File name:

Stardock.Curtains-1.19.1.exe

Full analysis: https://app.any.run/tasks/4a915420-bb04-40ec-9c7e-c68972584205
Verdict: Malicious activity
Analysis date: April 29, 2025, 21:11:26
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

1E81138E7C931BE46628A3E346A64D02

SHA1:

4EAD8016C3EE255F1557F1004F17C9CFE9A8B609

SHA256:

FD4447512E616F7B9B72889FB32012C7E80BB32744E9220932EF006D55006A02

SSDEEP:

786432:LnxtjAmOaFIeL8Hhi3zi9Z3Tv6VPqxy86xXId1ESm:Ln/sQFvehSO91v6ViXJdw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • CurtainsSrv64.exe (PID: 6724)
      • comp.exe (PID: 5728)
      • CurtainsSrv64.exe (PID: 5332)
      • Curtains64.exe (PID: 2568)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Stardock.Curtains-1.19.1.exe (PID: 3020)
      • comp.exe (PID: 5728)
      • install.exe (PID: 5228)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Stardock.Curtains-1.19.1.exe (PID: 3020)
      • install.exe (PID: 5228)

    • The process creates files with name similar to system file names

      • Stardock.Curtains-1.19.1.exe (PID: 3020)
      • install.exe (PID: 5228)

    • There is functionality for taking screenshot (YARA)

      • Stardock.Curtains-1.19.1.exe (PID: 3020)

    • Executes as Windows Service

      • CurtainsSrv64.exe (PID: 5332)

    • Reads security settings of Internet Explorer

      • CurtainsConfig.exe (PID: 516)
      • Stardock.Curtains-1.19.1.exe (PID: 3020)

    • Drops 7-zip archiver for unpacking

      • Stardock.Curtains-1.19.1.exe (PID: 3020)

    • Creates a software uninstall entry

      • Stardock.Curtains-1.19.1.exe (PID: 3020)
      • install.exe (PID: 5228)

  • INFO

    • The sample compiled with russian language support

      • Stardock.Curtains-1.19.1.exe (PID: 3020)

    • Reads the computer name

      • Stardock.Curtains-1.19.1.exe (PID: 3020)
      • CurtainsSrv64.exe (PID: 6724)
      • CurtainsSrv64.exe (PID: 5332)
      • CurtainsConfig.exe (PID: 516)
      • comp.exe (PID: 5728)
      • identity_helper.exe (PID: 7244)
      • Curtains64.exe (PID: 2568)

    • Checks supported languages

      • Stardock.Curtains-1.19.1.exe (PID: 3020)
      • CurtainsSrv64.exe (PID: 6724)
      • CurtainsSrv64.exe (PID: 5332)
      • Curtains64.exe (PID: 2568)
      • comp.exe (PID: 5728)
      • CurtainsConfig.exe (PID: 516)
      • install.exe (PID: 5228)
      • identity_helper.exe (PID: 7244)

    • Create files in a temporary directory

      • Stardock.Curtains-1.19.1.exe (PID: 3020)
      • comp.exe (PID: 5728)
      • install.exe (PID: 5228)

    • Creates files in the program directory

      • Stardock.Curtains-1.19.1.exe (PID: 3020)
      • CurtainsConfig.exe (PID: 516)
      • install.exe (PID: 5228)

    • The sample compiled with english language support

      • Stardock.Curtains-1.19.1.exe (PID: 3020)
      • comp.exe (PID: 5728)
      • install.exe (PID: 5228)

    • Process checks computer location settings

      • CurtainsConfig.exe (PID: 516)

    • Reads the machine GUID from the registry

      • CurtainsConfig.exe (PID: 516)

    • Reads the software policy settings

      • CurtainsConfig.exe (PID: 516)
      • slui.exe (PID: 7648)

    • Creates files or folders in the user directory

      • CurtainsConfig.exe (PID: 516)

    • Application launched itself

      • msedge.exe (PID: 6724)
      • msedge.exe (PID: 732)

    • Manual execution by a user

      • msedge.exe (PID: 732)
      • msedge.exe (PID: 7724)

    • Checks proxy server information

      • slui.exe (PID: 7648)
      • CurtainsConfig.exe (PID: 516)

    • Reads Environment values

      • identity_helper.exe (PID: 7244)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (94.8)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.5)
.exe | Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:12:05 22:50:46+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23552
InitializedDataSize: 119808
UninitializedDataSize: 1024
EntryPoint: 0x323c
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.19.1.0
ProductVersionNumber: 1.19.1.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Russian
CharacterSet: Windows, Cyrillic
CompanyName: diakov.net
FileDescription: Stardock Curtains 1.19.1
FileVersion: 1.19.1.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
193
Monitored processes
63
Malicious processes
3
Suspicious processes
3

