Malware analysis Studio One Keygen.exe Malicious activity

Add for printing

File name:	Studio One Keygen.exe
Full analysis:	https://app.any.run/tasks/46264452-026f-4253-94aa-7b6438aa069c
Verdict:	Malicious activity
Analysis date:	May 11, 2025, 12:39:11
OS:	Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME:	application/vnd.microsoft.portable-executable
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:	546975974D3F70B91E891028711F6C98
SHA1:	9F307F0F34CE24E868604CE42C0864D2C98EF2F0
SHA256:	FBCB9EF393A175B44E4AEC001B4260E004091413340697B66D80B957AE3CD7AC
SSDEEP:	49152:okAsIZ1wIAoJwcbjQBHPk5O9NPOX5SIFspul8Bh8HIm1XHcbfw:oXsqSIJwcYBYO9hOX5Swspueh8HIsyY

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
- There is functionality for taking screenshot (YARA)
  - Studio One Keygen.exe (PID: 7188)
  - keygen.exe (PID: 7232)
- Executable content was dropped or overwritten
  - Studio One Keygen.exe (PID: 7188)
INFO
- Checks supported languages
  - Studio One Keygen.exe (PID: 7188)
  - keygen.exe (PID: 7232)
- Create files in a temporary directory
  - keygen.exe (PID: 7232)
  - Studio One Keygen.exe (PID: 7188)
- Reads the computer name
  - keygen.exe (PID: 7232)
- Reads the machine GUID from the registry
  - keygen.exe (PID: 7232)
- Application launched itself
  - firefox.exe (PID: 8100)
  - firefox.exe (PID: 8120)
- Manual execution by a user
  - firefox.exe (PID: 8100)
- Reads the software policy settings
  - slui.exe (PID: 7332)
  - slui.exe (PID: 4528)
- Checks proxy server information
  - slui.exe (PID: 4528)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win32 Executable MS Visual C++ (generic) (67.4)
.dll	\|	Win32 Dynamic Link Library (generic) (14.2)
.exe	\|	Win32 Executable (generic) (9.7)
.exe	\|	Generic Win/DOS Executable (4.3)
.exe	\|	DOS Executable Generic (4.3)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2021:09:25 21:56:47+00:00
ImageFileCharacteristics:	No relocs, Executable, No line numbers, No symbols, 32-bit
PEType:	PE32
LinkerVersion:	6
CodeSize:	26624
InitializedDataSize:	141824
UninitializedDataSize:	2048
EntryPoint:	0x3640
OSVersion:	4
ImageVersion:	6
SubsystemVersion:	4
Subsystem:	Windows GUI

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

166

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

728

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7316 -childID 17 -isForBrowser -prefsHandle 4532 -prefMapHandle 4640 -prefsLen 31597 -prefMapSize 244583 -jsInitHandle 1536 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a06b8e69-5e2a-48c0-91a9-1602d3d2ce5e} 8120 "\\.\pipe\gecko-crash-server-pipe.8120" 1684c0f4150 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll

776

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7492 -childID 16 -isForBrowser -prefsHandle 6612 -prefMapHandle 6984 -prefsLen 31597 -prefMapSize 244583 -jsInitHandle 1536 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {984fadf2-c4a1-4ee0-b660-5028029aaddf} 8120 "\\.\pipe\gecko-crash-server-pipe.8120" 1684bf97bd0 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\msvcp140.dll

1056

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2768 -childID 1 -isForBrowser -prefsHandle 2828 -prefMapHandle 2316 -prefsLen 31447 -prefMapSize 244583 -jsInitHandle 1536 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff7f3dbe-60d1-46ef-b5fa-9daa9f1c6350} 8120 "\\.\pipe\gecko-crash-server-pipe.8120" 16847798f50 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\vcruntime140_1.dll

