File name:

Creative_Cloud_Set-Up(1).exe

Full analysis: https://app.any.run/tasks/44ed9d67-2861-4898-b7e4-d2ccce40f4d9
Verdict: Malicious activity
Analysis date: January 04, 2025, 21:39:44
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

25852440EEB4DF0E142D5DD6645FF73B

SHA1:

7EA95C5B2285AFDFAB997C8570442E9B18670D22

SHA256:

677F552AF2BF0539B531D922BA6518927971753A5DEFEBB0A0D10EF9E21FFCC1

SSDEEP:

98304:LzCjVKn9XHMtd9VS0Hf0N+1Bvq62DytHVvDR+1pZLOTPveThNGpTYmnp1eNorhtN:/CjVB48mtNSjWg

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Creative_Cloud_Set-Up(1).exe (PID: 6328)

    • Checks Windows Trust Settings

      • Creative_Cloud_Set-Up(1).exe (PID: 6328)

    • Reads Microsoft Outlook installation path

      • Creative_Cloud_Set-Up(1).exe (PID: 6328)

    • Application launched itself

      • Creative_Cloud_Set-Up(1).exe (PID: 6328)

    • Reads Internet Explorer settings

      • Creative_Cloud_Set-Up(1).exe (PID: 6328)

    • Starts CMD.EXE for commands execution

      • Creative_Cloud_Set-Up(1).exe (PID: 6328)

    • Adds/modifies Windows certificates

      • Creative_Cloud_Set-Up(1).exe (PID: 6328)

  • INFO

    • The sample compiled with english language support

      • Creative_Cloud_Set-Up(1).exe (PID: 6328)

    • Process checks whether UAC notifications are on

      • Creative_Cloud_Set-Up(1).exe (PID: 6328)

    • Reads the computer name

      • Creative_Cloud_Set-Up(1).exe (PID: 6328)
      • Creative_Cloud_Set-Up(1).exe (PID: 5592)

    • Reads the machine GUID from the registry

      • Creative_Cloud_Set-Up(1).exe (PID: 6328)

    • Reads CPU info

      • Creative_Cloud_Set-Up(1).exe (PID: 6328)
      • Creative_Cloud_Set-Up(1).exe (PID: 5592)

    • Checks supported languages

      • Creative_Cloud_Set-Up(1).exe (PID: 6328)
      • Creative_Cloud_Set-Up(1).exe (PID: 5592)

    • Reads the software policy settings

      • Creative_Cloud_Set-Up(1).exe (PID: 6328)
      • Creative_Cloud_Set-Up(1).exe (PID: 5592)

    • Checks proxy server information

      • Creative_Cloud_Set-Up(1).exe (PID: 6328)
      • Creative_Cloud_Set-Up(1).exe (PID: 5592)

    • Creates files or folders in the user directory

      • Creative_Cloud_Set-Up(1).exe (PID: 6328)
      • Creative_Cloud_Set-Up(1).exe (PID: 5592)

    • Process checks computer location settings

      • Creative_Cloud_Set-Up(1).exe (PID: 6328)

    • UPX packer has been detected

      • Creative_Cloud_Set-Up(1).exe (PID: 6328)

    • Create files in a temporary directory

      • Creative_Cloud_Set-Up(1).exe (PID: 6328)
      • Creative_Cloud_Set-Up(1).exe (PID: 5592)

    • The process uses the downloaded file

      • Creative_Cloud_Set-Up(1).exe (PID: 6328)
      • cmd.exe (PID: 5340)