Behavior graph

Click at the process to see the details
start stardock.curtains-1.19.1.exe curtainssrv64.exe no specs conhost.exe no specs curtainssrv64.exe no specs curtains64.exe no specs curtainsconfig.exe comp.exe install.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs stardock.curtains-1.19.1.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
300"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1980 --field-trial-handle=1984,i,8296253488115697041,10216885817990531248,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
444"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4804 --field-trial-handle=2356,i,8854271808391290648,6744296379773351326,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
516"C:\Program Files (x86)\Stardock\Curtains\CurtainsConfig.exe" INSTALLC:\Program Files (x86)\Stardock\Curtains\CurtainsConfig.exe
Stardock.Curtains-1.19.1.exe
User:
admin
Company:
Stardock Software, Inc
Integrity Level:
HIGH
Description:
Stardock Curtains™ Configuration App
Exit code:
0
Version:
1.1.9.1
Modules
Images
c:\program files (x86)\stardock\curtains\curtainsconfig.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
732"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate --single-argument http://diakov.net/C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1168"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2348 --field-trial-handle=2356,i,8854271808391290648,6744296379773351326,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1328"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=7220 --field-trial-handle=2356,i,8854271808391290648,6744296379773351326,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1804"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x298,0x29c,0x2a0,0x290,0x288,0x7ffc88945fd8,0x7ffc88945fe4,0x7ffc88945ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2140"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6224 --field-trial-handle=2356,i,8854271808391290648,6744296379773351326,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
2288"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6500 --field-trial-handle=2356,i,8854271808391290648,6744296379773351326,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2332"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=8128 --field-trial-handle=2356,i,8854271808391290648,6744296379773351326,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
13 041
Read events
12 978
Write events
63
Delete events
0

Modification events

(PID) Process:(516) CurtainsConfig.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CurtainsStyle
Operation:writeName:Treatment
Value:
3
(PID) Process:(516) CurtainsConfig.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.CurtainsStyle
Operation:writeName:Treatment
Value:
3
(PID) Process:(3020) Stardock.Curtains-1.19.1.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Curtains 1.19.1
Operation:writeName:DisplayName
Value:
Stardock Curtains 1.19.1
(PID) Process:(3020) Stardock.Curtains-1.19.1.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Curtains 1.19.1
Operation:writeName:UninstallPath
Value:
C:\Program Files (x86)\Stardock\Curtains
(PID) Process:(3020) Stardock.Curtains-1.19.1.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Curtains 1.19.1
Operation:writeName:UninstallString
Value:
C:\Program Files (x86)\Stardock\Curtains\Óäàëèòü CurtainsConfig.exe
(PID) Process:(3020) Stardock.Curtains-1.19.1.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Curtains 1.19.1
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\Stardock\Curtains\CurtainsConfig.exe
(PID) Process:(5228) install.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\joiapjkjgbcljoopaenlplkfapolkdhp
Operation:writeName:version
Value:
0.2
(PID) Process:(5228) install.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\joiapjkjgbcljoopaenlplkfapolkdhp
Operation:writeName:update_url
Value:
https://clients2.google.com/service/update2/crx
(PID) Process:(5228) install.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\Extensions\joiapjkjgbcljoopaenlplkfapolkdhp
Operation:writeName:version
Value:
0.2
(PID) Process:(5228) install.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\Extensions\joiapjkjgbcljoopaenlplkfapolkdhp
Operation:writeName:update_url
Value:
https://clients2.google.com/service/update2/crx
Executable files
40
Suspicious files
419
Text files
412
Unknown types
1

Dropped files

PID
Process
Filename
Type
3020Stardock.Curtains-1.19.1.exeC:\Users\admin\AppData\Local\Temp\nskDB70.tmp\LangDLL.dllexecutable
MD5:D6D8ADDFEA0EE1BBA9B841E3BEC0B5CD
SHA256:CCB76172C2565356A838D7867A51E021478FED4D83EB41FE1DBB703F8EFA28F9
3020Stardock.Curtains-1.19.1.exeC:\Users\admin\AppData\Local\Temp\nskDB70.tmp\modern-header.bmpimage
MD5:F8E7AB77289975C89F0D2645EE4AD5B8
SHA256:F9EAACEE6D290D2862D485CE49AA040DBD91C4A38537DEC19AC617A95AC1E0DD
3020Stardock.Curtains-1.19.1.exeC:\Users\admin\AppData\Local\Temp\nskDB70.tmp\modern-wizard.bmpimage
MD5:F4C43843C50610F4A3AE73DD12333F15
SHA256:3655210CF6E26754171F24680238DABE838EFB1B49B095F11DA48509DB71AB4C
3020Stardock.Curtains-1.19.1.exeC:\Users\admin\AppData\Local\Temp\nskDB70.tmp\Aero.dllexecutable
MD5:5155E506B908B41E113BBD7C10D4082F
SHA256:9BBBDD180DAC3CF4CE36CBC12BD862CDD00880D87027395F92EDE5476D1F0DD0
3020Stardock.Curtains-1.19.1.exeC:\Users\admin\AppData\Local\Temp\nskDB70.tmp\BrandingURL.dllexecutable
MD5:71C46B663BAA92AD941388D082AF97E7
SHA256:BB2B9C272B8B66BC1B414675C2ACBA7AFAD03FFF66A63BABEE3EE57ED163D19E
3020Stardock.Curtains-1.19.1.exeC:\Program Files (x86)\Stardock\Curtains\Curtains64.exeexecutable
MD5:4F41D24015EE73B97E422EF48D231359
SHA256:2AC014174244A708928DD4DA9F276DDF0497820366E644D3EF54052E4F13E8D6
3020Stardock.Curtains-1.19.1.exeC:\Program Files (x86)\Stardock\Curtains\CurtainsSrv64.exeexecutable
MD5:A5EED5D4F477B00F2AA6FA6608A6EB30
SHA256:8174427469F34123889D40982B1A702A1518157A394D30CCCCA1D4BEB0131A8B
3020Stardock.Curtains-1.19.1.exeC:\Program Files (x86)\Stardock\Curtains\Curtains64.dllexecutable
MD5:EBB1BB3837CD02FEFD5B62A1B7767BD2
SHA256:946FF529BE30162525318FF457E8626C6A4E57086B076CCF2E1BEA3104B0ECD7
3020Stardock.Curtains-1.19.1.exeC:\Users\admin\AppData\Local\Temp\nskDB70.tmp\nsDialogs.dllexecutable
MD5:C10E04DD4AD4277D5ADC951BB331C777
SHA256:E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
3020Stardock.Curtains-1.19.1.exeC:\Program Files (x86)\Stardock\Curtains\SdAppServices.dllexecutable
MD5:AAF09269D1C79688E367D74EE3223A02
SHA256:58668FBAE060499356538FFE50EC734C6779A8913EEF4011A0D63E91E400D318
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
107
TCP/UDP connections
226
DNS requests
198
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
23.216.77.22:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
516
CurtainsConfig.exe
GET
200
184.30.131.114:80
http://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141%2Fl2SWCyYX308B7Khio%3D
unknown
whitelisted
516
CurtainsConfig.exe
GET
200
184.30.131.114:80
http://s1.symcb.com/pca3-g5.crl
unknown
whitelisted
516
CurtainsConfig.exe
GET
200
184.30.131.114:80
http://sv.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQe6LNDJdqx%2BJOp7hVgTeaGFJ%2FCQgQUljtT8Hkzl699g%2B8uK8zKt4YecmYCEAwWPEokOLA6Q%2BFw9IO3uMg%3D
unknown
whitelisted
516
CurtainsConfig.exe
GET
200
184.30.131.114:80
http://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141%2Fl2SWCyYX308B7Khio%3D
unknown
whitelisted
516
CurtainsConfig.exe
GET
200
184.30.131.114:80
http://sv.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQe6LNDJdqx%2BJOp7hVgTeaGFJ%2FCQgQUljtT8Hkzl699g%2B8uK8zKt4YecmYCEAwWPEokOLA6Q%2BFw9IO3uMg%3D
unknown
whitelisted
GET
304
172.202.163.200:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
516
CurtainsConfig.exe
GET
200
184.30.131.114:80
http://sv.symcb.com/sv.crl
unknown
whitelisted
1328
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2104
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
2104
svchost.exe
23.216.77.22:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
6544
svchost.exe
40.126.31.131:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
516
CurtainsConfig.exe
184.30.131.114:80
s2.symcb.com
AKAMAI-AS
US
whitelisted
4
System
192.168.100.255:137
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
whitelisted
google.com
  • 216.58.206.78
whitelisted
client.wns.windows.com
  • 172.211.123.250
  • 172.211.123.249
whitelisted
crl.microsoft.com
  • 23.216.77.22
  • 23.216.77.19
  • 23.216.77.21
  • 23.216.77.35
  • 23.216.77.28
  • 23.216.77.31
  • 23.216.77.26
  • 23.216.77.25
  • 23.216.77.15
  • 23.216.77.30
  • 23.216.77.8
  • 23.216.77.41
  • 23.216.77.38
  • 23.216.77.42
  • 23.216.77.36
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
login.live.com
  • 40.126.31.131
  • 40.126.31.71
  • 20.190.159.71
  • 20.190.159.130
  • 40.126.31.130
  • 20.190.159.2
  • 40.126.31.69
  • 40.126.31.3
whitelisted
s2.symcb.com
  • 184.30.131.114
whitelisted
s1.symcb.com
  • 184.30.131.114
whitelisted
sv.symcd.com
  • 184.30.131.114
whitelisted
sv.symcb.com
  • 184.30.131.114
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO Possible Chrome Plugin install
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Stardock.Curtains-1.19.1.exe