1128

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4740 -childID 4 -isForBrowser -prefsHandle 5004 -prefMapHandle 5000 -prefsLen 31243 -prefMapSize 244583 -jsInitHandle 1536 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8f7e86d-57f1-4117-88a1-39796ca8a624} 8120 "\\.\pipe\gecko-crash-server-pipe.8120" 1684cc17a10 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll

1748

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7376 -childID 19 -isForBrowser -prefsHandle 9328 -prefMapHandle 7088 -prefsLen 31597 -prefMapSize 244583 -jsInitHandle 1536 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4a387b3-d8b9-46f7-8108-afeb87243546} 8120 "\\.\pipe\gecko-crash-server-pipe.8120" 1684c4df850 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\crypt32.dll

2192

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2756 -childID 6 -isForBrowser -prefsHandle 5916 -prefMapHandle 5920 -prefsLen 31324 -prefMapSize 244583 -jsInitHandle 1536 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4caf7b2c-7682-4846-acb7-71f379549917} 8120 "\\.\pipe\gecko-crash-server-pipe.8120" 1684dde5690 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Exit code:

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vcruntime140_1.dll

2504

"C:\Users\admin\AppData\Local\Temp\Studio One Keygen.exe"

C:\Users\admin\AppData\Local\Temp\Studio One Keygen.exe

—

explorer.exe

User:

admin

Integrity Level:

MEDIUM

Exit code:

3221226540

Modules

Images
c:\users\admin\appdata\local\temp\studio one keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll

2772

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4660 -childID 5 -isForBrowser -prefsHandle 4928 -prefMapHandle 4840 -prefsLen 31243 -prefMapSize 244583 -jsInitHandle 1536 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c587e32-8d66-4c7a-912e-9ab611d96147} 8120 "\\.\pipe\gecko-crash-server-pipe.8120" 1684da36f50 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll

3768

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6432 -childID 9 -isForBrowser -prefsHandle 6452 -prefMapHandle 6560 -prefsLen 31597 -prefMapSize 244583 -jsInitHandle 1536 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5023fa0c-01fb-430d-aa3f-aa8eb541d1a2} 8120 "\\.\pipe\gecko-crash-server-pipe.8120" 1684bf97a10 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll

3796

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8328 -childID 18 -isForBrowser -prefsHandle 9464 -prefMapHandle 9564 -prefsLen 31597 -prefMapSize 244583 -jsInitHandle 1536 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9732863-9493-42a0-8f21-d06e83823d43} 8120 "\\.\pipe\gecko-crash-server-pipe.8120" 1684c0f44d0 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\crypt32.dll

Add for printing

Total events

39 568

Read events

39 489

Write events

Delete events

Modification events


(PID) Process:	(8120) firefox.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:	write	Name:	C:\Program Files\Mozilla Firefox\firefox.exe
Value: 0
(PID) Process:	(8120) firefox.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\firefox.exe
Operation:	write	Name:	JScriptSetScriptStateStarted
Value: 6D6D110000000000
(PID) Process:	(8120) firefox.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\34\Shell
Operation:	write	Name:	SniffedFolderType
Value: Documents
(PID) Process:	(8120) firefox.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\34\Shell
Operation:	write	Name:	SniffedFolderType
Value: Generic
(PID) Process:	(8120) firefox.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:	write	Name:	NodeSlots
Value: 02020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
(PID) Process:	(8120) firefox.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:	write	Name:	MRUListEx
Value: 04000000030000000E00000000000000100000000F0000000C0000000D0000000B000000050000000A000000090000000800000001000000070000000600000002000000FFFFFFFF
(PID) Process:	(8120) firefox.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4
Operation:	write	Name:	MRUListEx
Value: 010000000000000004000000050000000200000003000000FFFFFFFF
(PID) Process:	(8120) firefox.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:	write	Name:	GlobalAssocChangedCounter
Value: 114
(PID) Process:	(8120) firefox.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
Operation:	write	Name:	LastUpdate
Value: 0D9B206800000000
(PID) Process:	(8120) firefox.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4
Operation:	write	Name:	MRUListEx
Value: 050000000100000000000000040000000200000003000000FFFFFFFF

Add for printing

Executable files

Suspicious files

418

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
7232	keygen.exe	C:\Users\admin\Downloads\studioapp2.pro.license		binary
		MD5:C730F1A7E707564525D2771B529D0051	SHA256:F69EE57CB0FC7C34B589C641A0B17DC8A8F94424E464BAA1DADE25B40941D8DA
7188	Studio One Keygen.exe	C:\Users\admin\AppData\Local\Temp\BASSMOD.dll		executable
		MD5:E4EC57E8508C5C4040383EBE6D367928	SHA256:8AD9E47693E292F381DA42DDC13724A3063040E51C26F4CA8E1F8E2F1DDD547F
7188	Studio One Keygen.exe	C:\Users\admin\AppData\Local\Temp\keygen.exe		executable
		MD5:53D7DA6A889DE0D0B5BEC3A2178C2F50	SHA256:6F860EA1F574AC8804FF1F63A7F1EF9CA30B759D07F94DBA42AC5A24F0956B8F
7232	keygen.exe	C:\Users\admin\Downloads\studioapp4.pro.license		binary
		MD5:53A44758C4512AC30720E5AF118EA883	SHA256:C4C0E721B6B32264EA7A72678A45DE83C4AD0120ABB40D5853E6B325D123E6E8
7188	Studio One Keygen.exe	C:\Users\admin\AppData\Local\Temp\bgm.xm		binary
		MD5:6D0A27BFAA520C9CBE3807FAB1F7DCE4	SHA256:44B9FE8532CA48D6E6087BE588EC3CD8CEA15FC93B08192C7FB8D151740326A1
7188	Studio One Keygen.exe	C:\Users\admin\AppData\Local\Temp\R2RS1KG2.dll		executable
		MD5:90F4D27517ACC223D1698E6D189861E9	SHA256:D53DB9201A4A0BA627F107739398BE8B16E8618D06FA88EED476026A43A4CC6E
7232	keygen.exe	C:\Users\admin\Downloads\mvploops.studioone.4forty.license		binary
		MD5:730C07E87A68904CF0E73A546F23B044	SHA256:E5896E0B0AC69DD6530FB1C2425A77E82AD7744C5225AF79BB5E04B7A8F30F87
7232	keygen.exe	C:\Users\admin\Downloads\studioapp3.pro.license		binary
		MD5:2A48BEEFDFF6A4D3D439F84772A91029	SHA256:C3C637D346339938011A9A071FA5C5CAE14036A1E0EB1D91EBE732C33266A89F
7232	keygen.exe	C:\Users\admin\Downloads\presonushub.license		binary
		MD5:F209A345513AA2330C4B8156CDB95F29	SHA256:27332B6BEDCBA6E590301270BAD2EAEABB5C86D0A35765253E6121B12A77A4ED
7232	keygen.exe	C:\Users\admin\Downloads\mvp.studioone.atomicfuel.license		binary
		MD5:F0C086BA36DB539BD5A544F571C16056	SHA256:262C63B574CDAFEB83B8A10E2092FF1B6685EC7B378C02AC1CDF44D8A43B553B

