984)
      • hosts.exe (PID: 3160)
      • hosts.exe (PID: 2480)
      • hosts.exe (PID: 3620)
      • hosts.exe (PID: 3428)
      • hosts.exe (PID: 580)
      • hosts.exe (PID: 2624)
      • hosts.exe (PID: 2900)
      • hosts.exe (PID: 3612)
      • hosts.exe (PID: 2064)

    • Create files in a temporary directory

      • unins000.exe (PID: 2532)
      • _iu14D2N.tmp (PID: 2516)
      • HackTool;Win32.crack.tmp (PID: 1628)
      • HackTool;Win32.crack.exe (PID: 1772)

    • Creates a software uninstall entry

      • HackTool;Win32.crack.tmp (PID: 1628)

    • Application launched itself

      • msedge.exe (PID: 960)
      • msedge.exe (PID: 2644)

    • Manual execution by a user

      • msedge.exe (PID: 2644)
      • wmpnscfg.exe (PID: 2984)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (77.7)
.exe | Win32 Executable Delphi generic (10)
.dll | Win32 Dynamic Link Library (generic) (4.6)
.exe | Win32 Executable (generic) (3.1)
.exe | Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:10:02 05:04:04+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 86016
InitializedDataSize: 53760
UninitializedDataSize: -
EntryPoint: 0x16478
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: Red Dead Redemption Setup
FileVersion:
LegalCopyright: FitGirl
ProductName: Red Dead Redemption
ProductVersion:
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
116
Monitored processes
72
Malicious processes
5
Suspicious processes
36

Behavior graph

Click at the process to see the details
start hacktool;win32.crack.exe hacktool;win32.crack.tmp flushfilecache.exe no specs fart.exe no specs fart.exe no specs cmd.exe no specs unins000.exe _iu14d2n.tmp msedge.exe no specs cmd.exe no specs hosts.exe no specs msedge.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe hosts.exe no specs msedge.exe no specs hosts.exe no specs hosts.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs hosts.exe no specs hosts.exe no specs msedge.exe no specs msedge.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs msedge.exe no specs hosts.exe no specs msedge.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs msedge.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs wmpnscfg.exe no specs hosts.exe no specs hosts.exe no specs msedge.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs msedge.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs hacktool;win32.crack.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
312hosts.exe add www.fitgirlpack.site 109.94.209.70 # Fake FitGirl site C:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\hosts.execmd.exe
User:
admin
Company:
Vegalogic Software
Integrity Level:
HIGH
Description:
Hosts Commander
Exit code:
0
Version:
1.6.1.0
Modules
Images
c:\users\admin\appdata\local\temp\is-bnrj6.tmp\hosts.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
372hosts.exe add fitgirlpack.site 109.94.209.70 # Fake FitGirl site C:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\hosts.execmd.exe
User:
admin
Company:
Vegalogic Software
Integrity Level:
HIGH
Description:
Hosts Commander
Exit code:
0
Version:
1.6.1.0
Modules
Images
c:\users\admin\appdata\local\temp\is-bnrj6.tmp\hosts.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
580hosts.exe add www.fitgirl-repacks-site.org 109.94.209.70 # Fake FitGirl site C:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\hosts.execmd.exe
User:
admin
Company:
Vegalogic Software
Integrity Level:
HIGH
Description:
Hosts Commander
Exit code:
0
Version:
1.6.1.0
Modules
Images
c:\users\admin\appdata\local\temp\is-bnrj6.tmp\hosts.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
692hosts.exe add fitgirl-repack.org 109.94.209.70 # Fake FitGirl site C:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\hosts.execmd.exe
User:
admin
Company:
Vegalogic Software
Integrity Level:
HIGH
Description:
Hosts Commander
Exit code:
0
Version:
1.6.1.0
Modules
Images
c:\users\admin\appdata\local\temp\is-bnrj6.tmp\hosts.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
736"C:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\fart.exe" qt-config.txt \ \\C:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\fart.exeHackTool;Win32.crack.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
5
Modules
Images
c:\users\admin\appdata\local\temp\is-bnrj6.tmp\fart.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
948"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1352,i,3461766279509493289,10510786063823245569,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
960"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument http://bit.ly/fitgirl-repacks-siteC:\Program Files\Microsoft\Edge\Application\msedge.exeHackTool;Win32.crack.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
972"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3760 --field-trial-handle=1368,i,17715296986502312282,101373496725605211,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1072hosts.exe add fitgirlrepack.games 109.94.209.70 # Fake FitGirl site C:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\hosts.execmd.exe
User:
admin
Company:
Vegalogic Software
Integrity Level:
HIGH
Description:
Hosts Commander
Exit code:
0
Version:
1.6.1.0
Modules
Images
c:\users\admin\appdata\local\temp\is-bnrj6.tmp\hosts.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1628"C:\Users\admin\AppData\Local\Temp\is-EOEIP.tmp\HackTool;Win32.crack.tmp" /SL5="$3012C,7564513,140800,C:\Users\admin\Desktop\HackTool;Win32.crack.exe" C:\Users\admin\AppData\Local\Temp\is-EOEIP.tmp\HackTool;Win32.crack.tmp
HackTool;Win32.crack.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-eoeip.tmp\hacktool;win32.crack.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
24 036
Read events
23 752
Write events
256
Delete events
28

Modification events

(PID) Process:(1628) HackTool;Win32.crack.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
5C0600000CAD659A7EBFDA01
(PID) Process:(1628) HackTool;Win32.crack.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
FC4E954D1793FE01582C502B83DCBE658D751C5445906B6C83E606FAC0B561CD
(PID) Process:(1628) HackTool;Win32.crack.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(1628) HackTool;Win32.crack.tmpKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\DirectSound\Speaker Configuration
Operation:writeName:Speaker Configuration
Value:
4
(PID) Process:(1628) HackTool;Win32.crack.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(1628) HackTool;Win32.crack.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(1628) HackTool;Win32.crack.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(1628) HackTool;Win32.crack.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
(PID) Process:(1628) HackTool;Win32.crack.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoDetect
Value:
(PID) Process:(1628) HackTool;Win32.crack.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005D010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
56
Suspicious files
123
Text files
114
Unknown types
2

Dropped files

PID
Process
Filename
Type
1628HackTool;Win32.crack.tmpC:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\cls-lollypop.dllexecutable
MD5:0EF04BC15FD1B28975AFF2951B857F03
SHA256:F84677643D9977AA1E8A4AA8C85A12665D29A4E8292485A0B4DF846DD161F824
1628HackTool;Win32.crack.tmpC:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\idp.dllexecutable
MD5:AF555AC9C073F88FE5BF0D677F085025
SHA256:F4FC0187491A9CB89E233197FF72C2405B5EC02E8B8EA640EE68D034DDBC44BB
1772HackTool;Win32.crack.exeC:\Users\admin\AppData\Local\Temp\is-EOEIP.tmp\HackTool;Win32.crack.tmpexecutable
MD5:AE9890548F2FCAB56A4E9AE446F55B3F
SHA256:09AF8004B85478E1ECA09FA4CB5E3081DDDCB2F68A353F3EF6849D92BE47B449
1628HackTool;Win32.crack.tmpC:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\cls-lollypop_x86.exeexecutable
MD5:3527C6739C46F4EE1CFB6B48E1407883
SHA256:724C6E07180E321298B4EA4405C3F7536C524D9826D24F5D6FC50BCB0EF8F723
1628HackTool;Win32.crack.tmpC:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\cls-lollypop_x64.exeexecutable
MD5:5B848A24126F54A2C3C7B7393B536D33
SHA256:2D32C4F4522BC62F63C7949313434F6CA0EAA6B65B44EE5AA8B6B877988B1AA8
1628HackTool;Win32.crack.tmpC:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\cls-magic2_x86.exeexecutable
MD5:7CBE7DB7FC9258B6A43551140C343BB3
SHA256:6EA07AA4F5565AC289402ADE3B2E52BF8089AD6185E0ECF0E1F36CEA39C091A9
1628HackTool;Win32.crack.tmpC:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\cls-magic2_x64.exeexecutable
MD5:7234C4334A7523B1AC6F51C072497071
SHA256:D92F7C60256509F74E36D9B5AAB041FE44999B1A3910D70AA83C9D01F062EA29
1628HackTool;Win32.crack.tmpC:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\cls-magic2.dllexecutable
MD5:9E1E200472D66356A4AE5D597B01DABC
SHA256:87DF573AC240E09EA4941E169FB2D15D5316A1B0E053446B8144E04B1154F061
1628HackTool;Win32.crack.tmpC:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\cls-magic2l_x64.exeexecutable
MD5:7234C4334A7523B1AC6F51C072497071
SHA256:D92F7C60256509F74E36D9B5AAB041FE44999B1A3910D70AA83C9D01F062EA29
1628HackTool;Win32.crack.tmpC:\Users\admin\AppData\Local\Temp\is-BNRJ6.tmp\cls-srep_x86.exeexecutable
MD5:FC7DD2CA9F47D64EDD3B2061CD8DB1B3
SHA256:4004BA624F8CE381C61C82ABA26E246D93E833357930C17CD4B02058EA31FAD4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
65
DNS requests
92
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1628
HackTool;Win32.crack.tmp
HEAD
200
68.232.34.200:80
http://download.visualstudio.microsoft.com/download/pr/9565895b-35a6-434b-a881-11a6f4beec76/EE84FED2552E018E854D4CD2496DF4DD516F30733A27901167B8A9882119E57C/VC_redist.x64.exe
unknown
1628
HackTool;Win32.crack.tmp
HEAD
200
68.232.34.200:80
http://download.visualstudio.microsoft.com/download/pr/9565895b-35a6-434b-a881-11a6f4beec76/4A8157B2FF422C259DDAA2D0E568C0C0AFAB940E1F6E0E482EF83E90DDBAD2D6/VC_redist.x86.exe
unknown
1628
HackTool;Win32.crack.tmp
GET
200
68.232.34.200:80
http://download.visualstudio.microsoft.com/download/pr/9565895b-35a6-434b-a881-11a6f4beec76/4A8157B2FF422C259DDAA2D0E568C0C0AFAB940E1F6E0E482EF83E90DDBAD2D6/VC_redist.x86.exe
unknown
1628
HackTool;Win32.crack.tmp
GET
200
68.232.34.200:80
http://download.visualstudio.microsoft.com/download/pr/9565895b-35a6-434b-a881-11a6f4beec76/EE84FED2552E018E854D4CD2496DF4DD516F30733A27901167B8A9882119E57C/VC_redist.x64.exe
unknown
2948
msedge.exe
GET
301
190.115.31.179:80
http://fitgirl-repacks.site/
unknown
2948
msedge.exe
GET
301
67.199.248.10:80
http://bit.ly/fitgirl-repacks-site
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
unknown
1088
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
unknown
1628
HackTool;Win32.crack.tmp
68.232.34.200:80
download.visualstudio.microsoft.com
EDGECAST
US
unknown
2644
msedge.exe
239.255.255.250:1900
unknown
2948
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2948
msedge.exe
67.199.248.10:80
bit.ly
GOOGLE-CLOUD-PLATFORM
US
unknown
2948
msedge.exe
190.115.31.179:80
fitgirl-repacks.site
DDOS-GUARD CORP.
BZ
unknown
2948
msedge.exe
190.115.31.179:443
fitgirl-repacks.site
DDOS-GUARD CORP.
BZ
unknown
2948
msedge.exe
192.0.76.3:443
stats.wp.com
AUTOMATTIC
US
unknown

DNS requests

Domain
IP
Reputation
download.visualstudio.microsoft.com
  • 68.232.34.200
unknown
config.edge.skype.com
unknown
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
unknown
bit.ly
  • 67.199.248.10
  • 67.199.248.11
unknown
fitgirl-repacks.site
  • 190.115.31.179
unknown
stats.wp.com
  • 192.0.76.3
unknown
i7.imageban.ru
  • 62.109.19.95
unknown
i6.imageban.ru
  • 80.87.200.35
unknown
i4.imageban.ru
  • 37.230.117.113
unknown
i2.imageban.ru
  • 62.109.31.142
unknown

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO EXE - Served Attached HTTP
4 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
HackTool;Win32.crack.exe