Malware analysis Studio One Keygen.exe Malicious activity

Add for printing

File name:	Studio One Keygen.exe
Full analysis:	https://app.any.run/tasks/46264452-026f-4253-94aa-7b6438aa069c
Verdict:	Malicious activity
Analysis date:	May 11, 2025, 12:39:11
OS:	Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME:	application/vnd.microsoft.portable-executable
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:	546975974D3F70B91E891028711F6C98
SHA1:	9F307F0F34CE24E868604CE42C0864D2C98EF2F0
SHA256:	FBCB9EF393A175B44E4AEC001B4260E004091413340697B66D80B957AE3CD7AC
SSDEEP:	49152:okAsIZ1wIAoJwcbjQBHPk5O9NPOX5SIFspul8Bh8HIm1XHcbfw:oXsqSIJwcYBYO9hOX5Swspueh8HIsyY

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
- There is functionality for taking screenshot (YARA)
  - Studio One Keygen.exe (PID: 7188)
  - keygen.exe (PID: 7232)
- Executable content was dropped or overwritten
  - Studio One Keygen.exe (PID: 7188)
INFO
- Checks supported languages
  - Studio One Keygen.exe (PID: 7188)
  - keygen.exe (PID: 7232)
- Create files in a temporary directory
  - Studio One Keygen.exe (PID: 7188)
  - keygen.exe (PID: 7232)
- Reads the computer name
  - keygen.exe (PID: 7232)
- Manual execution by a user
  - firefox.exe (PID: 8100)
- Checks proxy server information
  - slui.exe (PID: 4528)
- Reads the software policy settings
  - slui.exe (PID: 7332)
  - slui.exe (PID: 4528)
- Application launched itself
  - firefox.exe (PID: 8100)
  - firefox.exe (PID: 8120)
- Reads the machine GUID from the registry
  - keygen.exe (PID: 7232)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win32 Executable MS Visual C++ (generic) (67.4)
.dll	\|	Win32 Dynamic Link Library (generic) (14.2)
.exe	\|	Win32 Executable (generic) (9.7)
.exe	\|	Generic Win/DOS Executable (4.3)
.exe	\|	DOS Executable Generic (4.3)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2021:09:25 21:56:47+00:00
ImageFileCharacteristics:	No relocs, Executable, No line numbers, No symbols, 32-bit
PEType:	PE32
LinkerVersion:	6
CodeSize:	26624
InitializedDataSize:	141824
UninitializedDataSize:	2048
EntryPoint:	0x3640
OSVersion:	4
ImageVersion:	6
SubsystemVersion:	4
Subsystem:	Windows GUI

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

166

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

728

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7316 -childID 17 -isForBrowser -prefsHandle 4532 -prefMapHandle 4640 -prefsLen 31597 -prefMapSize 244583 -jsInitHandle 1536 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a06b8e69-5e2a-48c0-91a9-1602d3d2ce5e} 8120 "\\.\pipe\gecko-crash-server-pipe.8120" 1684c0f4150 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll

776

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7492 -childID 16 -isForBrowser -prefsHandle 6612 -prefMapHandle 6984 -prefsLen 31597 -prefMapSize 244583 -jsInitHandle 1536 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {984fadf2-c4a1-4ee0-b660-5028029aaddf} 8120 "\\.\pipe\gecko-crash-server-pipe.8120" 1684bf97bd0 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\msvcp140.dll

1056

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2768 -childID 1 -isForBrowser -prefsHandle 2828 -prefMapHandle 2316 -prefsLen 31447 -prefMapSize 244583 -jsInitHandle 1536 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff7f3dbe-60d1-46ef-b5fa-9daa9f1c6350} 8120 "\\.\pipe\gecko-crash-server-pipe.8120" 16847798f50 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\vcruntime140_1.dll

1128

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4740 -childID 4 -isForBrowser -prefsHandle 5004 -prefMapHandle 5000 -prefsLen 31243 -prefMapSize 244583 -jsInitHandle 1536 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8f7e86d-57f1-4117-88a1-39796ca8a624} 8120 "\\.\pipe\gecko-crash-server-pipe.8120" 1684cc17a10 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll

1748

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7376 -childID 19 -isForBrowser -prefsHandle 9328 -prefMapHandle 7088 -prefsLen 31597 -prefMapSize 244583 -jsInitHandle 1536 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4a387b3-d8b9-46f7-8108-afeb87243546} 8120 "\\.\pipe\gecko-crash-server-pipe.8120" 1684c4df850 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\crypt32.dll

2192

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2756 -childID 6 -isForBrowser -prefsHandle 5916 -prefMapHandle 5920 -prefsLen 31324 -prefMapSize 244583 -jsInitHandle 1536 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4caf7b2c-7682-4846-acb7-71f379549917} 8120 "\\.\pipe\gecko-crash-server-pipe.8120" 1684dde5690 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Exit code:

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vcruntime140_1.dll

2504

"C:\Users\admin\AppData\Local\Temp\Studio One Keygen.exe"

C:\Users\admin\AppData\Local\Temp\Studio One Keygen.exe

—

explorer.exe

User:

admin

Integrity Level:

MEDIUM

Exit code:

3221226540

Modules

Images
c:\users\admin\appdata\local\temp\studio one keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll

2772

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4660 -childID 5 -isForBrowser -prefsHandle 4928 -prefMapHandle 4840 -prefsLen 31243 -prefMapSize 244583 -jsInitHandle 1536 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c587e32-8d66-4c7a-912e-9ab611d96147} 8120 "\\.\pipe\gecko-crash-server-pipe.8120" 1684da36f50 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll

3768

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6432 -childID 9 -isForBrowser -prefsHandle 6452 -prefMapHandle 6560 -prefsLen 31597 -prefMapSize 244583 -jsInitHandle 1536 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5023fa0c-01fb-430d-aa3f-aa8eb541d1a2} 8120 "\\.\pipe\gecko-crash-server-pipe.8120" 1684bf97a10 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll

3796

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8328 -childID 18 -isForBrowser -prefsHandle 9464 -prefMapHandle 9564 -prefsLen 31597 -prefMapSize 244583 -jsInitHandle 1536 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9732863-9493-42a0-8f21-d06e83823d43} 8120 "\\.\pipe\gecko-crash-server-pipe.8120" 1684c0f44d0 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\crypt32.dll

Add for printing

Total events

39 568

Read events

39 489

Write events

Delete events

Modification events


(PID) Process:	(8120) firefox.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:	write	Name:	C:\Program Files\Mozilla Firefox\firefox.exe
Value: 0
(PID) Process:	(8120) firefox.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\firefox.exe
Operation:	write	Name:	JScriptSetScriptStateStarted
Value: 6D6D110000000000
(PID) Process:	(8120) firefox.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\34\Shell
Operation:	write	Name:	SniffedFolderType
Value: Documents
(PID) Process:	(8120) firefox.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\34\Shell
Operation:	write	Name:	SniffedFolderType
Value: Generic
(PID) Process:	(8120) firefox.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:	write	Name:	NodeSlots
Value: 02020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
(PID) Process:	(8120) firefox.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:	write	Name:	MRUListEx
Value: 04000000030000000E00000000000000100000000F0000000C0000000D0000000B000000050000000A000000090000000800000001000000070000000600000002000000FFFFFFFF
(PID) Process:	(8120) firefox.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4
Operation:	write	Name:	MRUListEx
Value: 010000000000000004000000050000000200000003000000FFFFFFFF
(PID) Process:	(8120) firefox.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:	write	Name:	GlobalAssocChangedCounter
Value: 114
(PID) Process:	(8120) firefox.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
Operation:	write	Name:	LastUpdate
Value: 0D9B206800000000
(PID) Process:	(8120) firefox.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4
Operation:	write	Name:	MRUListEx
Value: 050000000100000000000000040000000200000003000000FFFFFFFF

Add for printing

Executable files

Suspicious files

418

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
7232	keygen.exe	C:\Users\admin\Downloads\studioapp3.pro.license		binary
		MD5:2A48BEEFDFF6A4D3D439F84772A91029	SHA256:C3C637D346339938011A9A071FA5C5CAE14036A1E0EB1D91EBE732C33266A89F
7232	keygen.exe	C:\Users\admin\Downloads\mvploops.studioone.atomicblaze.license		binary
		MD5:37C2CC74DC875FDAAF90D9BE3AC2263C	SHA256:D8967D8B4483C498C5F542A3985E68CF626BC290D1C5B4DE9EA844EA4653829C
7188	Studio One Keygen.exe	C:\Users\admin\AppData\Local\Temp\keygen.exe		executable
		MD5:53D7DA6A889DE0D0B5BEC3A2178C2F50	SHA256:6F860EA1F574AC8804FF1F63A7F1EF9CA30B759D07F94DBA42AC5A24F0956B8F
7188	Studio One Keygen.exe	C:\Users\admin\AppData\Local\Temp\R2RS1KG2.dll		executable
		MD5:90F4D27517ACC223D1698E6D189861E9	SHA256:D53DB9201A4A0BA627F107739398BE8B16E8618D06FA88EED476026A43A4CC6E
7232	keygen.exe	C:\Users\admin\Downloads\mvp.studioone.atomicfuel.license		binary
		MD5:F0C086BA36DB539BD5A544F571C16056	SHA256:262C63B574CDAFEB83B8A10E2092FF1B6685EC7B378C02AC1CDF44D8A43B553B
7232	keygen.exe	C:\Users\admin\AppData\Local\Temp\~DFB0451ECAC89A9B06.TMP		binary
		MD5:DFD2FF2071DA977E7AFD9F6688E70E4C	SHA256:A225D0DDF4A529AD420785164490905035AB1FE8882BE21E0C13FCC15E2BC725
7232	keygen.exe	C:\Users\admin\Downloads\studioapp5.pro.license		text
		MD5:6D7C02804380C4C3444D85DD0BBE7B28	SHA256:6667FCF5BE13C7803E9399820821EC24751A1C7BD5DF8E2D58BA540FEB81B10D
7232	keygen.exe	C:\Users\admin\Downloads\mvploops.studioone.dream.license		binary
		MD5:BFC84F6DC359A080A82BCD357640CE9E	SHA256:9A61E624C4AF6DD252C6733979819665AA1B5FC202736BF494C6E1DE3078565A
7188	Studio One Keygen.exe	C:\Users\admin\AppData\Local\Temp\BASSMOD.dll		executable
		MD5:E4EC57E8508C5C4040383EBE6D367928	SHA256:8AD9E47693E292F381DA42DDC13724A3063040E51C26F4CA8E1F8E2F1DDD547F
7188	Studio One Keygen.exe	C:\Users\admin\AppData\Local\Temp\bgm.xm		binary
		MD5:6D0A27BFAA520C9CBE3807FAB1F7DCE4	SHA256:44B9FE8532CA48D6E6087BE588EC3CD8CEA15FC93B08192C7FB8D151740326A1

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

243

DNS requests

408

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
—	—	GET	200	2.16.168.114:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
7888	SIHClient.exe	GET	200	184.30.21.171:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl	unknown	—	—	whitelisted
8120	firefox.exe	GET	200	34.107.221.82:80	http://detectportal.firefox.com/success.txt?ipv4	unknown	—	—	whitelisted
8120	firefox.exe	GET	200	34.107.221.82:80	http://detectportal.firefox.com/canonical.html	unknown	—	—	whitelisted
8120	firefox.exe	POST	200	142.250.186.35:80	http://o.pki.goog/s/wr3/3H4	unknown	—	—	whitelisted
8120	firefox.exe	POST	200	142.250.186.35:80	http://o.pki.goog/we2	unknown	—	—	whitelisted
8120	firefox.exe	POST	200	142.250.186.35:80	http://o.pki.goog/s/wr3/FIY	unknown	—	—	whitelisted
8120	firefox.exe	POST	200	184.24.77.62:80	http://r10.o.lencr.org/	unknown	—	—	whitelisted
8120	firefox.exe	POST	200	184.24.77.71:80	http://r11.o.lencr.org/	unknown	—	—	whitelisted
7888	SIHClient.exe	GET	200	184.30.21.171:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	whitelisted
2104	svchost.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
—	—	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
—	—	2.16.168.114:80	—	Akamai International B.V.	RU	whitelisted
—	—	2.23.246.101:80	www.microsoft.com	Ooredoo Q.S.C.	QA	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
2112	svchost.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
6544	svchost.exe	20.190.159.0:443	login.live.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
6544	svchost.exe	2.23.77.188:80	ocsp.digicert.com	AKAMAI-AS	DE	whitelisted
2104	svchost.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	51.124.78.146 51.104.136.2	whitelisted
crl.microsoft.com	3.5.64.254 3.5.67.25 52.218.112.136 3.5.71.111 52.92.2.74 3.5.68.126 52.218.36.43 52.92.18.170	whitelisted
www.microsoft.com	2.23.246.101 184.30.21.171	whitelisted
google.com	142.250.185.110	whitelisted
login.live.com	20.190.159.0 20.190.159.75 40.126.31.71 20.190.159.64 40.126.31.69 40.126.31.3 20.190.159.4 40.126.31.1	whitelisted
ocsp.digicert.com	2.23.77.188 2.17.190.73	whitelisted
slscr.update.microsoft.com	172.202.163.200	whitelisted
fe3cr.delivery.mp.microsoft.com	13.85.23.206	whitelisted
detectportal.firefox.com	34.107.221.82	whitelisted
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82 2600:1901:0:38d7::	whitelisted

Threats

PID	Process	Class	Message
2196	svchost.exe	Misc activity	ET FILE_SHARING File Sharing Related Domain in DNS Lookup (wetransfer .com)
2196	svchost.exe	Misc activity	ET FILE_SHARING File Sharing Related Domain in DNS Lookup (wetransfer .com)
8120	firefox.exe	Misc activity	ET FILE_SHARING File Sharing Domain Observed in TLS SNI (wetransfer .com)
8120	firefox.exe	Misc activity	ET FILE_SHARING File Sharing Domain Observed in TLS SNI (wetransfer .com)
2196	svchost.exe	Misc activity	ET FILE_SHARING File Sharing Related Domain in DNS Lookup (wetransfer .com)
2196	svchost.exe	Not Suspicious Traffic	INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
8120	firefox.exe	Misc activity	ET FILE_SHARING File Sharing Domain Observed in TLS SNI (wetransfer .com)
2196	svchost.exe	Misc activity	ET FILE_SHARING File Sharing Related Domain in DNS Lookup (wetransfer .com)
2196	svchost.exe	Misc activity	ET FILE_SHARING File Sharing Related Domain in DNS Lookup (wetransfer .com)
2196	svchost.exe	Misc activity	ET FILE_SHARING File Sharing Related Domain in DNS Lookup (wetransfer .com)

Add for printing

No debug info

General Info

Studio One Keygen.exe

546975974D3F70B91E891028711F6C98

9F307F0F34CE24E868604CE42C0864D2C98EF2F0

FBCB9EF393A175B44E4AEC001B4260E004091413340697B66D80B957AE3CD7AC

49152:okAsIZ1wIAoJwcbjQBHPk5O9NPOX5SIFspul8Bh8HIm1XHcbfw:oXsqSIJwcYBYO9hOX5Swspueh8HIsyY

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

There is functionality for taking screenshot (YARA)

Executable content was dropped or overwritten

INFO

Checks supported languages

Create files in a temporary directory

Reads the computer name

Manual execution by a user

Checks proxy server information

Reads the software policy settings

Application launched itself

Reads the machine GUID from the registry

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings