File name:

adobe-premiere-pro-26-10.exe

Full analysis: https://app.any.run/tasks/5fc97123-2b29-4616-ba86-0e6dc83d6aa9
Verdict: Malicious activity
Analysis date: March 30, 2026, 14:07:08
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
upx
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

2299CBB4EBD108FEF96D395337D42BDF

SHA1:

8A732FD1F415787DF6A3C9873345624F04F6DD02

SHA256:

25565EEB1CCA35EB873B3AC939B79D3535F8EDE1049B049B1E8A271762F63297

SSDEEP:

98304:j6bA0KrmomN3HrogTuPxweg9WcJqCLkiU5488XmyssV3/aLdcEQLIKipEYYpAynj:a+DALZ9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes settings of System certificates

      • adobe-premiere-pro-26-10.exe (PID: 7776)
      • Adobe Desktop Service.exe (PID: 7420)
      • adobe_licensing_helper.exe (PID: 3136)
      • CoreSync.exe (PID: 6896)

    • Changes the autorun value in the registry

      • VC_redist.x86.exe (PID: 8544)
      • VC_redist.x64.exe (PID: 8160)
      • adobe-premiere-pro-26-10.exe (PID: 4684)
      • Setup.exe (PID: 8876)

    • Registers / Runs the DLL via REGSVR32.EXE

      • Creative Cloud Desktop App.exe (PID: 6064)

    • GENERIC has been found (auto)

      • msiexec.exe (PID: 4772)

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • adobe-premiere-pro-26-10.exe (PID: 7776)
      • Adobe Desktop Service.exe (PID: 7420)

    • Application launched itself

      • adobe-premiere-pro-26-10.exe (PID: 7776)
      • VC_redist.x86.exe (PID: 5916)
      • VC_redist.x86.exe (PID: 4956)
      • VC_redist.x64.exe (PID: 8980)
      • VC_redist.x64.exe (PID: 2428)

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 996)

    • Adds/modifies Windows certificates

      • adobe-premiere-pro-26-10.exe (PID: 7776)
      • Adobe Desktop Service.exe (PID: 7420)
      • adobe_licensing_helper.exe (PID: 3136)
      • CoreSync.exe (PID: 6896)

    • Executable content was dropped or overwritten

      • adobe-premiere-pro-26-10.exe (PID: 4684)
      • vcredist_x86.exe (PID: 8352)
      • vcredist_x86.exe (PID: 8364)
      • VC_redist.x86.exe (PID: 8544)
      • VC_redist.x86.exe (PID: 4956)
      • VC_redist.x86.exe (PID: 8012)
      • vcredist_x64.exe (PID: 8384)
      • vcredist_x64.exe (PID: 7388)
      • VC_redist.x64.exe (PID: 8160)
      • VC_redist.x64.exe (PID: 2428)
      • VC_redist.x64.exe (PID: 7600)
      • Setup.exe (PID: 8876)

    • Drops 7-zip archiver for unpacking

      • adobe-premiere-pro-26-10.exe (PID: 4684)

    • Starts a Microsoft application from unusual location

      • vcredist_x86.exe (PID: 8352)
      • VC_redist.x86.exe (PID: 8544)
      • vcredist_x64.exe (PID: 7388)
      • VC_redist.x64.exe (PID: 8160)

    • Reads Internet Explorer settings

      • adobe-premiere-pro-26-10.exe (PID: 7776)
      • Adobe Desktop Service.exe (PID: 7420)

    • Starts itself from another location

      • vcredist_x86.exe (PID: 8352)
      • vcredist_x64.exe (PID: 7388)

    • Executes as Windows Service

      • VSSVC.exe (PID: 4680)
      • AdobeUpdateService.exe (PID: 6508)

    • Searches for installed software

      • dllhost.exe (PID: 8800)
      • vcredist_x86.exe (PID: 8352)
      • VC_redist.x86.exe (PID: 4956)
      • VC_redist.x86.exe (PID: 8012)
      • vcredist_x64.exe (PID: 7388)
      • VC_redist.x64.exe (PID: 8160)
      • VC_redist.x64.exe (PID: 2428)
      • VC_redist.x64.exe (PID: 7600)
      • adobe-premiere-pro-26-10.exe (PID: 4684)

    • The process drops C-runtime libraries

      • adobe-premiere-pro-26-10.exe (PID: 4684)
      • msiexec.exe (PID: 4772)
      • Setup.exe (PID: 8876)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 4772)

    • Uses ICACLS.EXE to modify access control lists

      • AdobeIPCBrokerCustomHook.exe (PID: 7516)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 8376)
      • regsvr32.exe (PID: 8228)
      • CoreSyncCustomHook.exe (PID: 4308)

    • Reads the date of Windows installation

      • Creative Cloud Helper.exe (PID: 4712)
      • CRWindowsClientService.exe (PID: 3104)
      • Creative Cloud Helper.exe (PID: 5816)
      • Creative Cloud Helper.exe (PID: 8628)
      • CRWindowsClientService.exe (PID: 4304)
      • CRWindowsClientService.exe (PID: 8184)
      • StartMenuExperienceHost.exe (PID: 5296)
      • SearchApp.exe (PID: 7996)

    • The process executes via Task Scheduler

      • RmClient.exe (PID: 7800)

    • Named pipe usage

      • RmClient.exe (PID: 7800)

    • The process executes files with name similar to system file names

      • RmClient.exe (PID: 7800)

  • INFO

    • Checks supported languages

      • adobe-premiere-pro-26-10.exe (PID: 7776)
      • adobe-premiere-pro-26-10.exe (PID: 4684)
      • AdobeIPCBrokerCustomHook.exe (PID: 8656)
      • vcredist_x86.exe (PID: 8364)
      • vcredist_x86.exe (PID: 8352)
      • RuntimeCustomHook.exe (PID: 8312)
      • VC_redist.x86.exe (PID: 8544)
      • msiexec.exe (PID: 4772)
      • VC_redist.x86.exe (PID: 5916)
      • VC_redist.x86.exe (PID: 4956)
      • VC_redist.x86.exe (PID: 8012)
      • vcredist_x64.exe (PID: 8384)
      • vcredist_x64.exe (PID: 7388)
      • VC_redist.x64.exe (PID: 8160)
      • VC_redist.x64.exe (PID: 2428)
      • VC_redist.x64.exe (PID: 8980)
      • VC_redist.x64.exe (PID: 7600)
      • ADSCustomHook.exe (PID: 7616)
      • AdobeIPCBrokerCustomHook.exe (PID: 7516)
      • HDCoreCustomHook.exe (PID: 7796)
      • gccustomhook.exe (PID: 8516)
      • UPICustomHook.exe (PID: 8540)
      • Creative Cloud Desktop App.exe (PID: 6064)
      • AdobeServiceInstaller.exe (PID: 8996)
      • AdobeUpdateService.exe (PID: 6508)
      • Adobe Installer.exe (PID: 6668)
      • AdobeIPCBroker.exe (PID: 4176)
      • CRWindowsClientService.exe (PID: 8568)
      • Adobe Desktop Service.exe (PID: 7420)
      • Adobe Crash Processor.exe (PID: 7976)
      • Creative Cloud Helper.exe (PID: 4712)
      • Adobe Crash Processor.exe (PID: 9044)
      • Creative Cloud CustomHook.exe (PID: 8492)
      • CRLogTransport.exe (PID: 6556)
      • CRWindowsClientService.exe (PID: 3104)
      • Creative Cloud Helper.exe (PID: 5816)
      • CRLogTransport.exe (PID: 2728)
      • CRWindowsClientService.exe (PID: 4304)
      • CRLogTransport.exe (PID: 8356)
      • Adobe Crash Processor.exe (PID: 5284)
      • Creative Cloud Helper.exe (PID: 8628)
      • CRWindowsClientService.exe (PID: 8184)
      • Adobe Crash Processor.exe (PID: 8528)
      • CRLogTransport.exe (PID: 8152)
      • CRLogTransport.exe (PID: 9092)
      • CRLogTransport.exe (PID: 5228)
      • CRLogTransport.exe (PID: 9048)
      • CRLogTransport.exe (PID: 4956)
      • CRLogTransport.exe (PID: 5632)
      • CRLogTransport.exe (PID: 4104)
      • CRLogTransport.exe (PID: 8312)
      • CRLogTransport.exe (PID: 8552)
      • Set-up.exe (PID: 9116)
      • Set-up.exe (PID: 8968)
      • adobe_licensing_helper.exe (PID: 7320)
      • adobe_licensing_helper.exe (PID: 3136)
      • CRWindowsClientService.exe (PID: 7944)
      • Setup.exe (PID: 8876)
      • CRWindowsClientService.exe (PID: 5568)
      • RuntimeCustomHook.exe (PID: 3640)
      • RuntimeCustomHook.exe (PID: 4136)
      • CRLogTransport.exe (PID: 352)
      • CRLogTransport.exe (PID: 3560)
      • RuntimeCustomHook.exe (PID: 6428)
      • RuntimeCustomHook.exe (PID: 7760)
      • HDHelper.exe (PID: 4308)
      • Set-up.exe (PID: 2952)
      • AdobeNotificationHelper.exe (PID: 8984)
      • Set-up.exe (PID: 4172)
      • AdobeNotificationClient.exe (PID: 8632)
      • AdobeExtensionsService.exe (PID: 8452)
      • CoreSyncCustomHook.exe (PID: 4308)
      • TextInputHost.exe (PID: 6972)
      • SearchApp.exe (PID: 7996)
      • StartMenuExperienceHost.exe (PID: 5296)
      • CoreSyncCustomHook.exe (PID: 5032)
      • adobe_licensing_helper.exe (PID: 5684)
      • Set-up.exe (PID: 5088)
      • CoreSync.exe (PID: 6896)
      • CRWindowsClientService.exe (PID: 5644)
      • Set-up.exe (PID: 4748)

    • The sample compiled with english language support

      • adobe-premiere-pro-26-10.exe (PID: 7776)
      • adobe-premiere-pro-26-10.exe (PID: 4684)
      • vcredist_x86.exe (PID: 8352)
      • vcredist_x86.exe (PID: 8364)
      • VC_redist.x86.exe (PID: 4956)
      • msiexec.exe (PID: 4772)
      • VC_redist.x86.exe (PID: 8544)
      • VC_redist.x86.exe (PID: 8012)
      • vcredist_x64.exe (PID: 8384)
      • vcredist_x64.exe (PID: 7388)
      • VC_redist.x64.exe (PID: 8160)
      • VC_redist.x64.exe (PID: 2428)
      • VC_redist.x64.exe (PID: 7600)
      • Setup.exe (PID: 8876)

    • Creates files or folders in the user directory

      • adobe-premiere-pro-26-10.exe (PID: 7776)
      • adobe-premiere-pro-26-10.exe (PID: 4684)
      • msiexec.exe (PID: 4772)
      • UPICustomHook.exe (PID: 8540)
      • Adobe Crash Processor.exe (PID: 7976)
      • Adobe Desktop Service.exe (PID: 7420)
      • Creative Cloud Helper.exe (PID: 4712)
      • Adobe Crash Processor.exe (PID: 9044)
      • CRWindowsClientService.exe (PID: 3104)
      • Creative Cloud Helper.exe (PID: 5816)
      • Adobe Crash Processor.exe (PID: 5284)
      • Adobe Crash Processor.exe (PID: 8528)
      • Creative Cloud Helper.exe (PID: 8628)
      • CRWindowsClientService.exe (PID: 4304)
      • CRWindowsClientService.exe (PID: 8184)
      • CRWindowsClientService.exe (PID: 8568)
      • adobe_licensing_helper.exe (PID: 7320)
      • adobe_licensing_helper.exe (PID: 3136)
      • Setup.exe (PID: 8876)
      • CRWindowsClientService.exe (PID: 5568)
      • AdobeNotificationClient.exe (PID: 8632)
      • CoreSync.exe (PID: 6896)
      • explorer.exe (PID: 8552)
      • CRWindowsClientService.exe (PID: 5644)

    • Create files in a temporary directory

      • adobe-premiere-pro-26-10.exe (PID: 4684)
      • AdobeIPCBrokerCustomHook.exe (PID: 8656)
      • adobe-premiere-pro-26-10.exe (PID: 7776)
      • VC_redist.x86.exe (PID: 8544)
      • vcredist_x86.exe (PID: 8352)
      • VC_redist.x86.exe (PID: 4956)
      • VC_redist.x64.exe (PID: 8160)
      • VC_redist.x64.exe (PID: 2428)
      • vcredist_x64.exe (PID: 7388)
      • gccustomhook.exe (PID: 8516)
      • AdobeIPCBrokerCustomHook.exe (PID: 7516)
      • UPICustomHook.exe (PID: 8540)
      • AdobeIPCBroker.exe (PID: 4176)
      • Adobe Desktop Service.exe (PID: 7420)
      • Creative Cloud Helper.exe (PID: 4712)
      • Creative Cloud Helper.exe (PID: 5816)
      • Creative Cloud Helper.exe (PID: 8628)
      • Set-up.exe (PID: 9116)
      • Set-up.exe (PID: 8968)
      • adobe_licensing_helper.exe (PID: 7320)
      • adobe_licensing_helper.exe (PID: 3136)
      • Setup.exe (PID: 8876)
      • HDHelper.exe (PID: 4308)
      • Set-up.exe (PID: 2952)
      • Set-up.exe (PID: 4172)
      • CoreSync.exe (PID: 6896)
      • Set-up.exe (PID: 5088)
      • Set-up.exe (PID: 4748)

    • Reads the machine GUID from the registry

      • adobe-premiere-pro-26-10.exe (PID: 7776)
      • adobe-premiere-pro-26-10.exe (PID: 4684)
      • VC_redist.x86.exe (PID: 8544)
      • VC_redist.x64.exe (PID: 8160)
      • msiexec.exe (PID: 4772)
      • UPICustomHook.exe (PID: 8540)
      • AdobeServiceInstaller.exe (PID: 8996)
      • Adobe Installer.exe (PID: 6668)
      • Adobe Desktop Service.exe (PID: 7420)
      • AdobeUpdateService.exe (PID: 6508)
      • Creative Cloud Helper.exe (PID: 4712)
      • CRWindowsClientService.exe (PID: 3104)
      • Creative Cloud Helper.exe (PID: 5816)
      • Creative Cloud Helper.exe (PID: 8628)
      • CRWindowsClientService.exe (PID: 4304)
      • CRWindowsClientService.exe (PID: 8184)
      • CRWindowsClientService.exe (PID: 8568)
      • adobe_licensing_helper.exe (PID: 3136)
      • adobe_licensing_helper.exe (PID: 7320)
      • CRWindowsClientService.exe (PID: 5568)
      • SearchApp.exe (PID: 7996)
      • adobe_licensing_helper.exe (PID: 5684)
      • CoreSync.exe (PID: 6896)
      • CRWindowsClientService.exe (PID: 5644)

    • Reads CPU info

      • adobe-premiere-pro-26-10.exe (PID: 4684)
      • adobe-premiere-pro-26-10.exe (PID: 7776)
      • Adobe Desktop Service.exe (PID: 7420)
      • Creative Cloud Helper.exe (PID: 4712)
      • Creative Cloud Helper.exe (PID: 5816)
      • Creative Cloud Helper.exe (PID: 8628)

    • Reads the computer name

      • adobe-premiere-pro-26-10.exe (PID: 4684)
      • adobe-premiere-pro-26-10.exe (PID: 7776)
      • vcredist_x86.exe (PID: 8364)
      • VC_redist.x86.exe (PID: 8544)
      • vcredist_x86.exe (PID: 8352)
      • msiexec.exe (PID: 4772)
      • VC_redist.x86.exe (PID: 4956)
      • VC_redist.x86.exe (PID: 8012)
      • vcredist_x64.exe (PID: 8384)
      • vcredist_x64.exe (PID: 7388)
      • VC_redist.x64.exe (PID: 8160)
      • VC_redist.x64.exe (PID: 2428)
      • VC_redist.x64.exe (PID: 7600)
      • UPICustomHook.exe (PID: 8540)
      • Creative Cloud CustomHook.exe (PID: 8492)
      • AdobeServiceInstaller.exe (PID: 8996)
      • AdobeUpdateService.exe (PID: 6508)
      • Adobe Installer.exe (PID: 6668)
      • AdobeIPCBroker.exe (PID: 4176)
      • Adobe Desktop Service.exe (PID: 7420)
      • CRWindowsClientService.exe (PID: 8568)
      • Adobe Crash Processor.exe (PID: 7976)
      • Creative Cloud Helper.exe (PID: 4712)
      • CRWindowsClientService.exe (PID: 3104)
      • Adobe Crash Processor.exe (PID: 9044)
      • CRLogTransport.exe (PID: 6556)
      • CRLogTransport.exe (PID: 2728)
      • CRLogTransport.exe (PID: 8356)
      • Creative Cloud Helper.exe (PID: 5816)
      • CRWindowsClientService.exe (PID: 4304)
      • Adobe Crash Processor.exe (PID: 5284)
      • Creative Cloud Helper.exe (PID: 8628)
      • CRWindowsClientService.exe (PID: 8184)
      • Adobe Crash Processor.exe (PID: 8528)
      • CRLogTransport.exe (PID: 8152)
      • CRLogTransport.exe (PID: 9092)
      • CRLogTransport.exe (PID: 9048)
      • CRLogTransport.exe (PID: 4956)
      • CRLogTransport.exe (PID: 5632)
      • CRLogTransport.exe (PID: 4104)
      • CRLogTransport.exe (PID: 8312)
      • CRLogTransport.exe (PID: 8552)
      • adobe_licensing_helper.exe (PID: 3136)
      • adobe_licensing_helper.exe (PID: 7320)
      • CRWindowsClientService.exe (PID: 5568)
      • Setup.exe (PID: 8876)
      • HDHelper.exe (PID: 4308)
      • AdobeNotificationClient.exe (PID: 8632)
      • AdobeNotificationHelper.exe (PID: 8984)
      • CoreSyncCustomHook.exe (PID: 4308)
      • StartMenuExperienceHost.exe (PID: 5296)
      • CRLogTransport.exe (PID: 5228)
      • TextInputHost.exe (PID: 6972)
      • CoreSyncCustomHook.exe (PID: 5032)
      • SearchApp.exe (PID: 7996)
      • adobe_licensing_helper.exe (PID: 5684)
      • CoreSync.exe (PID: 6896)
      • CRWindowsClientService.exe (PID: 5644)

    • UPX packer has been detected

      • adobe-premiere-pro-26-10.exe (PID: 7776)
      • adobe-premiere-pro-26-10.exe (PID: 4684)

    • Application launched itself

      • chrome.exe (PID: 6632)

    • Reads security settings of Internet Explorer

      • adobe-premiere-pro-26-10.exe (PID: 4684)
      • adobe-premiere-pro-26-10.exe (PID: 7776)
      • vcredist_x86.exe (PID: 8352)
      • VC_redist.x86.exe (PID: 4956)
      • vcredist_x64.exe (PID: 7388)
      • VC_redist.x64.exe (PID: 2428)
      • AdobeServiceInstaller.exe (PID: 8996)
      • Adobe Installer.exe (PID: 6668)
      • Adobe Desktop Service.exe (PID: 7420)
      • CRWindowsClientService.exe (PID: 8568)
      • Creative Cloud Helper.exe (PID: 4712)
      • Creative Cloud Helper.exe (PID: 5816)
      • CRWindowsClientService.exe (PID: 4304)
      • Creative Cloud Helper.exe (PID: 8628)
      • CRWindowsClientService.exe (PID: 8184)
      • CRWindowsClientService.exe (PID: 5568)
      • CRWindowsClientService.exe (PID: 3104)
      • HDHelper.exe (PID: 4308)
      • AdobeNotificationClient.exe (PID: 8632)
      • explorer.exe (PID: 8552)
      • StartMenuExperienceHost.exe (PID: 5296)
      • CoreSync.exe (PID: 6896)
      • CRWindowsClientService.exe (PID: 5644)

    • Process checks whether UAC notifications are on

      • adobe-premiere-pro-26-10.exe (PID: 7776)
      • Adobe Desktop Service.exe (PID: 7420)

    • Manages system restore points

      • SrTasks.exe (PID: 1304)

    • Launching a file from a Registry key

      • VC_redist.x86.exe (PID: 8544)
      • VC_redist.x64.exe (PID: 8160)
      • adobe-premiere-pro-26-10.exe (PID: 4684)
      • Setup.exe (PID: 8876)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 4772)

    • Creating file in SysWOW64

      • msiexec.exe (PID: 4772)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 4772)
      • VC_redist.x86.exe (PID: 8544)
      • VC_redist.x64.exe (PID: 8160)
      • adobe-premiere-pro-26-10.exe (PID: 4684)
      • Setup.exe (PID: 8876)

    • Reads Environment values

      • Adobe Desktop Service.exe (PID: 7420)
      • Creative Cloud Helper.exe (PID: 4712)
      • Creative Cloud Helper.exe (PID: 5816)
      • Creative Cloud Helper.exe (PID: 8628)
      • SearchApp.exe (PID: 7996)

    • Reads product name

      • Creative Cloud Helper.exe (PID: 4712)
      • Creative Cloud Helper.exe (PID: 5816)
      • Creative Cloud Helper.exe (PID: 8628)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (43.5)
.exe | Win32 EXE Yoda's Crypter (42.7)
.exe | Win32 Executable (generic) (7.2)
.exe | Generic Win/DOS Executable (3.2)
.exe | DOS Executable Generic (3.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:05:20 06:01:01+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.33
CodeSize: 3317760
InitializedDataSize: 45056
UninitializedDataSize: 7761920
EntryPoint: 0xa91890
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.14.0.43
ProductVersionNumber: 2.14.0.43
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Adobe Inc.
FileDescription: Adobe Installer
FileVersion: 2.14.0.43
InternalName: Adobe Installer
LegalCopyright: © 2015-2024 Adobe. All rights reserved.
OriginalFileName: Adobe Installer
ProductName: Adobe Installer
ProductVersion: 2.14.0.43
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
313
Monitored processes
162
Malicious processes
4
Suspicious processes
7

Behavior graph

Click at the process to see the details
start adobe-premiere-pro-26-10.exe adobe-premiere-pro-26-10.exe cmd.exe no specs conhost.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs adobeipcbrokercustomhook.exe no specs conhost.exe no specs runtimecustomhook.exe no specs conhost.exe no specs vcredist_x86.exe vcredist_x86.exe vc_redist.x86.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs #GENERIC msiexec.exe vc_redist.x86.exe no specs vc_redist.x86.exe vc_redist.x86.exe vcredist_x64.exe vcredist_x64.exe vc_redist.x64.exe chrome.exe no specs vc_redist.x64.exe no specs vc_redist.x64.exe vc_redist.x64.exe adobeipcbrokercustomhook.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs adscustomhook.exe no specs hdcorecustomhook.exe no specs conhost.exe no specs gccustomhook.exe no specs upicustomhook.exe conhost.exe no specs creative cloud desktop app.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs creative cloud customhook.exe no specs adobeserviceinstaller.exe no specs adobeupdateservice.exe no specs adobe installer.exe no specs adobeipcbroker.exe no specs adobe desktop service.exe crwindowsclientservice.exe adobe crash processor.exe no specs creative cloud helper.exe crwindowsclientservice.exe adobe crash processor.exe no specs crlogtransport.exe no specs conhost.exe no specs crlogtransport.exe no specs conhost.exe no specs crlogtransport.exe no specs conhost.exe no specs creative cloud helper.exe crwindowsclientservice.exe adobe crash processor.exe no specs creative cloud helper.exe crwindowsclientservice.exe adobe crash processor.exe no specs crlogtransport.exe no specs conhost.exe no specs crlogtransport.exe no specs conhost.exe no specs crlogtransport.exe no specs conhost.exe no specs crlogtransport.exe no specs conhost.exe no specs crlogtransport.exe no specs conhost.exe no specs crlogtransport.exe no specs conhost.exe no specs crlogtransport.exe no specs conhost.exe no specs crlogtransport.exe no specs conhost.exe no specs crlogtransport.exe no specs conhost.exe no specs set-up.exe no specs set-up.exe no specs adobe_licensing_helper.exe conhost.exe no specs adobe_licensing_helper.exe conhost.exe no specs setup.exe crwindowsclientservice.exe crwindowsclientservice.exe no specs crlogtransport.exe no specs conhost.exe no specs crlogtransport.exe no specs conhost.exe no specs runtimecustomhook.exe no specs conhost.exe no specs runtimecustomhook.exe no specs conhost.exe no specs runtimecustomhook.exe no specs conhost.exe no specs runtimecustomhook.exe no specs conhost.exe no specs hdhelper.exe no specs set-up.exe no specs set-up.exe no specs adobenotificationhelper.exe no specs adobeextensionsservice.exe no specs adobenotificationclient.exe no specs coresynccustomhook.exe no specs conhost.exe no specs rmclient.exe no specs explorer.exe no specs startmenuexperiencehost.exe no specs textinputhost.exe no specs searchapp.exe mobsync.exe no specs coresynccustomhook.exe no specs conhost.exe no specs adobe_licensing_helper.exe no specs conhost.exe no specs set-up.exe no specs set-up.exe no specs coresync.exe crwindowsclientservice.exe

Process information

PID
CMD
Path
Indicators
Parent process
352"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HDBox\CRLogTransport.exe" "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HDBox" "C:\Users\admin\AppData\Roaming\Adobe\CRLogs\crashlogs"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HDBox\CRLogTransport.exeCRWindowsClientService.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
HIGH
Description:
CRLogTransport Application
Exit code:
0
Version:
12.0.0
Modules
Images
c:\program files (x86)\common files\adobe\adobe desktop common\hdbox\crlogtransport.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
584C:\WINDOWS\System32\mobsync.exe -EmbeddingC:\Windows\System32\mobsync.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Sync Center
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\mobsync.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
784\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
996"C:\Windows\System32\cmd.exe" /C start chrome "https://ims-na1.adobelogin.com/ims/authorize?client_id=CreativeCloudInstallerWeb_v1_0&scope=allow_ac_dt_exchange%2Copenid%2CAdobeID%2Ccreative_cloud%2Ccreative_sdk%2Cread_organizations%2Csao.cce_private%2Cadditional_info.account_type&locale=en_US&redirect_uri=https%3A%2F%2Fauth.services.adobe.com%2Fen_US%2Fdeeplink.html%3Fdelegated_request_id%3D31c024ac-86b9-4ef9-85f1-4cabb397b7d5%26client_id%3DCreativeCloudInstallerWeb_v1_0%26deeplink%3Ddelegation&ctx_id=WAM1_PPRO_14"C:\Windows\SysWOW64\cmd.exeadobe-premiere-pro-26-10.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1300\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeadobe_licensing_helper.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1304C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:15C:\Windows\System32\SrTasks.exedllhost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft® Windows System Protection background tasks.
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1352"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=5172,i,9241868790398087802,11861175918622396322,262144 --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=5168 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1352"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll" C:\Windows\SysWOW64\regsvr32.exeCreative Cloud Desktop App.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2428"C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=560 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d8bbe9f9-7c5b-42c6-b715-9ee898a2e515} -burn.filehandle.self=1004 -burn.embedded BurnPipe.{864AF1B4-4B8A-4A75-999C-BE9BC2EF020D} {1CA68780-E9ED-4A6D-BDAC-ADB06952EA06} 8160C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
VC_redist.x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532
Exit code:
0
Version:
14.36.32532.0
Modules
Images
c:\programdata\package cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\vc_redist.x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2728"C:\Program Files\Adobe\Adobe Creative Cloud\ACC\CRLogTransport.exe" "C:\Program Files\Adobe\Adobe Creative Cloud\ACC" "C:\Users\admin\AppData\LocalLow\Adobe\CRLogs\crashlogs"C:\Program Files\Adobe\Adobe Creative Cloud\ACC\CRLogTransport.exeCRWindowsClientService.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
MEDIUM
Description:
CRLogTransport Application
Exit code:
0
Version:
25.6.0
Modules
Images
c:\program files\adobe\adobe creative cloud\acc\crlogtransport.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
Total events
94 603
Read events
92 400
Write events
1 536
Delete events
667

Modification events

(PID) Process:(7776) adobe-premiere-pro-26-10.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7776) adobe-premiere-pro-26-10.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7776) adobe-premiere-pro-26-10.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7776) adobe-premiere-pro-26-10.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates
Operation:delete valueName:686DF0A4A89F7CB6BFB4D33C6A48E2EE5FB6C4FB
Value:
(PID) Process:(7776) adobe-premiere-pro-26-10.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\686DF0A4A89F7CB6BFB4D33C6A48E2EE5FB6C4FB
Operation:writeName:Blob
Value:
030000000100000014000000686DF0A4A89F7CB6BFB4D33C6A48E2EE5FB6C4FB2000000001000000C3050000308205BF308203A7A003020102020401CFBD1C300D06092A864886F70D01010D050030818E310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F67793124302206035504030C1B41646F626520496E7465726D6564696174652043412031302D3139301E170D3233303830373135313132375A170D3330303830353135313132355A308191310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F67793127302506035504030C1E41646F626520436F6E74656E742043657274696669636174652031302D3830820222300D06092A864886F70D01010105000382020F003082020A0282020100D119F9B8D2D41D892ABF9F1F3CD1F947141B9867E9BE6D96E479C74C87E42F61F5B927BCCB7CAEBE27B26465B8E2F1118C2041980B88D7F559B8F9D041110E19F29CE5033FE9B8184D47982257E97D1B62744521BC329A7861A2376EEB8F3248EB031A7B43B1F22174FCC3C642033770137CAD8329B240970127EDD3030D9A69AF242FC7405B5867D0F5950BB0B79F702E84180EE43CA21F46ADCE07AD014F5CFD7BE25E735EB0431889BCCE40A4E94791FCA5A65DA24838D189B85218C9961EB1BCE8DB4CB2FFC7A2C3419788E68098350CACC6AA61DFB3D8476454927F9AB767037A84ED4E39862B3F386A065B169403259617150679E34AF188035D8BEBD9F4F22544CBF81F0D0516799D39A17A56C12E5C151945D65084367647C6F6A78ADE46F7BCC0B8ACA7D8ABFE3EB34AB2D1FB7800A98DA86C8DA956B267E309634D55FF7F6570F9B926BD602D4A94E77C662D1479C576B972D87BB35EA634B5F676774D40E04A0A908948C269C7DC71778ED5D15D9B8F4519EE858BC273A49AFC7A206AFD97286716B832E64154A074305D7BBCB7F2205017D1ED5CA6E42EDC6D35FABC88DD188028B15E5AA5296E12C03486A80A6E3CB0C001E4742B1EDF02FA70C2EBDCBEC606480054FC467729E99D1EB80BEE04B36FB17C722068079146FDE54B06C3EC5C4BAFAF113D2000EF36AEBE8454560E81D0CF982A798BAE3C39CD430203010001A320301E300E0603551D0F0101FF040403020780300C0603551D130101FF04023000300D06092A864886F70D01010D050003820201006BF0137EE63D74F0DF4EE19376625AC33574898A025B764E9BD69F8C7D9FA1C7F9B58F0355F206CAB84927D626275A8FD0D1C6A3B9A7811B361A68523AD86199EC1188922CE525246BFEF1B4DD23EB5B8EE0894D4495CEB1C0F27BCA3812C7C02432F9A693C7A331C53162A76C687C0FF60B31389A0E11F9DA1FD8CEAE91FF671222083643E0A7C0B97F170AB051856AB58C8B3278D16753CFAAC05CEC9A08C0FCC2E993AAEA79225D70E9EC8BFB53C93BE8915B2026A35BF05D3C9E5E417FABC5648D9FD8F153E8787F1E3CDD637FE2ABD8C8A5D1C9171C342E588A77FF2739DC6B88C79DC933DEDF535C496BA652A184B6B65B831AA7706251494108D58F8565624E37A343696F2E42C029333DAB8B1A9E34BDA64B58546906E9BD3F0D67F3CB830E8B6BF3B01F653C938DA93B53A6878A14FE75550B546D580FA40F0E6E6FAC25113513F48C9FC79B27689B906AFD59D11ABBDF4FDE466D2A93431606DB3938D9E9F7505D1A0CD91E4F116A2F3E1837BA0C1AB0CC74724916A65D9B2C09B00EEF96BDA7156F789449923371B5AAC2A6728B0B3E71AC656EBC820BAD65977CEBAF56611C8D322C78AF95C5DC1C2E56D95ECA6EFB5664010860DD6C82FAF60A9CD493EECC6B013449633928D96BB0D38F28F838564DB989958ECFD5325FA51F8EC4148545C5A94705BEB7200B427F978959CC7A031FE58F7E2F42AD48E3BB82
(PID) Process:(7776) adobe-premiere-pro-26-10.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates
Operation:delete valueName:85E2C5B0D9CFF505363FA62A5E8B8C1D76A60B46
Value:
(PID) Process:(7776) adobe-premiere-pro-26-10.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\85E2C5B0D9CFF505363FA62A5E8B8C1D76A60B46
Operation:writeName:Blob
Value:
03000000010000001400000085E2C5B0D9CFF505363FA62A5E8B8C1D76A60B462000000001000000BC050000308205B8308203A0A003020102020426C66CD0300D06092A864886F70D01010D0500308185310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F6779311B301906035504030C1241646F626520526F6F742043412031302D333020170D3138303831373137333831395A180F32303638303830343137333831395A30818E310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F67793124302206035504030C1B41646F626520496E7465726D6564696174652043412031302D313930820222300D06092A864886F70D01010105000382020F003082020A0282020100B533B875034A0E7563110700E026D838B4ED1369EE54D6DB09EBF764A4778EF8A7DC7DFBA9386A78E61BE8FF8722D2CA1535CC02C111F9FAE54FDC09698D22D9D936B3133AAB757B596A1C093CF3559F351D3F10DC44FB0F9787E1F685E83DC775C74D0E563F1509071A1D4BCD919D0B9EBAF925867A85E7E5B9B13040760DFBE2A9BD70E028963DD69631E9CF2F5CA3A6634AC8BFE2DAE5CDE9DF35E935B4F88A17FC78786052BADF6E5A378E34A16D16EC7EEB69BF0917FD7210AE129AE2B5F3473E28EA73E25E81176229F0AD99B74069CF6C30413AB85D86F7FEC519E01806A928CF2E5EA9C9AAE9F57A60401E76313FD017BBE23541B455DA6C7D49E39F6B451A67EA2160056781067C489526D297410AC05E87FBECA66D75BDA1EAEEC9652891598957F4C19FB53EC491B1D600D1AD75D7C164D613BA6CE275682F44399515C247D11D72DC440FD800225A13AE8D16494EAA9F1F82120D2F51243683D2AA62CDCF5BE075720B7D566EADB5E46EE3299B43296A49BF3FBE2E672E72E42E7918E608466028DE4F215CD362CFD921200FF946168717D09AF99095950812F5A4DE4073E2C5697A318B9EB51A585A36E74DBD8FB7277C8AEB7DDD42FFBEB32C181F9EDADDC1480B95F16E7EA37D0DAB3F2F5009D570AA4624B66A7017C75F1CAA7C544E15DEF0C6E6CF6A4F26312B68F633B7A5A4203C97E77A32141E7CF4970203010001A3233021300E0603551D0F0101FF040403020204300F0603551D130101FF040530030101FF300D06092A864886F70D01010D050003820201005BD66C82CA184490136B886EF3B5F5B6866768C8CFD13F701025AEB8DC8B7B4539C071032663327F1B55D773E062EA01551038BC12895B4A760A23EC0EF1E24C1D25649B12DAD880B576A952BA1F9D1ED0C5BDF45E8A9F9465C091E22FF7165912FBA642B3E2979897339AB2AE511615D3E20B27E3E60E13FE188C7C7119F14029CCFAF1E9FEF5C7E53CE1C0D1CFCB8507131C446AF5B7F67B701E1EE4151CADD14048737CF0EC86F8964D75B8509BF07A984441641622568D5EA1B9124101DB76C578BEE86ACDB651A90B5C3ABDAB541F3A41E82CBFC0D30319E1975924540A71E8D1A3603CAADE3CEFCF0B362B62FA09EFE97827276B0B79F58553136C89AA72A9F3F7FDAA87E5789978ABE6AF28C04F7D673954594329ACE012159C5EE6B2CB43B55F507E0E0F68233E8A3C6FE13A2CB23B4F38DDECAEAE21E99BD6E152793AD59B8286256EDE041654CB8A7C069D773868F8BDDEA44FCCDCFC4C0CFEC6F9357093024D88519A40BDB3B77B0988051418FCBA0A67C5CAABC66F21D094E5D612DD7F951291892A4F8EF35EFDB2C9D940FCBDDFDB75D19B1B215A36DEC147C9D716BB4A06047E90D0D0FAD64A56F24A6B650843D5CDD2ABA7E8894B4693D775AEBC8D65063D1813B0BE5C9C6357C43BE7AEA9B3B6021935ACC2B8F38746AEAB5EAA06F447BE0CFFF20B38811E273023CD035F14AD3A7BABEE646909282CC3EF
(PID) Process:(7776) adobe-premiere-pro-26-10.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates
Operation:delete valueName:4C7C2E87F0BC79A039D39B05F899A1CC521FDE99
Value:
(PID) Process:(7776) adobe-premiere-pro-26-10.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\4C7C2E87F0BC79A039D39B05F899A1CC521FDE99
Operation:writeName:Blob
Value:
0300000001000000140000004C7C2E87F0BC79A039D39B05F899A1CC521FDE992000000001000000C3050000308205BF308203A7A00302010202046E271780300D06092A864886F70D01010D050030818E310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F67793124302206035504030C1B41646F626520496E7465726D6564696174652043412031302D3135301E170D3233303830373133343834335A170D3330303830353133343834315A308191310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F67793127302506035504030C1E41646F626520436F6E74656E742043657274696669636174652031302D3730820222300D06092A864886F70D01010105000382020F003082020A0282020100AD280D5CFB35F4129A580996209E83CD117CAB917F7F8B85E353C39899FA07BC7050077DB622FE4B43C477C0ABB8325A1EE90F76416E2AF5CB76ED9CCEC153694C6ADD14358E1C5C45D32DB721654781BA134E981AE3B21D56FE739AFD397DB8101FA65554AD67D9B808D45487D9913BD7CF30E094A948546DA75F51395AB7B0F122244976683D87CE6797AAEA3D5EE468553FC658B2B9530E33E2AA418950458D4147270F8773E3D93DA7DF6A1E8F58E439218236D110A658BF5037260D3F596E1F06B9E963F758ECA3F99FAA454640628E3BC66C16E914AAD9BEA5A47F954CA0FF73CF4237E8545E5E82F66795493508A6852F4564EF44DBB31B23C27D6DCC54E749094BB404073ED05AB6BF54AFADEC8EA7B58CE2D935C4B0EC8A054BEF86CEBFD63FAAB8FAE41104E8BDAF1F3F2474D78E050C8F33510C80ABBA83C0DA198107E47B40CD119B71827A510AE65E9B97D5E617B397CF517CFECBC47A890BBC350C5B631A50F254151D4D84CD512E0F57241E10B1BD1569287A900D4BF4A23532556266BC1C8B1014972F126B20A2E2E7DB73774EB822669FC2BCF56D817EE3F5D20F9B029EC62D377D5328000CE5D921C965337C500416A6C3E828ED27AD8ED370F8B9035C322CE75ED6DE25002E363475F95E24AD6E30B9350EB2934A431BF09C8B4DF073213FD6393192D796022B4275A73E5B4A2BF3B226D6A537E96C450203010001A320301E300E0603551D0F0101FF040403020780300C0603551D130101FF04023000300D06092A864886F70D01010D05000382020100315188A437CB6A526AB679D888EF1051EA301191B36FF818D3E7E1B8CBC8E1C078FC058E0D7BD61B11FD8EFEF27B411C3F494F6734C286008FFB39D2EECF012929913628C5B160F6CA24FAB63068FC48CB91293FC302F3D16F5DE8DBDFE3A57ABCA9A081C4CFA82FA3E06F36A318251A351C5E08FE4F4A286D1EBB4BF87278F7E54FAF53E1B37148F19F210136C5F3B5981A89A3AAF8351490555D001AEE6C9AB2BD27CC13D162EF6314C47FCE2C668E16ED641D2B6871EF3B0AFBC8E5E2B93D775049061496057A361C2CD1ED7CBDADD143A0F114E9D5066C6E2F2BFD771B44C8979CF0F094D2D89E104C935EF362EABCCCDA4559BB33E640B3C1920CF314688FDC639665E8E81F6B9312516D937A6DB751FD39E044271432D0E83BFCB5E8DF5CBE2A7C15E272E09AA96F939AC7B6655FCFE91E59474B3A4CECF12490CB1F3AA2A80AE53CBE867CCAEFF9CA84D487BF438F4213B253148FF8BE54CAEE1E4AA157353F707A966F946E89A8FC8964849EB948BD54B2B2E6D1DD85BA7DF45208206472A5AA93860C5EE8F6460739EA3231EC590F09602FF29F09ECEDBDBD635CB42670C8288B3F051DD6C393240D0A668B9A2C20BD70F182CE58D152089385AB717C7C624826EC39424050AD45048927D2E771BE6F6693055589F3612DF47C206D6AE8600F9D60F7AEBC5567458D8A423B76D6082AB213FFF88584909E76B458AB
(PID) Process:(7776) adobe-premiere-pro-26-10.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates
Operation:delete valueName:A5C8D928986EC17FCC7D5F2353885D1709B73A29
Value:
Executable files
334
Suspicious files
1 067
Text files
3 675
Unknown types
1

