File name:

GenP 3.4.14.0 - Release Edition - Hotfix.zip

Full analysis: https://app.any.run/tasks/04c606d7-f66a-413d-9646-35368d4c3bc0
Verdict: Malicious activity
Analysis date: August 05, 2024, 10:08:37
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

9A04686078C73AE8A0FA82685917DA30

SHA1:

7A7F230565CBFABC03C7F64717D5D592C3656B6D

SHA256:

165C93E7500820E1C76E9F7DDFCB35CA4436AFE320F9B6C5D85FB157EDEA85B9

SSDEEP:

98304:m3bUfiHTGngceb6l6VJYdl/y5SB67a7kvndzsr5SPbmMYzewnHvGzwm1irJcv/fA:erR20y

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Scans artifacts that could help determine the target

      • Creative_Cloud_Set-Up.exe (PID: 6712)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 6408)
      • Creative_Cloud_Set-Up.exe (PID: 2468)

    • Changes the autorun value in the registry

      • Creative_Cloud_Set-Up.exe (PID: 2468)

    • Registers / Runs the DLL via REGSVR32.EXE

      • Creative Cloud Desktop App.exe (PID: 2064)

  • SUSPICIOUS

    • Changes Internet Explorer settings (feature browser emulation)

      • Creative_Cloud_Set-Up.exe (PID: 6712)

    • Reads Microsoft Outlook installation path

      • Creative_Cloud_Set-Up.exe (PID: 6712)

    • Checks Windows Trust Settings

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • Creative_Cloud_Set-Up.exe (PID: 2468)

    • Reads security settings of Internet Explorer

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • GenP-3.4.14.0.exe (PID: 1372)
      • Creative_Cloud_Set-Up.exe (PID: 2468)

    • Reads the date of Windows installation

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • GenP-3.4.14.0.exe (PID: 1372)

    • Application launched itself

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • GenP-3.4.14.0.exe (PID: 1372)

    • Adds/modifies Windows certificates

      • Creative_Cloud_Set-Up.exe (PID: 6712)

    • Reads Internet Explorer settings

      • Creative_Cloud_Set-Up.exe (PID: 6712)

    • Executable content was dropped or overwritten

      • Creative_Cloud_Set-Up.exe (PID: 2468)

    • The process drops C-runtime libraries

      • Creative_Cloud_Set-Up.exe (PID: 2468)

    • Drops 7-zip archiver for unpacking

      • Creative_Cloud_Set-Up.exe (PID: 2468)

    • Uses ICACLS.EXE to modify access control lists

      • AdobeIPCBrokerCustomHook.exe (PID: 1172)

    • Process drops legitimate windows executable

      • Creative_Cloud_Set-Up.exe (PID: 2468)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 7848)
      • regsvr32.exe (PID: 7296)

  • INFO

    • Creates files or folders in the user directory

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • Creative_Cloud_Set-Up.exe (PID: 2468)
      • UPICustomHook.exe (PID: 7820)

    • Checks proxy server information

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • Creative_Cloud_Set-Up.exe (PID: 2468)

    • Process checks Internet Explorer phishing filters

      • Creative_Cloud_Set-Up.exe (PID: 6712)

    • Checks supported languages

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • Creative_Cloud_Set-Up.exe (PID: 2468)
      • identity_helper.exe (PID: 5484)
      • TextInputHost.exe (PID: 7736)
      • identity_helper.exe (PID: 7820)
      • GenP-3.4.14.0.exe (PID: 1372)
      • GenP-3.4.14.0.exe (PID: 7652)
      • NSudoLG.exe (PID: 7796)
      • GenP-3.4.14.0.exe (PID: 7292)
      • AdobeIPCBrokerCustomHook.exe (PID: 3372)
      • RuntimeCustomHook.exe (PID: 6740)
      • AdobeIPCBrokerCustomHook.exe (PID: 1172)
      • ADSCustomHook.exe (PID: 7812)
      • HDCoreCustomHook.exe (PID: 6264)
      • gccustomhook.exe (PID: 6804)
      • Creative Cloud Desktop App.exe (PID: 2064)
      • UPICustomHook.exe (PID: 7820)

    • Reads the computer name

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • Creative_Cloud_Set-Up.exe (PID: 2468)
      • identity_helper.exe (PID: 7820)
      • TextInputHost.exe (PID: 7736)
      • identity_helper.exe (PID: 5484)
      • GenP-3.4.14.0.exe (PID: 1372)
      • GenP-3.4.14.0.exe (PID: 7652)
      • NSudoLG.exe (PID: 7796)
      • UPICustomHook.exe (PID: 7820)
      • GenP-3.4.14.0.exe (PID: 7292)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6408)

    • Process checks whether UAC notifications are on

      • Creative_Cloud_Set-Up.exe (PID: 6712)

    • Create files in a temporary directory

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • Creative_Cloud_Set-Up.exe (PID: 2468)
      • GenP-3.4.14.0.exe (PID: 7652)
      • AdobeIPCBrokerCustomHook.exe (PID: 3372)
      • AdobeIPCBrokerCustomHook.exe (PID: 1172)
      • gccustomhook.exe (PID: 6804)
      • UPICustomHook.exe (PID: 7820)

    • UPX packer has been detected

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • Creative_Cloud_Set-Up.exe (PID: 2468)

    • Manual execution by a user

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • GenP-3.4.14.0.exe (PID: 1372)

    • Reads CPU info

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • Creative_Cloud_Set-Up.exe (PID: 2468)

    • Process checks computer location settings

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • GenP-3.4.14.0.exe (PID: 1372)

    • Reads Microsoft Office registry keys

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • msedge.exe (PID: 7896)
      • msedge.exe (PID: 5588)

    • Reads the machine GUID from the registry

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • Creative_Cloud_Set-Up.exe (PID: 2468)
      • UPICustomHook.exe (PID: 7820)

    • Reads the software policy settings

      • Creative_Cloud_Set-Up.exe (PID: 6712)
      • Creative_Cloud_Set-Up.exe (PID: 2468)
      • UPICustomHook.exe (PID: 7820)

    • Reads Environment values

      • identity_helper.exe (PID: 7820)
      • identity_helper.exe (PID: 5484)

    • Application launched itself

      • msedge.exe (PID: 5588)
      • msedge.exe (PID: 7896)

    • Reads mouse settings

      • GenP-3.4.14.0.exe (PID: 1372)
      • GenP-3.4.14.0.exe (PID: 7652)
      • GenP-3.4.14.0.exe (PID: 7292)

    • Creates files in the program directory

      • Creative_Cloud_Set-Up.exe (PID: 2468)
      • ADSCustomHook.exe (PID: 7812)
      • HDCoreCustomHook.exe (PID: 6264)
      • UPICustomHook.exe (PID: 7820)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2024:07:31 00:50:36
ZipCRC: 0x3fc121cf
ZipCompressedSize: 2073
ZipUncompressedSize: 7388
ZipFileName: config.ini
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
224
Monitored processes
88
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe THREAT creative_cloud_set-up.exe THREAT creative_cloud_set-up.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs textinputhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs genp-3.4.14.0.exe no specs genp-3.4.14.0.exe nsudolg.exe no specs genp-3.4.14.0.exe adobeipcbrokercustomhook.exe no specs conhost.exe no specs runtimecustomhook.exe no specs conhost.exe no specs adobeipcbrokercustomhook.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs adscustomhook.exe no specs hdcorecustomhook.exe no specs conhost.exe no specs gccustomhook.exe no specs upicustomhook.exe conhost.exe no specs creative cloud desktop app.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
812"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2464,i,12833114605620447108,11837306582362440999,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
872C:\WINDOWS\system32\icacls.exe "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe" /setintegritylevel mediumC:\Windows\SysWOW64\icacls.exeAdobeIPCBrokerCustomHook.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\icacls.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
904"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7752 --field-trial-handle=2464,i,12833114605620447108,11837306582362440999,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1172"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\customhook\AdobeIPCBrokerCustomhook.exe" -install C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\customhook\AdobeIPCBrokerCustomHook.exeCreative_Cloud_Set-Up.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
HIGH
Description:
Adobe IPC Broker Custom Hook
Exit code:
0
Version:
7.2.1.38
Modules
Images
c:\program files (x86)\common files\adobe\adobe desktop common\ipcbox\customhook\adobeipcbrokercustomhook.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
1372"C:\Users\admin\Desktop\GenP-3.4.14.0.exe" C:\Users\admin\Desktop\GenP-3.4.14.0.exeexplorer.exe
User:
admin
Company:
GenP
Integrity Level:
MEDIUM
Description:
GenP v3.4.14.0
Exit code:
0
Version:
3.4.14.0
Modules
Images
c:\users\admin\desktop\genp-3.4.14.0.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\version.dll
c:\windows\system32\gdi32.dll
2064"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Desktop App.exe" --register=true C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Desktop App.exeCreative_Cloud_Set-Up.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
HIGH
Description:
Creative Cloud Desktop App
Version:
6.3.0.207
Modules
Images
c:\program files (x86)\adobe\adobe creative cloud\utils\creative cloud desktop app.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2136"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2248 --field-trial-handle=2464,i,12833114605620447108,11837306582362440999,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2384"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2788 --field-trial-handle=2464,i,12833114605620447108,11837306582362440999,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2384"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll" C:\Windows\SysWOW64\regsvr32.exeCreative Cloud Desktop App.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2468"C:\Users\admin\Desktop\Creative_Cloud_Set-Up.exe" --pipename={2E2E9D5C-F6B5-49EA-9007-74D254CF5DC4} --pid=6712 --locale=en_US --webviewType=1C:\Users\admin\Desktop\Creative_Cloud_Set-Up.exe
Creative_Cloud_Set-Up.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
HIGH
Description:
Adobe Installer
Version:
2.13.0.14
Modules
Images
c:\users\admin\desktop\creative_cloud_set-up.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ws2_32.dll
Total events
40 219
Read events
39 994
Write events
194
Delete events
31

Modification events

(PID) Process:(6408) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(6408) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(6408) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(6408) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\GenP 3.4.14.0 - Release Edition - Hotfix.zip
(PID) Process:(6408) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6408) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6408) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6408) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6712) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
Operation:writeName:Creative_Cloud_Set-Up.exe
Value:
11001
(PID) Process:(6712) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
159
Suspicious files
1 123
Text files
1 598
Unknown types
28

Dropped files

PID
Process
Filename
Type
6712Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\b3913f1d-d628-43f9-8e58-e865c4447b0b
MD5:
SHA256:
6712Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\anon_events\b0983a6a-aa3f-4d7f-a0e2-4882843c1743
MD5:
SHA256:
6712Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Adobe\OOBE\temp_lbs_widtext
MD5:C3C3CE2EF89BC9647C8E9243B2ECB61E
SHA256:D0EC3238BC50294041E418F33A153E162DBD777C275DCAA23D2520F41F36659D
6712Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\Adobe\com.adobe.dunamis\dunamis-2024-08-05_10-08-59.logtext
MD5:6BCA587B8469CD1C5EC180345C449E77
SHA256:2AC098433118E9B408B4812EFD30941DE20544AE1AE6548320C7A076BFC93006
6712Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\CreativeCloud\ACC\WAM.logtext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
6408WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6408.34753\GenP-3.4.14.0.exeexecutable
MD5:B96713A17862524497DF280B06F62114
SHA256:E1655EFBF8B3B0A2E7FC982816F67AABFE554A8B6AD0A158E085AEAC3121A51A
6712Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\dat9008.tmpbinary
MD5:D070306A9062178AFDFA98FCC06D2525
SHA256:8F5CCDFD3DA9185D4AD262EC386EBB64B3EB6C0521EC5BD1662CEC04E1E0F895
6712Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{C6874633-E6D4-41D9-B433-6BA41DA89D80}\index.htmlhtml
MD5:A28AB17B18FF254173DFEEF03245EFD0
SHA256:886C0AB69E6E9D9D5B5909451640EA587ACCFCDF11B8369CAD8542D1626AC375
6712Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\dat8FC8.tmpwoff
MD5:FA794EC12D353C26805FF53821331FC2
SHA256:CFDBD8A2AA463C11E483DC10C480ACD274E9786632F5571A3970E8A20A2D8237
2468Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\1\meta_events\f5a0b361-8183-41e2-b951-28bef89d971d
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
62
TCP/UDP connections
514
DNS requests
141
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5300
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5300
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6712
Creative_Cloud_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
6712
Creative_Cloud_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
6712
Creative_Cloud_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
6712
Creative_Cloud_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAmKLzE6ssKc1CsGKg5Geww%3D
unknown
whitelisted
6776
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6816
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6712
Creative_Cloud_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEAfATp7LIVYw4gbHcu36vds%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
2872
RUXIMICS.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
2120
MoUsoCoreWorker.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2340
svchost.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
2340
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5336
SearchApp.exe
104.126.37.146:443
www.bing.com
Akamai International B.V.
DE
unknown
3260
svchost.exe
40.113.110.67:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5300
svchost.exe
40.126.32.134:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.23.110
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
www.bing.com
  • 104.126.37.146
  • 104.126.37.139
  • 104.126.37.170
  • 104.126.37.155
  • 104.126.37.160
  • 104.126.37.136
  • 104.126.37.161
  • 104.126.37.131
  • 104.126.37.153
  • 104.126.37.144
  • 104.126.37.171
  • 104.126.37.163
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
login.live.com
  • 40.126.32.134
  • 40.126.32.76
  • 20.190.160.14
  • 40.126.32.136
  • 40.126.32.74
  • 20.190.160.20
  • 40.126.32.140
  • 40.126.32.138
whitelisted
fd.api.iris.microsoft.com
  • 20.223.36.55
whitelisted
th.bing.com
  • 104.126.37.161
  • 104.126.37.144
  • 104.126.37.139
  • 104.126.37.155
  • 104.126.37.153
  • 104.126.37.171
  • 104.126.37.170
  • 104.126.37.163
  • 104.126.37.160
whitelisted
client.messaging.adobe.com
  • 13.33.187.42
  • 13.33.187.19
  • 13.33.187.74
  • 13.33.187.44
whitelisted
cc-api-data.adobe.io
  • 34.246.54.182
  • 54.228.247.11
  • 52.48.126.58
  • 34.252.184.159
  • 52.31.218.129
  • 52.48.8.54
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
GenP 3.4.14.0 - Release Edition - Hotfix.zip