File name:

Vision.Crack.exe

Full analysis: https://app.any.run/tasks/77a97d05-7f1e-4e15-9a31-588eee256589
Verdict: Malicious activity
Analysis date: April 06, 2025, 09:23:12
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
themida
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (console) x86-64, for MS Windows, 13 sections
MD5:

DDC7EEAB24A599A4AF71BA47A9F65A81

SHA1:

506AC85647AFB0EE862FB8185994BAC8CFB848A4

SHA256:

E9A9BBB11E3FDC1F121356180D78286CCD5A804F915120C7057A763D77CDD773

SSDEEP:

98304:vs7vcFvpTX1YnkbPaR2d1GywmOHm+FdlOpT87Bk4TQX0jOvHLJ6jSA17Z74uqaRo:BJExct2PpqSzRvffK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads the BIOS version

      • Vision.Crack.exe (PID: 7600)

    • Executable content was dropped or overwritten

      • Vision.Crack.exe (PID: 7600)

  • INFO

    • Process checks whether UAC notifications are on

      • Vision.Crack.exe (PID: 7600)

    • The sample compiled with english language support

      • Vision.Crack.exe (PID: 7600)

    • Checks supported languages

      • Vision.Crack.exe (PID: 7600)

    • Reads CPU info

      • Vision.Crack.exe (PID: 7600)

    • Themida protector has been detected

      • Vision.Crack.exe (PID: 7600)

    • Reads the machine GUID from the registry

      • Vision.Crack.exe (PID: 7600)

    • Reads the computer name

      • Vision.Crack.exe (PID: 7600)

    • Reads the software policy settings

      • slui.exe (PID: 8144)

    • Checks proxy server information

      • slui.exe (PID: 8144)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2025:04:02 17:20:01+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.39
CodeSize: 1291264
InitializedDataSize: 929280
UninitializedDataSize: -
EntryPoint: 0x11930b0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows command line
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
129
Monitored processes
4
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start vision.crack.exe conhost.exe no specs slui.exe vision.crack.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
7504"C:\Users\admin\Desktop\Vision.Crack.exe" C:\Users\admin\Desktop\Vision.Crack.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\vision.crack.exe
c:\windows\system32\ntdll.dll
7600"C:\Users\admin\Desktop\Vision.Crack.exe" C:\Users\admin\Desktop\Vision.Crack.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\desktop\vision.crack.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
7612\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeVision.Crack.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
8144C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
5 158
Read events
5 158
Write events
0
Delete events
0

Modification events

No data
Executable files
4
Suspicious files
3
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
7600Vision.Crack.exeC:\Users\admin\Desktop\libcrypto-3-x64.dllexecutable
MD5:7CB6BE44C97A238FFCB1DD1B8B69BD7C
SHA256:E6916140AB5B9621FC17CCE8B29C76D24FB0DB36F1AAE18C4C053A73FE3592B1
7600Vision.Crack.exeC:\Users\admin\Desktop\zlib1.dllexecutable
MD5:80AAB043C8215360654E05A9F6498E88
SHA256:3FBAC8E857EB26B6D9B476D8E7234B6F14E31EE5F28A02861E0C624CE32CC61F
7600Vision.Crack.exeC:\Users\admin\Desktop\libcurl.dllexecutable
MD5:2C037BF2B85CF1B101B7AB580DACFA73
SHA256:9D785E07566B4324B2D143AB598BA9082695648D478D131BE0805D401AD6CDC7
7600Vision.Crack.exeC:\Users\admin\Desktop\SonarESP.wavbinary
MD5:48CA182A0E87A2FA179483847175EE6A
SHA256:7E185F6375BD7E8D0BE494B06A824DEA99B7F7508FE9EA5FDC8440E1D3F6B897
7600Vision.Crack.exeC:\Users\admin\Desktop\hitsound_1.wavbinary
MD5:DBC2C263FDE2A579BC65D3EA16B972C0
SHA256:B035A1E2D053C40A206F1A375F4D7D23EFD8D341BD7C32044D64B205400D187A
7600Vision.Crack.exeC:\Users\admin\Desktop\libssl-3-x64.dllexecutable
MD5:C3ECF15BD9A67BCE58F178100A921BCE
SHA256:C61983DA90D8AEFC1C8C04F0FC95B8C036C840855FF25A26521A2677707491F4
7600Vision.Crack.exeC:\Users\admin\Desktop\customFont.ttfbinary
MD5:1D84038477421F2CDB62DED83E2046F6
SHA256:298C90B91C908E56E3AE708F094CA76B00A7867318631673CB0CF54961179D43
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
43
DNS requests
15
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
304
4.175.87.197:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
4172
RUXIMICS.exe
GET
200
2.16.164.81:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
40.69.42.241:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
7928
SIHClient.exe
GET
200
2.16.164.73:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
7928
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7928
SIHClient.exe
GET
200
2.16.164.73:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
7928
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
7928
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
7928
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
7928
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4172
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4172
RUXIMICS.exe
2.16.164.81:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
3216
svchost.exe
172.172.255.216:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7600
Vision.Crack.exe
91.242.138.248:443
25648.spain.pearlpvp.net
Visovision S.l.
ES
unknown
7928
SIHClient.exe
20.109.210.53:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7928
SIHClient.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
7928
SIHClient.exe
2.16.164.73:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
google.com
  • 142.250.185.78
whitelisted
crl.microsoft.com
  • 2.16.164.81
  • 2.16.164.25
  • 2.16.164.72
  • 2.16.164.66
  • 2.16.164.106
  • 2.16.164.49
  • 2.16.164.9
  • 2.16.164.89
  • 2.16.164.73
  • 2.16.164.51
  • 2.16.164.32
  • 2.16.164.114
  • 2.16.164.82
whitelisted
client.wns.windows.com
  • 172.172.255.216
  • 20.198.162.76
whitelisted
25648.spain.pearlpvp.net
  • 91.242.138.248
unknown
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 40.69.42.241
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
nexusrules.officeapps.live.com
  • 52.111.229.43
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Vision.Crack.exe