Dropped files

PID
Process
Filename
Type
7776adobe-premiere-pro-26-10.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\cb5468f2-da6c-47cf-9cc8-173214f155a7
MD5:
SHA256:
7776adobe-premiere-pro-26-10.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\anon_events\0534a383-881a-407d-aea2-28b11265a458
MD5:
SHA256:
7776adobe-premiere-pro-26-10.exeC:\Users\admin\AppData\Local\Temp\{ECA99519-FF76-4AD8-B774-28A4BC12425A}\index.htmlhtml
MD5:A28AB17B18FF254173DFEEF03245EFD0
SHA256:886C0AB69E6E9D9D5B5909451640EA587ACCFCDF11B8369CAD8542D1626AC375
7776adobe-premiere-pro-26-10.exeC:\Users\admin\AppData\Local\Temp\{ECA99519-FF76-4AD8-B774-28A4BC12425A}\CCDInstaller.jstext
MD5:1F20EB5138978D76177FEE6E50DAAB69
SHA256:2801955A56FE05D3E87A7AAED3D9A30E61C1EF3410D13E8F7F04C5ADF513AC13
7776adobe-premiere-pro-26-10.exeC:\Users\admin\AppData\Local\Temp\Adobe\com.adobe.dunamis\dunamis-2026-03-30_14-07-15.logtext
MD5:EEB7C184993501131BC8909158D68AD2
SHA256:49D0CAB71E690197AF3A8C7078AED05883C610110C2C427DD249910BE7350886
7776adobe-premiere-pro-26-10.exeC:\Users\admin\AppData\Local\Temp\dat453.tmpbinary
MD5:E204643042591AEEC2043C5EAE255099
SHA256:7F58F56A7A353F8FC78EC2757394A7C7F28165E6BBF2A37D6A6E48E845874F3E
7776adobe-premiere-pro-26-10.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\manifestbinary
MD5:45971D4E3A47775BB5A7260BB5EA3C36
SHA256:81C611F35BFF79491538B2F7CF201C7597A661A5C549633541C62BDC8AF1613F
7776adobe-premiere-pro-26-10.exeC:\Users\admin\AppData\Local\Temp\{ECA99519-FF76-4AD8-B774-28A4BC12425A}\index.csstext
MD5:4CEDE05AD3C27ADA493516D8B3F624E4
SHA256:A388389E33EBB569D5E4BFF4A87223CA0E540D5670127BB2E7ECB01207D34B61
7776adobe-premiere-pro-26-10.exeC:\Users\admin\AppData\Local\Temp\CreativeCloud\ACC\WAM.logtext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
7776adobe-premiere-pro-26-10.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\anon_events\manifestbinary
MD5:45971D4E3A47775BB5A7260BB5EA3C36
SHA256:81C611F35BFF79491538B2F7CF201C7597A661A5C549633541C62BDC8AF1613F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
530
TCP/UDP connections
786
DNS requests
203
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7776
adobe-premiere-pro-26-10.exe
GET
200
23.11.41.157:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
NL
binary
471 b
whitelisted
7776
adobe-premiere-pro-26-10.exe
GET
200
23.11.41.157:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
NL
binary
471 b
whitelisted
7776
adobe-premiere-pro-26-10.exe
GET
200
23.11.41.157:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
NL
binary
727 b
whitelisted
7776
adobe-premiere-pro-26-10.exe
GET
200
23.11.41.157:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAmKLzE6ssKc1CsGKg5Geww%3D
NL
binary
727 b
whitelisted
7776
adobe-premiere-pro-26-10.exe
GET
200
54.224.241.105:443
https://p13n.adobe.io/fg/api/v2/feature?clientId=NglBaseFeatureClient&meta=true&nglLocale=en_US&nglLibRunTimeMode=NAMED_USER_ONLINE&nglOsPlatform=WIN_X86_32&nglPlatformID=9f8d6c3956377ee884e33ee8c5858fa463e0fe6770a974e3a5f5a0c8809c47f0
US
text
806 b
whitelisted
7776
adobe-premiere-pro-26-10.exe
POST
200
52.48.202.212:443
https://cc-api-data.adobe.io/ingest
US
whitelisted
6936
chrome.exe
GET
302
162.159.140.165:443
https://ims-na1.adobelogin.com/ims/authorize?client_id=CreativeCloudInstallerWeb_v1_0&scope=allow_ac_dt_exchange%2Copenid%2CAdobeID%2Ccreative_cloud%2Ccreative_sdk%2Cread_organizations%2Csao.cce_private%2Cadditional_info.account_type&locale=en_US&redirect_uri=https%3A%2F%2Fauth.services.adobe.com%2Fen_US%2Fdeeplink.html%3Fdelegated_request_id%3D31c024ac-86b9-4ef9-85f1-4cabb397b7d5%26client_id%3DCreativeCloudInstallerWeb_v1_0%26deeplink%3Ddelegation&ctx_id=WAM1_PPRO_14
US
unknown
7776
adobe-premiere-pro-26-10.exe
GET
200
13.33.187.44:443
https://client.messaging.adobe.com/latest/AdobeMessagingClient.js
US
text
180 Kb
whitelisted
7776
adobe-premiere-pro-26-10.exe
POST
200
52.48.202.212:443
https://cc-api-data.adobe.io/ingest
US
whitelisted
7776
adobe-premiere-pro-26-10.exe
GET
200
13.33.187.44:443
https://client.messaging.adobe.com/latest/AdobeMessagingClient.css
US
text
56.6 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
6684
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5276
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
48.192.1.64:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
7776
adobe-premiere-pro-26-10.exe
54.224.241.105:443
p13n.adobe.io
AMAZON-AES
US
whitelisted
7776
adobe-premiere-pro-26-10.exe
52.48.202.212:443
cc-api-data.adobe.io
AMAZON-02
US
whitelisted
7776
adobe-premiere-pro-26-10.exe
18.245.60.55:443
cdn-ffc.oobesaas.adobe.com
AMAZON-02
US
whitelisted
7776
adobe-premiere-pro-26-10.exe
13.33.187.44:443
client.messaging.adobe.com
AMAZON-02
US
whitelisted
7776
adobe-premiere-pro-26-10.exe
23.11.41.157:80
ocsp.digicert.com
AKAMAI-AMS
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.104.136.2
  • 51.124.78.146
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.64
whitelisted
google.com
  • 142.250.201.78
whitelisted
cc-api-data.adobe.io
  • 52.48.202.212
  • 52.212.178.60
  • 52.31.167.175
whitelisted
p13n.adobe.io
  • 54.224.241.105
  • 50.16.47.176
  • 34.237.241.83
  • 18.213.11.84
whitelisted
cdn-ffc.oobesaas.adobe.com
  • 18.245.60.55
  • 18.245.60.41
  • 18.245.60.126
  • 18.245.60.45
whitelisted
client.messaging.adobe.com
  • 13.33.187.44
  • 13.33.187.74
  • 13.33.187.19
  • 13.33.187.42
whitelisted
ocsp.digicert.com
  • 23.11.41.157
  • 162.159.142.9
  • 172.66.2.5
whitelisted
lcs-cops.adobe.io
  • 52.48.126.58
  • 54.228.247.11
  • 34.246.54.182
  • 52.48.8.54
  • 52.31.218.129
  • 34.252.184.159
whitelisted
resources.licenses.adobe.com
  • 13.33.220.139
whitelisted

Threats

PID
Process
Class
Message
7776
adobe-premiere-pro-26-10.exe
Misc activity
SUSPICIOUS [ANY.RUN] Sent Host Name in HTTP POST Body
6684
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
7420
Adobe Desktop Service.exe
Misc activity
SUSPICIOUS [ANY.RUN] Sent Host Name in HTTP POST Body
4304
CRWindowsClientService.exe
Generic Protocol Command Decode
SURICATA HTTP response header invalid
3104
CRWindowsClientService.exe
Generic Protocol Command Decode
SURICATA HTTP response header invalid
8568
CRWindowsClientService.exe
Generic Protocol Command Decode
SURICATA HTTP response header invalid
8184
CRWindowsClientService.exe
Generic Protocol Command Decode
SURICATA HTTP response header invalid
Process
Message
msiexec.exe
Failed to release Service
Setup.exe
03/30/26 10:11:34:257 | [INFO] | 8876 | HDSetup | HDSetup | AppContext | | HDSetup | 8600 | ************************* START Adobe Setup *************************
Setup.exe
03/30/26 10:11:34:257 | [INFO] | 8876 | HDSetup | HDSetup | AppContext | | HDSetup | 8600 | Adobe Setup Version: 6.9.0.618
Setup.exe
Setup.exe
Setup.exe
03/30/26 10:11:34:259 | [INFO] | 8876 | HDSetup | OOBEUtils | CommandLineParser | | OOBEUtils | 8600 | Parsing the command line provided. Number of command line arguments is 2
Setup.exe
Setup.exe
03/30/26 10:11:37:882 | [INFO] | 8876 | HDSetup | HDPIM | HDPIMSessionManager | | HDPIM | 7568 | new session '{43D2C37D-6143-466F-9A5F-D6B7E3FF7AD4}' created
Setup.exe
Setup.exe
03/30/26 10:11:37:880 | [INFO] | 8876 | HDSetup | HDPIM | HDPIMSessionManager | | HDPIM | 7568 | Entering into 'createHDPIMSession'
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
adobe-premiere-pro-26-10.exe