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

243

DNS requests

408

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
—	—	GET	200	2.16.168.114:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
6544	svchost.exe	GET	200	2.23.77.188:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
—	—	GET	200	2.23.246.101:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
7888	SIHClient.exe	GET	200	184.30.21.171:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl	unknown	—	—	whitelisted
7888	SIHClient.exe	GET	200	184.30.21.171:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl	unknown	—	—	whitelisted
8120	firefox.exe	POST	200	142.250.186.35:80	http://o.pki.goog/we2	unknown	—	—	whitelisted
8120	firefox.exe	GET	200	34.107.221.82:80	http://detectportal.firefox.com/success.txt?ipv4	unknown	—	—	whitelisted
8120	firefox.exe	GET	200	34.107.221.82:80	http://detectportal.firefox.com/canonical.html	unknown	—	—	whitelisted
8120	firefox.exe	POST	200	142.250.186.35:80	http://o.pki.goog/s/wr3/3H4	unknown	—	—	whitelisted
8120	firefox.exe	POST	200	184.24.77.71:80	http://r11.o.lencr.org/	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	whitelisted
2104	svchost.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
—	—	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
—	—	2.16.168.114:80	—	Akamai International B.V.	RU	whitelisted
—	—	2.23.246.101:80	www.microsoft.com	Ooredoo Q.S.C.	QA	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
2112	svchost.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
6544	svchost.exe	20.190.159.0:443	login.live.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
6544	svchost.exe	2.23.77.188:80	ocsp.digicert.com	AKAMAI-AS	DE	whitelisted
2104	svchost.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	51.124.78.146 51.104.136.2	whitelisted
crl.microsoft.com	3.5.64.254 3.5.67.25 52.218.112.136 3.5.71.111 52.92.2.74 3.5.68.126 52.218.36.43 52.92.18.170	whitelisted
www.microsoft.com	2.23.246.101 184.30.21.171	whitelisted
google.com	142.250.185.110	whitelisted
login.live.com	20.190.159.0 20.190.159.75 40.126.31.71 20.190.159.64 40.126.31.69 40.126.31.3 20.190.159.4 40.126.31.1	whitelisted
ocsp.digicert.com	2.23.77.188 2.17.190.73	whitelisted
slscr.update.microsoft.com	172.202.163.200	whitelisted
fe3cr.delivery.mp.microsoft.com	13.85.23.206	whitelisted
detectportal.firefox.com	34.107.221.82	whitelisted
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82 2600:1901:0:38d7::	whitelisted

Threats

PID	Process	Class	Message
2196	svchost.exe	Misc activity	ET FILE_SHARING File Sharing Related Domain in DNS Lookup (wetransfer .com)
2196	svchost.exe	Misc activity	ET FILE_SHARING File Sharing Related Domain in DNS Lookup (wetransfer .com)
8120	firefox.exe	Misc activity	ET FILE_SHARING File Sharing Domain Observed in TLS SNI (wetransfer .com)
8120	firefox.exe	Misc activity	ET FILE_SHARING File Sharing Domain Observed in TLS SNI (wetransfer .com)
2196	svchost.exe	Misc activity	ET FILE_SHARING File Sharing Related Domain in DNS Lookup (wetransfer .com)
2196	svchost.exe	Not Suspicious Traffic	INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
8120	firefox.exe	Misc activity	ET FILE_SHARING File Sharing Domain Observed in TLS SNI (wetransfer .com)
2196	svchost.exe	Misc activity	ET FILE_SHARING File Sharing Related Domain in DNS Lookup (wetransfer .com)
2196	svchost.exe	Misc activity	ET FILE_SHARING File Sharing Related Domain in DNS Lookup (wetransfer .com)
2196	svchost.exe	Misc activity	ET FILE_SHARING File Sharing Related Domain in DNS Lookup (wetransfer .com)

Add for printing

No debug info

General Info

Studio One Keygen.exe

546975974D3F70B91E891028711F6C98

9F307F0F34CE24E868604CE42C0864D2C98EF2F0

FBCB9EF393A175B44E4AEC001B4260E004091413340697B66D80B957AE3CD7AC

49152:okAsIZ1wIAoJwcbjQBHPk5O9NPOX5SIFspul8Bh8HIm1XHcbfw:oXsqSIJwcYBYO9hOX5Swspueh8HIsyY

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

There is functionality for taking screenshot (YARA)

Executable content was dropped or overwritten

INFO

Checks supported languages

Create files in a temporary directory

Reads the computer name

Reads the machine GUID from the registry

Application launched itself

Manual execution by a user

Reads the software policy settings

Checks proxy server information

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings