File name:

GenP 3.4.14.0 - Release Edition - Hotfix.zip

Full analysis: https://app.any.run/tasks/04c606d7-f66a-413d-9646-35368d4c3bc0
Verdict: Malicious activity
Analysis date: August 05, 2024, 10:08:37
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

9A04686078C73AE8A0FA82685917DA30

SHA1:

7A7F230565CBFABC03C7F64717D5D592C3656B6D

SHA256:

165C93E7500820E1C76E9F7DDFCB35CA4436AFE320F9B6C5D85FB157EDEA85B9

SSDEEP:

98304:m3bUfiHTGngceb6l6VJYdl/y5SB67a7kvndzsr5SPbmMYzewnHvGzwm1irJcv/fA:erR20y

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 6408)
      • Creative_Cloud_Set-Up.exe (PID: 2468)

    • Scans artifacts that could help determine the target

      • Creative_Cloud_Set-Up.exe (PID: 6712)

    • Registers / Runs the DLL via REGSVR32.EXE

      • Creative Cloud Desktop App.exe (PID: 2064)

    • Changes the autorun value in the registry

      • Creative_Cloud_Set-Up.exe (PID: 2468)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • Creative_Cloud_Set-Up.exe (PID: 2468)
      • GenP-3.4.14.0.exe (PID: 1372)

    • Reads Microsoft Outlook installation path

      • Creative_Cloud_Set-Up.exe (PID: 6712)

    • Reads Internet Explorer settings

      • Creative_Cloud_Set-Up.exe (PID: 6712)

    • Changes Internet Explorer settings (feature browser emulation)

      • Creative_Cloud_Set-Up.exe (PID: 6712)

    • Checks Windows Trust Settings

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • Creative_Cloud_Set-Up.exe (PID: 2468)

    • Reads the date of Windows installation

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • GenP-3.4.14.0.exe (PID: 1372)

    • Application launched itself

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • GenP-3.4.14.0.exe (PID: 1372)

    • Adds/modifies Windows certificates

      • Creative_Cloud_Set-Up.exe (PID: 6712)

    • Executable content was dropped or overwritten

      • Creative_Cloud_Set-Up.exe (PID: 2468)

    • The process drops C-runtime libraries

      • Creative_Cloud_Set-Up.exe (PID: 2468)

    • Drops 7-zip archiver for unpacking

      • Creative_Cloud_Set-Up.exe (PID: 2468)

    • Process drops legitimate windows executable

      • Creative_Cloud_Set-Up.exe (PID: 2468)

    • Uses ICACLS.EXE to modify access control lists

      • AdobeIPCBrokerCustomHook.exe (PID: 1172)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 7296)
      • regsvr32.exe (PID: 7848)

  • INFO

    • Creates files or folders in the user directory

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • Creative_Cloud_Set-Up.exe (PID: 2468)
      • UPICustomHook.exe (PID: 7820)

    • Process checks whether UAC notifications are on

      • Creative_Cloud_Set-Up.exe (PID: 6712)

    • Reads CPU info

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • Creative_Cloud_Set-Up.exe (PID: 2468)

    • Process checks Internet Explorer phishing filters

      • Creative_Cloud_Set-Up.exe (PID: 6712)

    • Checks supported languages

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • Creative_Cloud_Set-Up.exe (PID: 2468)
      • TextInputHost.exe (PID: 7736)
      • identity_helper.exe (PID: 5484)
      • identity_helper.exe (PID: 7820)
      • GenP-3.4.14.0.exe (PID: 1372)
      • GenP-3.4.14.0.exe (PID: 7652)
      • NSudoLG.exe (PID: 7796)
      • GenP-3.4.14.0.exe (PID: 7292)
      • AdobeIPCBrokerCustomHook.exe (PID: 3372)
      • RuntimeCustomHook.exe (PID: 6740)
      • ADSCustomHook.exe (PID: 7812)
      • AdobeIPCBrokerCustomHook.exe (PID: 1172)
      • HDCoreCustomHook.exe (PID: 6264)
      • gccustomhook.exe (PID: 6804)
      • UPICustomHook.exe (PID: 7820)
      • Creative Cloud Desktop App.exe (PID: 2064)

    • Checks proxy server information

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • Creative_Cloud_Set-Up.exe (PID: 2468)

    • Reads the computer name

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • Creative_Cloud_Set-Up.exe (PID: 2468)
      • identity_helper.exe (PID: 7820)
      • TextInputHost.exe (PID: 7736)
      • identity_helper.exe (PID: 5484)
      • GenP-3.4.14.0.exe (PID: 1372)
      • GenP-3.4.14.0.exe (PID: 7652)
      • NSudoLG.exe (PID: 7796)
      • GenP-3.4.14.0.exe (PID: 7292)
      • UPICustomHook.exe (PID: 7820)

    • Reads the machine GUID from the registry

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • Creative_Cloud_Set-Up.exe (PID: 2468)
      • UPICustomHook.exe (PID: 7820)

    • Manual execution by a user

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • GenP-3.4.14.0.exe (PID: 1372)

    • UPX packer has been detected

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • Creative_Cloud_Set-Up.exe (PID: 2468)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6408)

    • Create files in a temporary directory

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • Creative_Cloud_Set-Up.exe (PID: 2468)
      • GenP-3.4.14.0.exe (PID: 7652)
      • AdobeIPCBrokerCustomHook.exe (PID: 3372)
      • AdobeIPCBrokerCustomHook.exe (PID: 1172)
      • gccustomhook.exe (PID: 6804)
      • UPICustomHook.exe (PID: 7820)

    • Reads the software policy settings

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • Creative_Cloud_Set-Up.exe (PID: 2468)
      • UPICustomHook.exe (PID: 7820)

    • Process checks computer location settings

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • GenP-3.4.14.0.exe (PID: 1372)

    • Application launched itself

      • msedge.exe (PID: 5588)
      • msedge.exe (PID: 7896)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 5588)
      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • msedge.exe (PID: 7896)

    • Reads Environment values

      • identity_helper.exe (PID: 7820)
      • identity_helper.exe (PID: 5484)

    • Reads mouse settings

      • GenP-3.4.14.0.exe (PID: 1372)
      • GenP-3.4.14.0.exe (PID: 7652)
      • GenP-3.4.14.0.exe (PID: 7292)

    • Creates files in the program directory

      • Creative_Cloud_Set-Up.exe (PID: 2468)
      • ADSCustomHook.exe (PID: 7812)
      • HDCoreCustomHook.exe (PID: 6264)
      • UPICustomHook.exe (PID: 7820)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2024:07:31 00:50:36
ZipCRC: 0x3fc121cf
ZipCompressedSize: 2073
ZipUncompressedSize: 7388
ZipFileName: config.ini
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
224
Monitored processes
88
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe THREAT creative_cloud_set-up.exe THREAT creative_cloud_set-up.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs textinputhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs genp-3.4.14.0.exe no specs genp-3.4.14.0.exe nsudolg.exe no specs genp-3.4.14.0.exe adobeipcbrokercustomhook.exe no specs conhost.exe no specs runtimecustomhook.exe no specs conhost.exe no specs adobeipcbrokercustomhook.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs adscustomhook.exe no specs hdcorecustomhook.exe no specs conhost.exe no specs gccustomhook.exe no specs upicustomhook.exe conhost.exe no specs creative cloud desktop app.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
812"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2464,i,12833114605620447108,11837306582362440999,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
872C:\WINDOWS\system32\icacls.exe "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe" /setintegritylevel mediumC:\Windows\SysWOW64\icacls.exeAdobeIPCBrokerCustomHook.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\icacls.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
904"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7752 --field-trial-handle=2464,i,12833114605620447108,11837306582362440999,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1172"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\customhook\AdobeIPCBrokerCustomhook.exe" -install C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\customhook\AdobeIPCBrokerCustomHook.exeCreative_Cloud_Set-Up.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
HIGH
Description:
Adobe IPC Broker Custom Hook
Exit code:
0
Version:
7.2.1.38
Modules
Images
c:\program files (x86)\common files\adobe\adobe desktop common\ipcbox\customhook\adobeipcbrokercustomhook.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
1372"C:\Users\admin\Desktop\GenP-3.4.14.0.exe" C:\Users\admin\Desktop\GenP-3.4.14.0.exeexplorer.exe
User:
admin
Company:
GenP
Integrity Level:
MEDIUM
Description:
GenP v3.4.14.0
Exit code:
0
Version:
3.4.14.0
Modules
Images
c:\users\admin\desktop\genp-3.4.14.0.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\version.dll
c:\windows\system32\gdi32.dll
2064"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Desktop App.exe" --register=true C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Desktop App.exeCreative_Cloud_Set-Up.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
HIGH
Description:
Creative Cloud Desktop App
Version:
6.3.0.207
Modules
Images
c:\program files (x86)\adobe\adobe creative cloud\utils\creative cloud desktop app.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2136"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2248 --field-trial-handle=2464,i,12833114605620447108,11837306582362440999,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2384"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2788 --field-trial-handle=2464,i,12833114605620447108,11837306582362440999,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2384"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll" C:\Windows\SysWOW64\regsvr32.exeCreative Cloud Desktop App.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2468"C:\Users\admin\Desktop\Creative_Cloud_Set-Up.exe" --pipename={2E2E9D5C-F6B5-49EA-9007-74D254CF5DC4} --pid=6712 --locale=en_US --webviewType=1C:\Users\admin\Desktop\Creative_Cloud_Set-Up.exe
Creative_Cloud_Set-Up.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
HIGH
Description:
Adobe Installer
Version:
2.13.0.14
Modules
Images
c:\users\admin\desktop\creative_cloud_set-up.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ws2_32.dll
Total events
40 219
Read events
39 994
Write events
194
Delete events
31

Modification events

(PID) Process:(6408) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(6408) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(6408) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(6408) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\GenP 3.4.14.0 - Release Edition - Hotfix.zip
(PID) Process:(6408) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6408) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6408) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6408) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6712) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
Operation:writeName:Creative_Cloud_Set-Up.exe
Value:
11001
(PID) Process:(6712) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
159
Suspicious files
1 123
Text files
1 598
Unknown types
28

Dropped files

PID
Process
Filename
Type
6712Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\b3913f1d-d628-43f9-8e58-e865c4447b0b
MD5:
SHA256:
6712Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\anon_events\b0983a6a-aa3f-4d7f-a0e2-4882843c1743
MD5:
SHA256:
6712Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\Adobe\com.adobe.dunamis\dunamis-2024-08-05_10-08-59.logtext
MD5:6BCA587B8469CD1C5EC180345C449E77
SHA256:2AC098433118E9B408B4812EFD30941DE20544AE1AE6548320C7A076BFC93006
6712Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\manifestbinary
MD5:45971D4E3A47775BB5A7260BB5EA3C36
SHA256:81C611F35BFF79491538B2F7CF201C7597A661A5C549633541C62BDC8AF1613F
6712Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\dat9008.tmpbinary
MD5:D070306A9062178AFDFA98FCC06D2525
SHA256:8F5CCDFD3DA9185D4AD262EC386EBB64B3EB6C0521EC5BD1662CEC04E1E0F895
6408WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6408.34561\Creative_Cloud_Set-Up.exeexecutable
MD5:39256F9439130BFE831653C7AC669168
SHA256:91428584B4BA15A7800C87F8A6CC9FD76D3195918247ABF9A7668F22A3B711FE
6712Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\dat9067.tmpbinary
MD5:DFCE51814CF6D2F42375F948602CD99D
SHA256:7A8A945586A1D21D2922CB4AED9E28D872129F6C396AC69F47EF3E32EA972BA0
6712Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{C6874633-E6D4-41D9-B433-6BA41DA89D80}\index.htmlhtml
MD5:A28AB17B18FF254173DFEEF03245EFD0
SHA256:886C0AB69E6E9D9D5B5909451640EA587ACCFCDF11B8369CAD8542D1626AC375
6712Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\CreativeCloud\ACC\WAM.logtext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
2468Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\1\meta_events\f5a0b361-8183-41e2-b951-28bef89d971d
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
62
TCP/UDP connections
514
DNS requests
141
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5300
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5300
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6712
Creative_Cloud_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
6712
Creative_Cloud_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
6712
Creative_Cloud_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
6776
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6712
Creative_Cloud_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAmKLzE6ssKc1CsGKg5Geww%3D
unknown
whitelisted
6816
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6712
Creative_Cloud_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEAfATp7LIVYw4gbHcu36vds%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
2872
RUXIMICS.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
2120
MoUsoCoreWorker.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2340
svchost.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
2340
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5336
SearchApp.exe
104.126.37.146:443
www.bing.com
Akamai International B.V.
DE
unknown
3260
svchost.exe
40.113.110.67:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5300
svchost.exe
40.126.32.134:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.23.110
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
www.bing.com
  • 104.126.37.146
  • 104.126.37.139
  • 104.126.37.170
  • 104.126.37.155
  • 104.126.37.160
  • 104.126.37.136
  • 104.126.37.161
  • 104.126.37.131
  • 104.126.37.153
  • 104.126.37.144
  • 104.126.37.171
  • 104.126.37.163
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
login.live.com
  • 40.126.32.134
  • 40.126.32.76
  • 20.190.160.14
  • 40.126.32.136
  • 40.126.32.74
  • 20.190.160.20
  • 40.126.32.140
  • 40.126.32.138
whitelisted
fd.api.iris.microsoft.com
  • 20.223.36.55
whitelisted
th.bing.com
  • 104.126.37.161
  • 104.126.37.144
  • 104.126.37.139
  • 104.126.37.155
  • 104.126.37.153
  • 104.126.37.171
  • 104.126.37.170
  • 104.126.37.163
  • 104.126.37.160
whitelisted
client.messaging.adobe.com
  • 13.33.187.42
  • 13.33.187.19
  • 13.33.187.74
  • 13.33.187.44
whitelisted
cc-api-data.adobe.io
  • 34.246.54.182
  • 54.228.247.11
  • 52.48.126.58
  • 34.252.184.159
  • 52.31.218.129
  • 52.48.8.54
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
GenP 3.4.14.0 - Release Edition - Hotfix.zip