    • Application launched itself

      • firefox.exe (PID: 2072)
      • firefox.exe (PID: 5872)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (43.5)
.exe | Win32 EXE Yoda's Crypter (42.7)
.exe | Win32 Executable (generic) (7.2)
.exe | Generic Win/DOS Executable (3.2)
.exe | DOS Executable Generic (3.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:05:15 07:14:18+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.33
CodeSize: 3256320
InitializedDataSize: 45056
UninitializedDataSize: 7311360
EntryPoint: 0xa14610
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.13.0.14
ProductVersionNumber: 2.13.0.14
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Adobe Inc.
FileDescription: Adobe Installer
FileVersion: 2.13.0.14
InternalName: Adobe Installer
LegalCopyright: © 2015-2024 Adobe. All rights reserved.
OriginalFileName: Adobe Installer
ProductName: Adobe Installer
ProductVersion: 2.13.0.14
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
143
Monitored processes
17
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start creative_cloud_set-up(1).exe creative_cloud_set-up(1).exe cmd.exe no specs conhost.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
716"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4220 -childID 2 -isForBrowser -prefsHandle 4212 -prefMapHandle 4208 -prefsLen 36588 -prefMapSize 244583 -jsInitHandle 1544 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d397376d-600c-4d64-b462-43678f144b13} 5872 "\\.\pipe\gecko-crash-server-pipe.5872" 222024e2690 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\vcruntime140.dll
2072"C:\Program Files\Mozilla Firefox\firefox.exe" "https://ims-na1.adobelogin.com/ims/authorize?client_id=CreativeCloudInstallerWeb_v1_0&scope=allow_ac_dt_exchange%2Copenid%2CAdobeID%2Ccreative_cloud%2Ccreative_sdk%2Cread_organizations%2Csao.cce_private%2Cadditional_info.account_type&locale=en_US&redirect_uri=https%3A%2F%2Fauth.services.adobe.com%2Fen_US%2Fdeeplink.html%3Fdelegated_request_id%3D6fc4fa70-1245-4aba-9e36-0665749bffb5%26client_id%3DCreativeCloudInstallerWeb_v1_0%26deeplink%3Ddelegation&ctx_id=WAM2_KCCC_5_1"C:\Program Files\Mozilla Firefox\firefox.execmd.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
2192C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2928\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3620"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3384 -parentBuildID 20240213221259 -sandboxingKind 0 -prefsHandle 4668 -prefMapHandle 4880 -prefsLen 36588 -prefMapSize 244583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d219248-97de-4f66-932e-5b84f697268b} 5872 "\\.\pipe\gecko-crash-server-pipe.5872" 22205e75510 utilityC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
1
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\crypt32.dll
3820"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2184 -parentBuildID 20240213221259 -prefsHandle 2104 -prefMapHandle 2100 -prefsLen 31031 -prefMapSize 244583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df8f9125-4437-448e-9564-b6ed8167c6a6} 5872 "\\.\pipe\gecko-crash-server-pipe.5872" 221f098a110 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
4764"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1928 -parentBuildID 20240213221259 -prefsHandle 1856 -prefMapHandle 1844 -prefsLen 31031 -prefMapSize 244583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {52817b7a-ccba-4f51-8163-2e380a001e17} 5872 "\\.\pipe\gecko-crash-server-pipe.5872" 221fd8f4610 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
1
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
5340"C:\Windows\System32\cmd.exe" /C start firefox "https://ims-na1.adobelogin.com/ims/authorize?client_id=CreativeCloudInstallerWeb_v1_0&scope=allow_ac_dt_exchange%2Copenid%2CAdobeID%2Ccreative_cloud%2Ccreative_sdk%2Cread_organizations%2Csao.cce_private%2Cadditional_info.account_type&locale=en_US&redirect_uri=https%3A%2F%2Fauth.services.adobe.com%2Fen_US%2Fdeeplink.html%3Fdelegated_request_id%3D6fc4fa70-1245-4aba-9e36-0665749bffb5%26client_id%3DCreativeCloudInstallerWeb_v1_0%26deeplink%3Ddelegation&ctx_id=WAM2_KCCC_5_1"C:\Windows\SysWOW64\cmd.exeCreative_Cloud_Set-Up(1).exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
5592"C:\Users\admin\AppData\Local\Temp\Creative_Cloud_Set-Up(1).exe" --pipename={FE9A09EA-8EFE-4C20-B085-519BB61D690E} --pid=6328 --locale=en_US --webviewType=1C:\Users\admin\AppData\Local\Temp\Creative_Cloud_Set-Up(1).exe
Creative_Cloud_Set-Up(1).exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
HIGH
Description:
Adobe Installer
Exit code:
0
Version:
2.13.0.14
Modules
Images
c:\users\admin\appdata\local\temp\creative_cloud_set-up(1).exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ws2_32.dll
5872"C:\Program Files\Mozilla Firefox\firefox.exe" https://ims-na1.adobelogin.com/ims/authorize?client_id=CreativeCloudInstallerWeb_v1_0&scope=allow_ac_dt_exchange%2Copenid%2CAdobeID%2Ccreative_cloud%2Ccreative_sdk%2Cread_organizations%2Csao.cce_private%2Cadditional_info.account_type&locale=en_US&redirect_uri=https%3A%2F%2Fauth.services.adobe.com%2Fen_US%2Fdeeplink.html%3Fdelegated_request_id%3D6fc4fa70-1245-4aba-9e36-0665749bffb5%26client_id%3DCreativeCloudInstallerWeb_v1_0%26deeplink%3Ddelegation&ctx_id=WAM2_KCCC_5_1C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
Total events
19 200
Read events
19 186
Write events
8
Delete events
6

Modification events

(PID) Process:(6328) Creative_Cloud_Set-Up(1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6328) Creative_Cloud_Set-Up(1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6328) Creative_Cloud_Set-Up(1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6328) Creative_Cloud_Set-Up(1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates
Operation:delete valueName:4C7C2E87F0BC79A039D39B05F899A1CC521FDE99
Value:
(PID) Process:(6328) Creative_Cloud_Set-Up(1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\4C7C2E87F0BC79A039D39B05F899A1CC521FDE99
Operation:writeName:Blob
Value:
0300000001000000140000004C7C2E87F0BC79A039D39B05F899A1CC521FDE992000000001000000C3050000308205BF308203A7A00302010202046E271780300D06092A864886F70D01010D050030818E310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F67793124302206035504030C1B41646F626520496E7465726D6564696174652043412031302D3135301E170D3233303830373133343834335A170D3330303830353133343834315A308191310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F67793127302506035504030C1E41646F626520436F6E74656E742043657274696669636174652031302D3730820222300D06092A864886F70D01010105000382020F003082020A0282020100AD280D5CFB35F4129A580996209E83CD117CAB917F7F8B85E353C39899FA07BC7050077DB622FE4B43C477C0ABB8325A1EE90F76416E2AF5CB76ED9CCEC153694C6ADD14358E1C5C45D32DB721654781BA134E981AE3B21D56FE739AFD397DB8101FA65554AD67D9B808D45487D9913BD7CF30E094A948546DA75F51395AB7B0F122244976683D87CE6797AAEA3D5EE468553FC658B2B9530E33E2AA418950458D4147270F8773E3D93DA7DF6A1E8F58E439218236D110A658BF5037260D3F596E1F06B9E963F758ECA3F99FAA454640628E3BC66C16E914AAD9BEA5A47F954CA0FF73CF4237E8545E5E82F66795493508A6852F4564EF44DBB31B23C27D6DCC54E749094BB404073ED05AB6BF54AFADEC8EA7B58CE2D935C4B0EC8A054BEF86CEBFD63FAAB8FAE41104E8BDAF1F3F2474D78E050C8F33510C80ABBA83C0DA198107E47B40CD119B71827A510AE65E9B97D5E617B397CF517CFECBC47A890BBC350C5B631A50F254151D4D84CD512E0F57241E10B1BD1569287A900D4BF4A23532556266BC1C8B1014972F126B20A2E2E7DB73774EB822669FC2BCF56D817EE3F5D20F9B029EC62D377D5328000CE5D921C965337C500416A6C3E828ED27AD8ED370F8B9035C322CE75ED6DE25002E363475F95E24AD6E30B9350EB2934A431BF09C8B4DF073213FD6393192D796022B4275A73E5B4A2BF3B226D6A537E96C450203010001A320301E300E0603551D0F0101FF040403020780300C0603551D130101FF04023000300D06092A864886F70D01010D05000382020100315188A437CB6A526AB679D888EF1051EA301191B36FF818D3E7E1B8CBC8E1C078FC058E0D7BD61B11FD8EFEF27B411C3F494F6734C286008FFB39D2EECF012929913628C5B160F6CA24FAB63068FC48CB91293FC302F3D16F5DE8DBDFE3A57ABCA9A081C4CFA82FA3E06F36A318251A351C5E08FE4F4A286D1EBB4BF87278F7E54FAF53E1B37148F19F210136C5F3B5981A89A3AAF8351490555D001AEE6C9AB2BD27CC13D162EF6314C47FCE2C668E16ED641D2B6871EF3B0AFBC8E5E2B93D775049061496057A361C2CD1ED7CBDADD143A0F114E9D5066C6E2F2BFD771B44C8979CF0F094D2D89E104C935EF362EABCCCDA4559BB33E640B3C1920CF314688FDC639665E8E81F6B9312516D937A6DB751FD39E044271432D0E83BFCB5E8DF5CBE2A7C15E272E09AA96F939AC7B6655FCFE91E59474B3A4CECF12490CB1F3AA2A80AE53CBE867CCAEFF9CA84D487BF438F4213B253148FF8BE54CAEE1E4AA157353F707A966F946E89A8FC8964849EB948BD54B2B2E6D1DD85BA7DF45208206472A5AA93860C5EE8F6460739EA3231EC590F09602FF29F09ECEDBDBD635CB42670C8288B3F051DD6C393240D0A668B9A2C20BD70F182CE58D152089385AB717C7C624826EC39424050AD45048927D2E771BE6F6693055589F3612DF47C206D6AE8600F9D60F7AEBC5567458D8A423B76D6082AB213FFF88584909E76B458AB
(PID) Process:(6328) Creative_Cloud_Set-Up(1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates
Operation:delete valueName:A5C8D928986EC17FCC7D5F2353885D1709B73A29
Value:
(PID) Process:(6328) Creative_Cloud_Set-Up(1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\A5C8D928986EC17FCC7D5F2353885D1709B73A29
Operation:writeName:Blob
Value:
030000000100000014000000A5C8D928986EC17FCC7D5F2353885D1709B73A292000000001000000BC050000308205B8308203A0A00302010202047CE3BF47300D06092A864886F70D01010D0500308185310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F6779311B301906035504030C1241646F626520526F6F742043412031302D333020170D3138303831373137333831355A180F32303638303830343137333831355A30818E310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F67793124302206035504030C1B41646F626520496E7465726D6564696174652043412031302D313530820222300D06092A864886F70D01010105000382020F003082020A0282020100A0E7345276469020A420DFB0569684D7ADF0F493A0A0A53742C25E1BF39A91A481AE07EFCF40586A5B42A776DAD12710078884BFCB2C3AF2BDD70B4301490E58DE99CB28B1DC5BEFD617DADFC34C653D9EF643FF6FD9069CB2AD740EBF1ABC42C9FABB8A65CD0D76E9B0B64C77EC0E9350DA1BA5F3AABBAD9E076E2AEBB3AF34809DD50BB29CB26577536791A0C672C843FD11A60CE5AA99E0AC5FF81819AB8D4306E790040B6D9D4EB9E37B88D9BDFD8271EE8BA557AFF9EC66DA32C1F483CC84E0E9AF352F5FD083E0933047A13529568E22491266B576B50AF641676031593285135758D3F86467159B00FF3662B885DC7A331A1B658C42AE8E76101A67ABF22002B4CCF330B966D05F63A91870EF56916FF131A0B8737E111413BC3620C593D5C1452012EC77D77B99240AB972C2FD0D20474BB9C63F1053CFDED7DE55D57E2D735AC280E1FAA8F8AF095FB29D5B03B7E45FF8C6D1A7C052E0854418D27C9ADB3E40032000E988FD8F6F556BD956E85EED4E7C4D1916C4FC090C27E6B1A3BDAADF8EDA48C81B212FEEE1F1B97EBE4B2ED98B49662C101EFDB212720D73A7A432AF6D816C7997A5485DAE77209F060718E50C524D089750A51BFAB47E04FCCBF04017762C3597FA5B52B2394B7159053034065E17C184C25736AC793C6E2B25E04D59DC1FE74F9E338C719573D6D6B4B29EA7ADBC259E5D4FB4D0FA89A92B0203010001A3233021300E0603551D0F0101FF040403020204300F0603551D130101FF040530030101FF300D06092A864886F70D01010D05000382020100501C3B74F2E4857D8171CFFE355895C8241C0590B0F5A81321AAD9B328916DC68479ED41C47396336CAE923DB8C14276504C81F99EE5D961FAE32EA75FA707717FE6D3A0CDEA05BD40C1D69F21A619B09209F09BE929C02125020D7EB9E94670EF57BC02080BE6718832FD9F5E7FBFD1BD75C278665582452F66A282D7BCB7936BC336FF64AB06A4A5F12F4A4592DD13AC944FC5A2DD8B084FA429D2EECC10FD7E9A5BE17B8C235A12C3E48E0DF101837BCD4563CAC3E02D7B93E172847881DB7ED7E3C01E5E426FE51EE67262154DABA09EA358BD10E8D10A9028E6DDED33FA8C0B5E5E88D751A73BC68CBD30EBED017024AFFCC1A3942010531A398EA8120158D78C214E813D6023EC021E80967DE3131284F80D0650B1A068D7C5E2BF7F8E019C70DB26EE5F0D1719240C7A06C66344D95749B73AFF74D6471D97297A248370F30B76D15D576E24FC4F2AC5960EB03D44D9FD145415EB99960802FF81C17439D9594187FFEB98E6E6F1EC11B44FB24EAADFCC1E9107E03EAFB42BC717D3A0DB4A73C66F0A22C7924A400B02742EA8609051927FAC69131DBA15DF08D152E226764F30438BDB422A895C7D0E60B1DA26370806914E4CC1DAC1777385D470C81292D597DEF9C7BBDBCA6ED5D8A36CBD97C159590FD075B93C32A22E2405FAD8C239B66CDC016E3FFE13C191065ECFEFCABDAAC7164846611CF24AC9506E7AF7
(PID) Process:(6328) Creative_Cloud_Set-Up(1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates
Operation:delete valueName:686DF0A4A89F7CB6BFB4D33C6A48E2EE5FB6C4FB
Value:
(PID) Process:(6328) Creative_Cloud_Set-Up(1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\686DF0A4A89F7CB6BFB4D33C6A48E2EE5FB6C4FB
Operation:writeName:Blob
Value:
030000000100000014000000686DF0A4A89F7CB6BFB4D33C6A48E2EE5FB6C4FB2000000001000000C3050000308205BF308203A7A003020102020401CFBD1C300D06092A864886F70D01010D050030818E310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F67793124302206035504030C1B41646F626520496E7465726D6564696174652043412031302D3139301E170D3233303830373135313132375A170D3330303830353135313132355A308191310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F67793127302506035504030C1E41646F626520436F6E74656E742043657274696669636174652031302D3830820222300D06092A864886F70D01010105