Malware analysis adobe_photoshop_2022_234_mac_os_x.exe Malicious activity

analyze malware

Huge database of samples and IOCs
Custom VM setup
Unlimited submissions
Interactive approach

Add for printing

File name:	adobe_photoshop_2022_234_mac_os_x.exe
Full analysis:	https://app.any.run/tasks/4fc1b9ab-fb15-4c4a-a833-9576f9b99650
Verdict:	Malicious activity
Analysis date:	March 31, 2023, 21:16:01
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5:	1A5962C8775965C66035B96AAED2F25F
SHA1:	25CA6501A07DEC9341F45A9A33A00E26AB370C1B
SHA256:	8861E56ACB22A7131E3A61952020E6AA52CC78B1F670953071109F6388539125
SSDEEP:	98304:7v6W8zntQwyUgOlHpKjcCAYSmOppy3Olar:76ftKKlHpUChgr

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (5.74)
CCleaner (5.74)
FileZilla Client 3.51.0 (3.51.0)
FileZilla Client 3.51.0 (3.51.0)
Google Chrome (86.0.4240.198)
Google Chrome (86.0.4240.198)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
Mozilla Firefox 83.0 (x86 en-US) (83.0)
Mozilla Firefox 83.0 (x86 en-US) (83.0)
Mozilla Maintenance Service (83.0.0.7621)
Mozilla Maintenance Service (83.0.0.7621)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
Opera 12.15 (12.15.1748)
Opera 12.15 (12.15.1748)
Skype version 8.29 (8.29)
Skype version 8.29 (8.29)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Actions looks like stealing of personal data
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2368)
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2724)
SUSPICIOUS
- Reads the Internet Settings
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2368)
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2724)
  - saBSI.exe (PID: 2740)
- Reads settings of System Certificates
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2368)
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2724)
  - saBSI.exe (PID: 2740)
- Searches for installed software
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2368)
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2724)
- Application launched itself
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2368)
- Executable content was dropped or overwritten
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2368)
  - kodi-20.0-Nexus_rc2-x64.exe (PID: 1872)
- Reads security settings of Internet Explorer
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2368)
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2724)
  - saBSI.exe (PID: 2740)
- Reads the Windows owner or organization settings
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2368)
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2724)
- Checks Windows Trust Settings
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2368)
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2724)
  - saBSI.exe (PID: 2740)
- Adds/modifies Windows certificates
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2368)
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2724)
- The process creates files with name similar to system file names
  - kodi-20.0-Nexus_rc2-x64.exe (PID: 1872)
INFO
- Checks supported languages
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2368)
  - saBSI.exe (PID: 2740)
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2724)
  - kodi-20.0-Nexus_rc2-x64.exe (PID: 1872)
- The process checks LSA protection
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2368)
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2724)
  - saBSI.exe (PID: 2740)
  - kodi-20.0-Nexus_rc2-x64.exe (PID: 1872)
- Reads the machine GUID from the registry
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2368)
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2724)
  - saBSI.exe (PID: 2740)
- Create files in a temporary directory
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2368)
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2724)
  - kodi-20.0-Nexus_rc2-x64.exe (PID: 1872)
- Creates files or folders in the user directory
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2368)
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2724)
- Reads Environment values
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2368)
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2724)
- Reads the computer name
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2368)
  - saBSI.exe (PID: 2740)
  - adobe_photoshop_2022_234_mac_os_x.exe (PID: 2724)
  - kodi-20.0-Nexus_rc2-x64.exe (PID: 1872)
- Creates files in the program directory
  - saBSI.exe (PID: 2740)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win64 Executable (generic) (49.4)
.scr	\|	Windows screen saver (23.4)
.dll	\|	Win32 Dynamic Link Library (generic) (11.7)
.exe	\|	Win32 Executable (generic) (8)
.exe	\|	Generic Win/DOS Executable (3.5)

EXIF

EXE

AssemblyVersion:	1.5.1.6476
ProductName:	InstallCapital
OriginalFileName:	GenericSetup.exe
LegalTrademarks:	-
LegalCopyright:	Copyright © Adaware 2023
InternalName:	IC001.exe
FileDescription:	Software Installation
CompanyName:	IC001
Comments:	-
ProductVersion:	6.95.1.0
FileVersion:	1.5.1.6476
CharacterSet:	Unicode
LanguageCode:	Neutral
FileSubtype:	-
ObjectFileType:	Executable application
FileOS:	Windows NT 32-bit
FileFlags:	(none)
FileFlagsMask:	0x003f
ProductVersionNumber:	6.95.1.0
FileVersionNumber:	1.5.1.6476
Subsystem:	Windows GUI
SubsystemVersion:	4
ImageVersion:	-
OSVersion:	4
EntryPoint:	0x3e9a0e
UninitializedDataSize:	-
InitializedDataSize:	3584
CodeSize:	4094976
LinkerVersion:	6
PEType:	PE32
ImageFileCharacteristics:	Executable, No line numbers, No symbols, 32-bit
TimeStamp:	2023:01:19 21:21:38+00:00
MachineType:	Intel 386 or later, and compatibles

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

2368

"C:\Users\admin\AppData\Local\Temp\adobe_photoshop_2022_234_mac_os_x.exe"

C:\Users\admin\AppData\Local\Temp\adobe_photoshop_2022_234_mac_os_x.exe

explorer.exe

User:

admin

Company:

IC001

Integrity Level:

MEDIUM

Description:

Software Installation

Exit code:

3762504530

Version:

1.5.1.6476

Modules

Images
c:\users\admin\appdata\local\temp\adobe_photoshop_2022_234_mac_os_x.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll

2724

"C:\Users\admin\AppData\Local\Temp\adobe_photoshop_2022_234_mac_os_x.exe" huac hpp=QzpcVXNlcnNcYWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXGFkb2JlX3Bob3Rvc2hvcF8yMDIyXzIzNF9tYWNfb3NfeC5leGU=

C:\Users\admin\AppData\Local\Temp\adobe_photoshop_2022_234_mac_os_x.exe

adobe_photoshop_2022_234_mac_os_x.exe

User:

admin

Company:

IC001

Integrity Level:

HIGH

Description:

Software Installation

Exit code:

Version:

1.5.1.6476

Modules

Images
c:\users\admin\appdata\local\temp\adobe_photoshop_2022_234_mac_os_x.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll

2740

"saBSI.exe" /affid 91212 PaidDistribution=true InstallID=76d7c3e0-7997-4aae-9925-f595be7a34e1 subID=JB

C:\Users\admin\AppData\Local\Temp\adobe_photoshop_2022_234_mac_os_x.exe_1680300974\saBSI.exe

adobe_photoshop_2022_234_mac_os_x.exe

User:

admin

Company:

McAfee, LLC

Integrity Level:

HIGH

Description:

McAfee WebAdvisor(bootstrap installer)

Exit code:

4294967295

Version:

4,1,1,663

Modules

Images
c:\users\admin\appdata\local\temp\adobe_photoshop_2022_234_mac_os_x.exe_1680300974\sabsi.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll

1872

"C:\Users\admin\Downloads\kodi-20.0-Nexus_rc2-x64.exe"

C:\Users\admin\Downloads\kodi-20.0-Nexus_rc2-x64.exe

adobe_photoshop_2022_234_mac_os_x.exe

User:

admin

Company:

XBMC Foundation

Integrity Level:

HIGH

Description:

Kodi 19.90.905.0 Setup

Exit code:

Version:

19.90.905.0

Modules

Images
c:\windows\system32\ntdll.dll
c:\users\admin\downloads\kodi-20.0-nexus_rc2-x64.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll

Add for printing

Total events

34 552

Read events

34 386

Write events

166

Delete events

Modification events


(PID) Process:	(2368) adobe_photoshop_2022_234_mac_os_x.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(2368) adobe_photoshop_2022_234_mac_os_x.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(2368) adobe_photoshop_2022_234_mac_os_x.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(2368) adobe_photoshop_2022_234_mac_os_x.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0
(PID) Process:	(2368) adobe_photoshop_2022_234_mac_os_x.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US
(PID) Process:	(2724) adobe_photoshop_2022_234_mac_os_x.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(2724) adobe_photoshop_2022_234_mac_os_x.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(2724) adobe_photoshop_2022_234_mac_os_x.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(2724) adobe_photoshop_2022_234_mac_os_x.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0
(PID) Process:	(2724) adobe_photoshop_2022_234_mac_os_x.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2368	adobe_photoshop_2022_234_mac_os_x.exe	C:\Users\admin\AppData\Local\Temp\3dba2b032e844ea98475f6258ce8bb25\sciter32.dll		executable
		MD5:B431083586E39D018E19880AD1A5CE8F	SHA256:B525FDCC32C5A359A7F5738A30EFF0C6390734D8A2C987C62E14C619F99D406B
2368	adobe_photoshop_2022_234_mac_os_x.exe	C:\Users\admin\AppData\Local\IC001\adobe_photoshop_2022_234__Url_r30kpen5joe55zehkaky51uluwlvtvfx\1.5.1.6476\csqaurxh.newcfg		xml
		MD5:C76D70D8440A273C2B2A2764F33323B8	SHA256:8F6658DFB498D9BC831670DFFD055D850D327A2DEFD82E1F24416316B037135D
2368	adobe_photoshop_2022_234_mac_os_x.exe	C:\Users\admin\AppData\Local\IC001\adobe_photoshop_2022_234__Url_r30kpen5joe55zehkaky51uluwlvtvfx\1.5.1.6476\user.config		xml
		MD5:C76D70D8440A273C2B2A2764F33323B8	SHA256:8F6658DFB498D9BC831670DFFD055D850D327A2DEFD82E1F24416316B037135D
2368	adobe_photoshop_2022_234_mac_os_x.exe	C:\Users\admin\AppData\Local\Temp\3dba2b032e844ea98475f6258ce8bb25\ServiceHide.Net.dll		executable
		MD5:0B036CE556E8C7C403948068D810F32A	SHA256:FC9BF8465906F8F9C979D976BD833D403AF1C0D3000AD555420347794E6C4A4D
2724	adobe_photoshop_2022_234_mac_os_x.exe	C:\Users\admin\AppData\Local\Temp\adobe_photoshop_2022_234_mac_os_x.exe_1680300974\Resources\DownloadFolderPage.html		html
		MD5:9DEA08DCA124C9CA58A082E62220ABEE	SHA256:00724E06138C68EB7AB40CDF3275CC7DB45698F10A98AC8C78B5F6582393F64C
2724	adobe_photoshop_2022_234_mac_os_x.exe	C:\Users\admin\AppData\Local\IC001\adobe_photoshop_2022_234__Url_r30kpen5joe55zehkaky51uluwlvtvfx\1.5.1.6476\hsrufirj.newcfg		xml
		MD5:C76D70D8440A273C2B2A2764F33323B8	SHA256:8F6658DFB498D9BC831670DFFD055D850D327A2DEFD82E1F24416316B037135D
2724	adobe_photoshop_2022_234_mac_os_x.exe	C:\Users\admin\AppData\Local\IC001\adobe_photoshop_2022_234__Url_r30kpen5joe55zehkaky51uluwlvtvfx\1.5.1.6476\user.config		xml
		MD5:C76D70D8440A273C2B2A2764F33323B8	SHA256:8F6658DFB498D9BC831670DFFD055D850D327A2DEFD82E1F24416316B037135D
2368	adobe_photoshop_2022_234_mac_os_x.exe	C:\Users\admin\AppData\Local\Temp\3dba2b032e844ea98475f6258ce8bb25\msvcp140.dll		executable
		MD5:8FF1898897F3F4391803C7253366A87B	SHA256:51398691FEEF7AE0A876B523AEC47C4A06D9A1EE62F1A0AEE27DE6D6191C68AD
2724	adobe_photoshop_2022_234_mac_os_x.exe	C:\Users\admin\AppData\Local\Temp\adobe_photoshop_2022_234_mac_os_x.exe_1680300974\app.ico		image
		MD5:4003EFA6E7D44E2CBD3D7486E2E0451A	SHA256:EFFD42C5E471EA3792F12538BF7C982A5CDA4D25BFBFFAF51EED7E09035F4508
2724	adobe_photoshop_2022_234_mac_os_x.exe	C:\Users\admin\AppData\Local\Temp\adobe_photoshop_2022_234_mac_os_x.exe_1680300974\Resources\images\warning48x48.png		image
		MD5:D3361CF0D689A1B34D84F483D60BA9C9	SHA256:56739925AADA73F9489F9A6B72BFAAA92892B27D20F4D221380BA3EAE17F1442

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2724	adobe_photoshop_2022_234_mac_os_x.exe	HEAD	200	104.18.212.25:80	http://webcompanion.com/nano_download.php?partner=IT200301	unknown	—	—	malicious
2724	adobe_photoshop_2022_234_mac_os_x.exe	GET	200	209.197.3.8:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?133020b60f3eaa92	US	compressed	61.1 Kb	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
2724	adobe_photoshop_2022_234_mac_os_x.exe	104.18.212.25:80	webcompanion.com	CLOUDFLARENET	—	malicious
2724	adobe_photoshop_2022_234_mac_os_x.exe	104.18.67.73:443	h2oapi.adaware.com	CLOUDFLARENET	—	malicious
2724	adobe_photoshop_2022_234_mac_os_x.exe	104.18.68.73:443	h2oapi.adaware.com	CLOUDFLARENET	—	malicious
2368	adobe_photoshop_2022_234_mac_os_x.exe	104.18.68.73:443	h2oapi.adaware.com	CLOUDFLARENET	—	malicious
2724	adobe_photoshop_2022_234_mac_os_x.exe	104.17.9.52:443	flow.lavasoft.com	CLOUDFLARENET	—	shared
2724	adobe_photoshop_2022_234_mac_os_x.exe	172.67.189.175:443	walliant.com	CLOUDFLARENET	US	malicious
—	—	209.197.3.8:80	ctldl.windowsupdate.com	STACKPATH-CDN	US	whitelisted
2740	saBSI.exe	35.166.221.252:443	apis.mosaic.analytics.awscommon.mcafee.com	AMAZON-02	US	unknown
2740	saBSI.exe	104.208.16.0:443	cu1pehnswad01.servicebus.windows.net	MICROSOFT-CORP-MSN-AS-BLOCK	US	unknown
2724	adobe_photoshop_2022_234_mac_os_x.exe	185.31.172.243:443	kodi.mirror.liteserver.nl	The Infrastructure Group B.V.	NL	unknown

DNS requests

Domain	IP	Reputation
h2oapi.adaware.com	104.18.68.73 104.18.67.73	malicious
www.google.com	142.250.185.100	whitelisted
flow.lavasoft.com	104.17.9.52 104.17.8.52	whitelisted
sos.adaware.com	104.18.67.73 104.18.68.73	whitelisted
webcompanion.com	104.18.212.25 104.18.211.25	malicious
walliant.com	172.67.189.175 104.21.57.77	malicious
sdl.adaware.com	104.18.68.73 104.18.67.73	whitelisted
kodi.mirror.liteserver.nl	185.31.172.243	unknown
ctldl.windowsupdate.com	209.197.3.8	whitelisted
cu1pehnswad01.servicebus.windows.net	104.208.16.0	whitelisted

Threats

PID	Process	Class	Message
2740	saBSI.exe	Potentially Bad Traffic	ET INFO TLS Handshake Failure
2740	saBSI.exe	Potentially Bad Traffic	ET INFO TLS Handshake Failure

6 ETPRO signatures available at the full report

Add for printing

Process	Message
adobe_photoshop_2022_234_mac_os_x.exe	Error: File not found - genericsetup.wrappers.sciter:console.tis
adobe_photoshop_2022_234_mac_os_x.exe	at sciter:init-script.tis
adobe_photoshop_2022_234_mac_os_x.exe
adobe_photoshop_2022_234_mac_os_x.exe
adobe_photoshop_2022_234_mac_os_x.exe	file:resources/tis/TranslateOfferTemplate.tis(82) : warning :'async' does not contain any 'await'
adobe_photoshop_2022_234_mac_os_x.exe	Error: File not found - genericsetup.wrappers.sciter:console.tis
adobe_photoshop_2022_234_mac_os_x.exe	at sciter:init-script.tis
adobe_photoshop_2022_234_mac_os_x.exe
adobe_photoshop_2022_234_mac_os_x.exe
adobe_photoshop_2022_234_mac_os_x.exe	file:resources/tis/TranslateOfferTemplate.tis(82) : warning :'async' does not contain any 'await'

General Info

adobe_photoshop_2022_234_mac_os_x.exe

1A5962C8775965C66035B96AAED2F25F

25CA6501A07DEC9341F45A9A33A00E26AB370C1B

8861E56ACB22A7131E3A61952020E6AA52CC78B1F670953071109F6388539125

98304:7v6W8zntQwyUgOlHpKjcCAYSmOppy3Olar:76ftKKlHpUChgr

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Actions looks like stealing of personal data

SUSPICIOUS

Reads the Internet Settings

Reads settings of System Certificates

Searches for installed software

Application launched itself

Executable content was dropped or overwritten

Reads security settings of Internet Explorer

Reads the Windows owner or organization settings

Checks Windows Trust Settings

Adds/modifies Windows certificates

The process creates files with name similar to system file names

INFO

Checks supported languages

The process checks LSA protection

Reads the machine GUID from the registry

Create files in a temporary directory

Creates files or folders in the user directory

Reads Environment values

Reads the computer name

Creates files in the program directory

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings