File name:

Creative_Cloud_Set-Up.exe

Full analysis: https://app.any.run/tasks/68111ad9-a7b8-4156-a6e4-ff870b7e6232
Verdict: Malicious activity
Analysis date: September 08, 2024, 20:05:32
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

2F5B6E5C36F327351EA420359A152B92

SHA1:

7B1497301C71ED863920C1C9D2146D90983100FB

SHA256:

2ABA215482661C2B94BFC39526C7738D8A27FBFE5256C84FA262B0372FD6C613

SSDEEP:

98304:LzCjVKn9XHMtd9VS0Hf0N+1Bvq62DytHVvDR+1pZLOTPveThNGpTYmnp1eNorhtU:/CjVB48mtNSjW1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Creative_Cloud_Set-Up.exe (PID: 4804)

    • Reads Internet Explorer settings

      • Creative_Cloud_Set-Up.exe (PID: 4804)

    • Checks Windows Trust Settings

      • Creative_Cloud_Set-Up.exe (PID: 4804)

    • Application launched itself

      • Creative_Cloud_Set-Up.exe (PID: 4804)

    • Adds/modifies Windows certificates

      • Creative_Cloud_Set-Up.exe (PID: 4804)

    • Starts CMD.EXE for commands execution

      • Creative_Cloud_Set-Up.exe (PID: 4804)

    • Reads Microsoft Outlook installation path

      • Creative_Cloud_Set-Up.exe (PID: 4804)

  • INFO

    • Create files in a temporary directory

      • Creative_Cloud_Set-Up.exe (PID: 4804)
      • Creative_Cloud_Set-Up.exe (PID: 4092)

    • Creates files or folders in the user directory

      • Creative_Cloud_Set-Up.exe (PID: 4804)
      • Creative_Cloud_Set-Up.exe (PID: 4092)

    • Checks proxy server information

      • Creative_Cloud_Set-Up.exe (PID: 4804)

    • Process checks whether UAC notifications are on

      • Creative_Cloud_Set-Up.exe (PID: 4804)

    • Reads the software policy settings

      • Creative_Cloud_Set-Up.exe (PID: 4804)

    • Reads the machine GUID from the registry

      • Creative_Cloud_Set-Up.exe (PID: 4804)

    • Reads CPU info

      • Creative_Cloud_Set-Up.exe (PID: 4092)
      • Creative_Cloud_Set-Up.exe (PID: 4804)

    • Process checks computer location settings

      • Creative_Cloud_Set-Up.exe (PID: 4804)

    • Checks supported languages

      • Creative_Cloud_Set-Up.exe (PID: 4092)
      • Creative_Cloud_Set-Up.exe (PID: 4804)

    • Reads the computer name

      • Creative_Cloud_Set-Up.exe (PID: 4092)
      • Creative_Cloud_Set-Up.exe (PID: 4804)

    • The process uses the downloaded file

      • cmd.exe (PID: 2816)
      • Creative_Cloud_Set-Up.exe (PID: 4804)

    • Application launched itself

      • firefox.exe (PID: 5760)
      • firefox.exe (PID: 2588)

    • UPX packer has been detected

      • Creative_Cloud_Set-Up.exe (PID: 4804)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (43.5)
.exe | Win32 EXE Yoda's Crypter (42.7)
.exe | Win32 Executable (generic) (7.2)
.exe | Generic Win/DOS Executable (3.2)
.exe | DOS Executable Generic (3.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:05:15 07:14:18+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.33
CodeSize: 3256320
InitializedDataSize: 45056
UninitializedDataSize: 7311360
EntryPoint: 0xa14610
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.13.0.14
ProductVersionNumber: 2.13.0.14
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Adobe Inc.
FileDescription: Adobe Installer
FileVersion: 2.13.0.14
InternalName: Adobe Installer
LegalCopyright: © 2015-2024 Adobe. All rights reserved.
OriginalFileName: Adobe Installer
ProductName: Adobe Installer
ProductVersion: 2.13.0.14
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
141
Monitored processes
16
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start THREAT creative_cloud_set-up.exe creative_cloud_set-up.exe cmd.exe no specs conhost.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
876"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20240213221259 -prefsHandle 2292 -prefMapHandle 2288 -prefsLen 30537 -prefMapSize 244343 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdb314f3-873b-481b-997d-0e125fade4fa} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" 28898787310 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
1020"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5824 -childID 4 -isForBrowser -prefsHandle 5704 -prefMapHandle 5708 -prefsLen 31161 -prefMapSize 244343 -jsInitHandle 1548 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1db562b6-43e0-4c8a-be14-1feceb36b1d9} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" 288afab9a10 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
2588"C:\Program Files\Mozilla Firefox\firefox.exe" https://ims-na1.adobelogin.com/ims/authorize?client_id=CreativeCloudInstallerWeb_v1_0&scope=allow_ac_dt_exchange%2Copenid%2CAdobeID%2Ccreative_cloud%2Ccreative_sdk%2Cread_organizations%2Csao.cce_private%2Cadditional_info.account_type&locale=en_US&redirect_uri=https%3A%2F%2Fauth.services.adobe.com%2Fen_US%2Fdeeplink.html%3Fdelegated_request_id%3D217fce32-899d-4db7-b179-9f9d7e78f4a5%26client_id%3DCreativeCloudInstallerWeb_v1_0%26deeplink%3Ddelegation&ctx_id=WAM2_KCCC_5_1C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
2816"C:\Windows\System32\cmd.exe" /C start firefox "https://ims-na1.adobelogin.com/ims/authorize?client_id=CreativeCloudInstallerWeb_v1_0&scope=allow_ac_dt_exchange%2Copenid%2CAdobeID%2Ccreative_cloud%2Ccreative_sdk%2Cread_organizations%2Csao.cce_private%2Cadditional_info.account_type&locale=en_US&redirect_uri=https%3A%2F%2Fauth.services.adobe.com%2Fen_US%2Fdeeplink.html%3Fdelegated_request_id%3D217fce32-899d-4db7-b179-9f9d7e78f4a5%26client_id%3DCreativeCloudInstallerWeb_v1_0%26deeplink%3Ddelegation&ctx_id=WAM2_KCCC_5_1"C:\Windows\SysWOW64\cmd.exeCreative_Cloud_Set-Up.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
4076"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1940 -parentBuildID 20240213221259 -prefsHandle 1880 -prefMapHandle 1860 -prefsLen 30537 -prefMapSize 244343 -appDir "C:\Program Files\Mozilla Firefox\browser" - {035cc217-2c8f-4810-969c-b3110caae1af} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" 288a52e6910 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
4092"C:\Users\admin\AppData\Local\Temp\Creative_Cloud_Set-Up.exe" --pipename={AC4A9404-4153-4C73-8C1B-9E458CAE2563} --pid=4804 --locale=en_US --webviewType=1C:\Users\admin\AppData\Local\Temp\Creative_Cloud_Set-Up.exe
Creative_Cloud_Set-Up.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
HIGH
Description:
Adobe Installer
Version:
2.13.0.14
Modules
Images
c:\users\admin\appdata\local\temp\creative_cloud_set-up.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ws2_32.dll
4804"C:\Users\admin\AppData\Local\Temp\Creative_Cloud_Set-Up.exe" C:\Users\admin\AppData\Local\Temp\Creative_Cloud_Set-Up.exe
explorer.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
MEDIUM
Description:
Adobe Installer
Version:
2.13.0.14
Modules
Images
c:\users\admin\appdata\local\temp\creative_cloud_set-up.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ws2_32.dll
5760"C:\Program Files\Mozilla Firefox\firefox.exe" "https://ims-na1.adobelogin.com/ims/authorize?client_id=CreativeCloudInstallerWeb_v1_0&scope=allow_ac_dt_exchange%2Copenid%2CAdobeID%2Ccreative_cloud%2Ccreative_sdk%2Cread_organizations%2Csao.cce_private%2Cadditional_info.account_type&locale=en_US&redirect_uri=https%3A%2F%2Fauth.services.adobe.com%2Fen_US%2Fdeeplink.html%3Fdelegated_request_id%3D217fce32-899d-4db7-b179-9f9d7e78f4a5%26client_id%3DCreativeCloudInstallerWeb_v1_0%26deeplink%3Ddelegation&ctx_id=WAM2_KCCC_5_1"C:\Program Files\Mozilla Firefox\firefox.execmd.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\vcruntime140.dll
6160"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4508 -childID 2 -isForBrowser -prefsHandle 4500 -prefMapHandle 4496 -prefsLen 36263 -prefMapSize 244343 -jsInitHandle 1548 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f281fa9a-d359-4c47-9909-ea481dd8c950} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" 288aaea7850 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
6356"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5552 -childID 3 -isForBrowser -prefsHandle 5544 -prefMapHandle 5540 -prefsLen 34713 -prefMapSize 244343 -jsInitHandle 1548 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2547cb86-27b9-4420-a1db-47aa6b967cae} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" 288afab9850 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
Total events
17 963
Read events
17 951
Write events
8
Delete events
4

Modification events

(PID) Process:(4804) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(4804) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(4804) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(4804) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates
Operation:delete valueName:F0BD97B4EC6CD8B71C35631738259CF9F2E54381
Value:
(PID) Process:(4804) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\F0BD97B4EC6CD8B71C35631738259CF9F2E54381
Operation:writeName:Blob
Value:
030000000100000014000000F0BD97B4EC6CD8B71C35631738259CF9F2E543812000000001000000C2050000308205BE308203A6A003020102020468512A40300D06092A864886F70D01010D050030818D310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F67793123302106035504030C1A41646F626520496E7465726D6564696174652043412031302D33301E170D3138303832303133313834325A170D3235303831383133313834325A308191310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F67793127302506035504030C1E41646F626520436F6E74656E742043657274696669636174652031302D3530820222300D06092A864886F70D01010105000382020F003082020A0282020100CB4B3875558654BF8A751624DC42559CA09EDA226D78F582C9B1BEC66128AEF7BEA99CE1B1444EA6AABE9033D9824551FFAF1A01257005978A462CB511E5CDCC44C3C4065F09EFE39448CEDB169B004DA395BA6F4CC79494D9A13C02E4B7471ABB273B924B5445B0ABE49858C7D10E0989E6462A458C10910D78AA97B4C3BAF58F68B2D900BFE001CCE3F6A3FF91035048FCB07434825977D2ADA2F104436934CB01D9664349BB5B8EFBB5B651963B3FE1AEA3F66FBE3BE54243BC0BA1B14DB596131B2AD14B90013131F231691DF8F81EC3C1E222BB0E7F1D997E828E3DA24DFBE427440F673942A76EB869D8C755D8EB36B3EA62EAC77023FA7AD42FAA688578C588FE2E91FD779B4B8A2C9C0B89744971D8E772ABF25A1432DAEF6ADE8439BFF49C0B9F1E1503A27B757003DB7719D5A4963E33FBA9E0B2C60C4EB8BA20C42413C67FD85102670741B5B8F40170FB0B50A5FF14587D4971C4E37A24E9FEDCD7B578E2350FBBD80384AADF3A8B240C63118F5A03F96A4B52D122F3EC6C90820359192A96FCB5A65547D536A5CB40F82C540A7C299AE7930080605219166A39A1D2422ED5EC82BF142BA6982434C22E7905C06D5D3DFDB490D9BE1CE08E66654E89560A9DFA9E8AC79A27CDDB8422FE03E07BAA2617881EECEF101461A5A8B195DEA08D79EFE9C691CCE12962664011D7402CB4F5427B5751F029D9949EB8C10203010001A320301E300E0603551D0F0101FF040403020780300C0603551D130101FF04023000300D06092A864886F70D01010D0500038202010088A44A311D098CD5AFDC1E8A06E3C5D34DA7F409121E095E77506B7DA47E3F817076DDD66BF54E7B897854D8DF312DD2CE2021271FF9D35E82BC7A21B15BF137A40CD6FE705C69BFF0778308222611A2070B8403B90D65585C688117D7EA05BB469302D799AEF52E3F4C7E02DB7145771B54E579870A1EA0D83D49D5A64A8A0674ED2E54E82D323A7C8E16618D41613B31464D49451B2978E5F32E046517A6117A7727B7936AFBBE2C53CE83C4B7A91C1F819C9C2A88E386B2DF837D2898DC9BE51D21BF852AEDA6C6763A7BC878583829322917155BB33967D67FF6FD13B551BA3348D228E9C8D4EBE4B64CB45B9F5B391EDC4178AB98F0028A9868E8155C261AAEF6C6E0D534708D3554673F2AA8D6AA59B82DB4D0E7B96EA1B6B1B7394C3A41D5EA04A34EBF2664329B1FC878A79129462B7B407E7AE552487E0A47F7AA8C818B9A4AE3CA41EA115F63511232C0489A2B2168C91F84F878B6314BC0F87DE85529339AB06F01D21E4AD0412C11C2E9E9735CFDDE44D38E6FF73AE73EF49F7CCF9DB83065438E472A95C6A4DA2684F20EB7ED06F88C93E412E96F09977773ECA48456370ED4ED46AF1DA1C3728999166D3A2C9B2BA6CE350B9AC21088E2D9030AFF854C6D513E00953652FB9CBFB23C105421E9FEC0EB4BB99B09079BD02B5161B06950353FB0CEA0B195D43F9735A3BAA49A7FEE8E70AC42B36537D4DCE5D3
(PID) Process:(4804) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates
Operation:delete valueName:D1DF7F06B769BCCB3F4479041EC1F06E9CD3CB1A
Value:
(PID) Process:(4804) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\D1DF7F06B769BCCB3F4479041EC1F06E9CD3CB1A
Operation:writeName:Blob
Value:
030000000100000014000000D1DF7F06B769BCCB3F4479041EC1F06E9CD3CB1A2000000001000000BB050000308205B73082039FA003020102020476CA52B2300D06092A864886F70D01010D0500308185310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F6779311B301906035504030C1241646F626520526F6F742043412031302D333020170D3138303831373137333735385A180F32303638303830343137333735385A30818D310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F67793123302106035504030C1A41646F626520496E7465726D6564696174652043412031302D3330820222300D06092A864886F70D01010105000382020F003082020A028202010090DFD02A09D0606027F209B0E8AC54274167BC8ED7026103FEA0DBE60546F0F9D016F3EEE89A044A65E801837F2BC39A6687B4792251C0B8CDB4A2497125BD0F63EFACED5E12957871B1CE4DA36A652DCA8014F7CF199767154DE23B66E494A13817E1CEC62B3C4960C5B368A7B4D2CD3DFEAF520A059663B32030CC4CAB21A58CE7A67107CF6D561BD9BECD6DD535AB1F4053B987FD730DB3323C88DA01B2A8C51FE5151DD8B6361C732AD661B908B72C9B664EF29052098306B9660E94A4E5FA00817E36BF3B970B40E9168369BC8B1B9707C4FB66DBACC26A42A0BAEED6B9699979B08E5DDF7E1E9DE514EA259CE8F93A5189DB41C5CAC404F8BDF89CCAAA03AD757ECAFC2CB1A8C3AA36A47335588156BDAFCD0D151E9CB8DA2A7C83CB20771B9969604EBD58FD2D05D27FC761FDAB1F483B309C1C40051446623AB963405CF2D36767F8D316A8B07A2D4E26FDEB19A4DB45D87BE38EB4B470634DDC26A803B35A40D4DB2285FE54F329463497BEB06FD5EF494CA29F9AF0A714641F6006C4B0B94106910CC2182B6073F821B62F9EFB0AA586B28CFAC4813FFDE55E6D182C27C702C3242DC2DC4E5A2A034E9714E1BC998179D1C3F483AD27ACF63FCF12BDF1FF59982F42166203AC5CEA6CC6C2CCA1EE9880A585396C77039DF58DB2DE1103DA528A310D37A4BFF7D10D7664C209ADEAB040CE39D50D74A791DC292C890203010001A3233021300E0603551D0F0101FF040403020204300F0603551D130101FF040530030101FF300D06092A864886F70D01010D050003820201007B879C959437C3B0276212FA721F93D69B4F933960CE69E2BDC29887C11FF8EC9C194DD627C3A0923D7D91679B208DB2698CB690C13B8DCC9CEDCF00B720F772D77E249E32B6345E3DA4ED44090045F40E2C8D7141DC21BC2A3B198E741AF7D1E4E502E3DC627F7E02D25BB7720F74EED59818A5400D05A219E5CF664D215F8806D6B54438482421F937159772C813EC086BBF9571B8F8CDC972F769D0548C0FA9A446A595A7E9DF14171AC6015B592A16A2FF00EFA85D24ED5E9B2CF1A006C453F828E36F5F97B58B5D502EB4DF3C250E7ACF5DD6120EEC466E74FD5046B759E21EB8873F2BA48C3493A9625689D138526C4B63F8CEBDD418CEAA560789200D111FDB49AA784DC1056D34C0AE44F5CB728790A1A39DF6C5224F3E7EA57B86E5B6B83DD25116C0A9BB0FF39DA7A4B482DE405C674167088B2713BA2104685FD348568CFA2C0D6221043CC5D409B83C7CEE1259D7D404D48BF5156A441196BDBC0AB6A822D5AEE19DBE6F9531615AE64D79080D25FFE3A0316C153CEC9FFFE28F6D2B42B7CC31CE805EDD266C51296E44630361E9FDFAC26E5FCAF478D2BD21A8AEC8B4FA27197EAC1DB77801F801B18B40C01A1025E6CDEA4FAD09A4DB1297E21F622825137D75022788F7CC236F69671EE9A3C3F64A21592F585BABDE90734941B080EFF15A3B16FA1F746058D40F7EF058A6468697659EB451764AA77FFDC4
(PID) Process:(4804) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates
Operation:delete valueName:906CC149415780CFB79F39E1CF449F87CA6D4D16
Value:
(PID) Process:(4804) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\906CC149415780CFB79F39E1CF449F87CA6D4D16
Operation:writeName:Blob
Value:
030000000100000014000000906CC149415780CFB79F39E1CF449F87CA6D4D162000000001000000C2050000308205BE308203A6A003020102020426EECE61300D06092A864886F70D01010D050030818D310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F67793123302106035504030C1A41646F626520496E7465726D6564696174652043412031302D34301E170D3138303832303133323030305A170D3235303831383133323030305A308191310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F67793127302506035504030C1E41646F626520436F6E74656E742043657274696669636174652031302D3630820222300D06092A864886F70D01010105000382020F003082020A0282020100CD7B729E27EACD73568391EBDE53F29A02180359EEFFF6EEBB76C4209495DB9F95EB9C5AF5BE1F36AA3638010067C85C324EB3ED319D2A25136075EBBC3B8E1B7CD3344B32A8892625421B1458E9FC5C69E317179E0D9E1D3F762D58FDB72E0D58426C12F0013EA1F42D73C99583E6D046A94E92FC5DA7F3E49A1DFF7EF684F6DD2453A0E899B2DB519689F51C201AF98DC515F8F13EB87DC9706172BBEE5048DDF965D4763860B2CA9E3889F7090789BF85182625A1A8A274B36A5BE260DCF95344D22350BEC58E434F1290D40D0AF3E1EDBF3470A78A30DC397441EDE657F4F6D76387361AAF44F227B5B8582DFB65FD06AF883C1BEDB9784EAC964EAC7CF9B3D3F4CD7B20DE9D258FA2DA0A737808E0A39779D05274470CCD92B71ED7C23AD665122A85FABC8E7F3E195B8B45D64BA800C01723FCDD581A735849065B27867F776F632DC29689813C3546DD430AFF9A8C1EB089C75F6F98DEF0501EC8D52B166449DCF34727FF0CEA29F6B0ACB082F1BD717FBFAC38E710236AF5819D7DAA9A77AD63EE431BE9C77463B85195D99E87DEE3AA951C3945F5C992F96A3B6FB3D039DC8B7464095E34AC5426416E76952D491BDCFDD609C382311AA54BA8F7B66957361B07A92332AEA9DB068AB116434B49A9CF5A1D5C8C66A7387339EE4033F8FDF59D39ABAA9AA4CF2C55DB94110501FB9509F93D78581D4CB0557A0006570203010001A320301E300E0603551D0F0101FF040403020780300C0603551D130101FF04023000300D06092A864886F70D01010D050003820201008619F6A0666CCF6EABC89CD5B0F6CD8261D99616588619DF4F53F5B51C8D3A3BADAD24858BE5080FEBECD663AC6E53DF6AC444B1D685818154BEBC842DF86EBDA49F1765E23F2327A86D3D571218C6F96F71662099D9B949D794610F077AE6CD3ED2E3AEE9B5D656F965C692F99431765261E683DAA8EBCE1F262BCE655A55BFF85AAC87ED2ED97DB044A8636404F43C0F2DFA4C9A40644252F64E779D2D6CB90449C69904A7526A194B681DAC31818B00AF6785B1F9E1D2E62D855E4C51914B9C6D22AC6E5C83CD13323A5C067CDCC39B70F1E393B13347BDCE41861EBF2FF24DF58B8C636F6F9A4311274C5272D03B66E25545327BC1EC5F2007D96907CB2C50A67BF1542A09A631890AC406A184823B2ABD5752644A5A616997D57B8DC585496FAF6431784EF43EB2BE1FCB8F1405BD9E7406C4154799E397C9908E7AE5FF6AB3D0C21207808163067EE444E9976DB68ED64A39007883124DA499CC620AF19FEAD4A604D40B40FF9DF973A8971B55EC8736DE30600A61C562A7AFA773DBF451D1FD4304D059BDBCB060C50ECC4D11EF1AFB3D89D019185C2A7B39D986699840501BEB9C273BC52DD98B287184C4C7D284BBD25B2056F692144C3988F66702043E6EBF4B2CDD2B946EE4EC1428A758298DA469437CE7C1FF6B59D7B35A4C2906BB4514D54D7238467F753EDDDBCF3102A4B8076193354B77C9AC8369F1B43E
(PID) Process:(4804) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates
Operation:delete valueName:BF89E52F8D681360E6B84941BD2F9BC0093309F6
Value:
Executable files
0
Suspicious files
110
Text files
18
Unknown types
4

Dropped files

PID
Process
Filename
Type
4804Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\fa325256-2596-40a9-8bfe-f500e2402151
MD5:
SHA256:
4804Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\anon_events\401452c3-4ecb-42b7-bf5f-392266437511
MD5:
SHA256:
4804Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\manifestabr
MD5:45971D4E3A47775BB5A7260BB5EA3C36
SHA256:81C611F35BFF79491538B2F7CF201C7597A661A5C549633541C62BDC8AF1613F
4804Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{7EB81837-5A21-493C-B525-DFCAC5224DDA}\index.csstext
MD5:714E04A1F8FB3331BBAFA9E43D6DEF10
SHA256:86281E1AF2459D957E514EDDA85B86797BEAA231CFAA55E877A6A10F5506F5A1
4804Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\Adobe\com.adobe.dunamis\dunamis-2024-09-08_20-05-39.logtext
MD5:1586E3E3628B5E7DE5DAD5576B741871
SHA256:CA96AE3407C71E5D537712F312ABB0F814454591403D88A5AC00117A08A795B2
4804Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Adobe\OOBE\temp_lbs_widtext
MD5:661852DAB779CA9FD4C7E25E70CE4551
SHA256:E497775AE906CA3FD714F8DA48F00D423391566F0D42CE835720B52B935FD5DB
4804Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{7EB81837-5A21-493C-B525-DFCAC5224DDA}\CCDInstaller.jsbinary
MD5:4B02242ED1B6281DB19B4F60C127CC5D
SHA256:9FBF9FF720E09C16DA2066B8BAB9879A4C83682F687EBE806C5EA78E1EB9467B
4092Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\1\meta_events\150e4f0b-cf22-4509-8037-1a89e6ba9183
MD5:
SHA256:
4804Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\datA8BB.tmpwoff
MD5:FA794EC12D353C26805FF53821331FC2
SHA256:CFDBD8A2AA463C11E483DC10C480ACD274E9786632F5571A3970E8A20A2D8237
4092Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\1\anon_events\81fd1bd5-1ef4-4d16-a0a0-2dbf30f1eef2
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
23
TCP/UDP connections
69
DNS requests
106
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4804
Creative_Cloud_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
4804
Creative_Cloud_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
4804
Creative_Cloud_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
4804
Creative_Cloud_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAmKLzE6ssKc1CsGKg5Geww%3D
unknown
whitelisted
1944
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2588
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
2588
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
2588
firefox.exe
POST
200
216.58.212.163:80
http://o.pki.goog/s/wr3/XjA
unknown
unknown
2588
firefox.exe
POST
200
184.24.77.56:80
http://r10.o.lencr.org/
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
6876
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6012
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
4324
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3260
svchost.exe
40.113.110.67:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4804
Creative_Cloud_Set-Up.exe
54.74.179.44:443
cc-api-data.adobe.io
AMAZON-02
IE
whitelisted
4804
Creative_Cloud_Set-Up.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
google.com
  • 142.250.185.142
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
cc-api-data.adobe.io
  • 54.74.179.44
  • 54.77.72.255
  • 3.248.26.100
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
client.messaging.adobe.com
  • 65.9.95.19
  • 65.9.95.102
  • 65.9.95.17
  • 65.9.95.51
whitelisted
lcs-cops.adobe.io
  • 34.250.67.152
  • 54.195.71.107
  • 54.194.243.238
whitelisted
resources.licenses.adobe.com
  • 13.32.47.160
whitelisted
delegated.adobelogin.com
  • 18.211.200.223
  • 3.211.174.17
  • 44.209.177.127
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Creative_Cloud_Set-Up.exe