000382020F003082020A0282020100D119F9B8D2D41D892ABF9F1F3CD1F947141B9867E9BE6D96E479C74C87E42F61F5B927BCCB7CAEBE27B26465B8E2F1118C2041980B88D7F559B8F9D041110E19F29CE5033FE9B8184D47982257E97D1B62744521BC329A7861A2376EEB8F3248EB031A7B43B1F22174FCC3C642033770137CAD8329B240970127EDD3030D9A69AF242FC7405B5867D0F5950BB0B79F702E84180EE43CA21F46ADCE07AD014F5CFD7BE25E735EB0431889BCCE40A4E94791FCA5A65DA24838D189B85218C9961EB1BCE8DB4CB2FFC7A2C3419788E68098350CACC6AA61DFB3D8476454927F9AB767037A84ED4E39862B3F386A065B169403259617150679E34AF188035D8BEBD9F4F22544CBF81F0D0516799D39A17A56C12E5C151945D65084367647C6F6A78ADE46F7BCC0B8ACA7D8ABFE3EB34AB2D1FB7800A98DA86C8DA956B267E309634D55FF7F6570F9B926BD602D4A94E77C662D1479C576B972D87BB35EA634B5F676774D40E04A0A908948C269C7DC71778ED5D15D9B8F4519EE858BC273A49AFC7A206AFD97286716B832E64154A074305D7BBCB7F2205017D1ED5CA6E42EDC6D35FABC88DD188028B15E5AA5296E12C03486A80A6E3CB0C001E4742B1EDF02FA70C2EBDCBEC606480054FC467729E99D1EB80BEE04B36FB17C722068079146FDE54B06C3EC5C4BAFAF113D2000EF36AEBE8454560E81D0CF982A798BAE3C39CD430203010001A320301E300E0603551D0F0101FF040403020780300C0603551D130101FF04023000300D06092A864886F70D01010D050003820201006BF0137EE63D74F0DF4EE19376625AC33574898A025B764E9BD69F8C7D9FA1C7F9B58F0355F206CAB84927D626275A8FD0D1C6A3B9A7811B361A68523AD86199EC1188922CE525246BFEF1B4DD23EB5B8EE0894D4495CEB1C0F27BCA3812C7C02432F9A693C7A331C53162A76C687C0FF60B31389A0E11F9DA1FD8CEAE91FF671222083643E0A7C0B97F170AB051856AB58C8B3278D16753CFAAC05CEC9A08C0FCC2E993AAEA79225D70E9EC8BFB53C93BE8915B2026A35BF05D3C9E5E417FABC5648D9FD8F153E8787F1E3CDD637FE2ABD8C8A5D1C9171C342E588A77FF2739DC6B88C79DC933DEDF535C496BA652A184B6B65B831AA7706251494108D58F8565624E37A343696F2E42C029333DAB8B1A9E34BDA64B58546906E9BD3F0D67F3CB830E8B6BF3B01F653C938DA93B53A6878A14FE75550B546D580FA40F0E6E6FAC25113513F48C9FC79B27689B906AFD59D11ABBDF4FDE466D2A93431606DB3938D9E9F7505D1A0CD91E4F116A2F3E1837BA0C1AB0CC74724916A65D9B2C09B00EEF96BDA7156F789449923371B5AAC2A6728B0B3E71AC656EBC820BAD65977CEBAF56611C8D322C78AF95C5DC1C2E56D95ECA6EFB5664010860DD6C82FAF60A9CD493EECC6B013449633928D96BB0D38F28F838564DB989958ECFD5325FA51F8EC4148545C5A94705BEB7200B427F978959CC7A031FE58F7E2F42AD48E3BB82
(PID) Process:(6328) Creative_Cloud_Set-Up(1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates
Operation:delete valueName:85E2C5B0D9CFF505363FA62A5E8B8C1D76A60B46
Value:
Executable files
0
Suspicious files
123
Text files
17
Unknown types
5

Dropped files

PID
Process
Filename
Type
6328Creative_Cloud_Set-Up(1).exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\204d7e81-d9f9-4265-9c33-61fed9816cdf
MD5:
SHA256:
6328Creative_Cloud_Set-Up(1).exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\anon_events\1bb8a396-ffca-43f3-9efe-554dea915d70
MD5:
SHA256:
6328Creative_Cloud_Set-Up(1).exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\manifestabr
MD5:45971D4E3A47775BB5A7260BB5EA3C36
SHA256:81C611F35BFF79491538B2F7CF201C7597A661A5C549633541C62BDC8AF1613F
6328Creative_Cloud_Set-Up(1).exeC:\Users\admin\AppData\Local\Temp\CreativeCloud\ACC\WAM.logtext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
6328Creative_Cloud_Set-Up(1).exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\anon_events\manifestabr
MD5:45971D4E3A47775BB5A7260BB5EA3C36
SHA256:81C611F35BFF79491538B2F7CF201C7597A661A5C549633541C62BDC8AF1613F
6328Creative_Cloud_Set-Up(1).exeC:\Users\admin\AppData\Local\Temp\{E5BE82F7-CE19-4C5A-AB7F-36933A62D452}\CCDInstaller.jsbinary
MD5:4B02242ED1B6281DB19B4F60C127CC5D
SHA256:9FBF9FF720E09C16DA2066B8BAB9879A4C83682F687EBE806C5EA78E1EB9467B
6328Creative_Cloud_Set-Up(1).exeC:\Users\admin\AppData\Local\Temp\Adobe\com.adobe.dunamis\dunamis-2025-01-04_21-39-48.logtext
MD5:4F5F2DB7B927A8D68B32D63341595373
SHA256:521949779B5BBA456BC2BB4F9E97C8DD8827FBF1DBC04FA30DD5C0C5E3C90EB7
5592Creative_Cloud_Set-Up(1).exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\1\meta_events\9dece3cf-95ad-47ec-b96a-8c355e4133c1
MD5:
SHA256:
6328Creative_Cloud_Set-Up(1).exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBbinary
MD5:1E0EE9B5F75D0BAB131D567B7D0E72F8
SHA256:04EA42013D191863B3CB237C18E1E2BD17654E3FF2359797148900BF98C1EF2E
5592Creative_Cloud_Set-Up(1).exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\1\anon_events\90d8f120-3ee3-4a2d-85d8-ec58ad73e18f
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
93
DNS requests
108
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5872
firefox.exe
POST
200
142.250.186.99:80
http://o.pki.goog/s/wr3/jLM
unknown
whitelisted
5872
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
5872
firefox.exe
POST
200
184.24.77.52:80
http://r10.o.lencr.org/
unknown
whitelisted
5872
firefox.exe
POST
200
184.24.77.54:80
http://r11.o.lencr.org/
unknown
whitelisted
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
unknown
whitelisted
5872
firefox.exe
POST
200
184.24.77.52:80
http://r10.o.lencr.org/
unknown
whitelisted
5872
firefox.exe
POST
200
142.250.186.99:80
http://o.pki.goog/wr2
unknown
whitelisted
5872
firefox.exe
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
unknown
whitelisted
5872
firefox.exe
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4308
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1356
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2.23.227.215:443
www.bing.com
Ooredoo Q.S.C.
QA
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
1176
svchost.exe
20.190.159.0:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1176
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
6328
Creative_Cloud_Set-Up(1).exe
34.246.54.182:443
cc-api-data.adobe.io
AMAZON-02
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 20.73.194.208
whitelisted
www.bing.com
  • 2.23.227.215
  • 2.23.227.208
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
google.com
  • 142.250.185.174
whitelisted
login.live.com
  • 20.190.159.0
  • 20.190.159.68
  • 40.126.31.67
  • 20.190.159.4
  • 40.126.31.71
  • 20.190.159.2
  • 20.190.159.73
  • 20.190.159.75
whitelisted
cc-api-data.adobe.io
  • 34.246.54.182
  • 54.228.247.11
  • 52.48.126.58
whitelisted
client.messaging.adobe.com
  • 13.33.187.74
  • 13.33.187.44
  • 13.33.187.19
  • 13.33.187.42
unknown
go.microsoft.com
  • 23.56.254.14
whitelisted
crl.microsoft.com
  • 23.48.23.190
  • 23.48.23.194
  • 23.48.23.177
  • 23.48.23.147
  • 23.48.23.139
  • 23.48.23.180
  • 23.48.23.140
  • 23.48.23.183
  • 23.48.23.193
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Creative_Cloud_Set-Up(1).exe