File name:

Premiere_Pro_Set-Up.exe

Full analysis: https://app.any.run/tasks/05ce053a-0a4e-4704-8ea9-a6e571033d9f
Verdict: Malicious activity
Analysis date: December 14, 2024, 12:32:52
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
arch-exec
arch-scr
arch-html
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

4752608DDFC13ED7BD42175FA2ABBE2D

SHA1:

08EACA0A97A22667E5932574AF7D05393128DA29

SHA256:

A6485EFFA3A11B6AFA219FA131587433263DA36F9EE28FDC8F7CD24C8E38F870

SSDEEP:

98304:khrrrAZbJJcNChltm1kO0U2qcJtWYhcU91jTJ7bWu7Cw28/H/EDOjdmRFva3opug:BQn3xQj3C

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • vcredist_x86.exe (PID: 6660)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 5320)
      • gccustomhook.exe (PID: 6092)
      • Premiere_Pro_Set-Up.exe (PID: 6480)

    • Registers / Runs the DLL via REGSVR32.EXE

      • Creative Cloud Desktop App.exe (PID: 6468)

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • Premiere_Pro_Set-Up.exe (PID: 188)

    • Application launched itself

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • vcredist_x86.exe (PID: 6660)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 5320)
      • AGSService.exe (PID: 6988)

    • Reads security settings of Internet Explorer

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • Setup.exe (PID: 3848)
      • Setup.exe (PID: 3488)
      • vcredist_x86.exe (PID: 6660)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 5320)
      • UPICustomHook.exe (PID: 6148)
      • UPICustomHook.exe (PID: 4540)
      • AdobeServiceInstaller.exe (PID: 1200)
      • Adobe Installer.exe (PID: 6852)
      • Adobe Installer.exe (PID: 4012)

    • Reads Internet Explorer settings

      • Premiere_Pro_Set-Up.exe (PID: 188)

    • Checks Windows Trust Settings

      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • Premiere_Pro_Set-Up.exe (PID: 188)
      • Setup.exe (PID: 3848)
      • msiexec.exe (PID: 4968)
      • Setup.exe (PID: 3488)
      • msiexec.exe (PID: 1192)
      • vcredist_x86.exe (PID: 6660)
      • msiexec.exe (PID: 1540)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 5320)
      • AGSService.exe (PID: 6988)
      • AdobeServiceInstaller.exe (PID: 1200)
      • Adobe Installer.exe (PID: 6852)
      • Adobe Installer.exe (PID: 4012)

    • Drops 7-zip archiver for unpacking

      • Premiere_Pro_Set-Up.exe (PID: 6480)

    • Executable content was dropped or overwritten

      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • vcredist_x86.exe (PID: 4716)
      • vcredist_x64.exe (PID: 420)
      • vcredist_x86.exe (PID: 3808)
      • vcredist_x86.exe (PID: 6660)
      • vcredist_x64.exe (PID: 6460)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4400)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 3260)
      • vcredist_x64.exe (PID: 5320)
      • gccustomhook.exe (PID: 6092)

    • The process drops C-runtime libraries

      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • vcredist_x86.exe (PID: 4716)
      • msiexec.exe (PID: 4968)
      • msiexec.exe (PID: 1192)
      • msiexec.exe (PID: 1540)

    • Process drops legitimate windows executable

      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • vcredist_x86.exe (PID: 4716)
      • msiexec.exe (PID: 4968)
      • vcredist_x64.exe (PID: 420)
      • msiexec.exe (PID: 1192)
      • vcredist_x86.exe (PID: 3808)
      • vcredist_x86.exe (PID: 6660)
      • msiexec.exe (PID: 1540)
      • vcredist_x64.exe (PID: 6460)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4400)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 3260)
      • vcredist_x64.exe (PID: 5320)

    • Creates file in the systems drive root

      • vcredist_x86.exe (PID: 4716)
      • vcredist_x64.exe (PID: 420)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 4968)
      • msiexec.exe (PID: 1192)
      • msiexec.exe (PID: 1540)

    • Searches for installed software

      • vcredist_x86.exe (PID: 3808)
      • dllhost.exe (PID: 6808)
      • vcredist_x86.exe (PID: 6660)
      • vcredist_x64.exe (PID: 6460)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x86.exe (PID: 4400)
      • vcredist_x64.exe (PID: 3260)
      • vcredist_x64.exe (PID: 5320)
      • Premiere_Pro_Set-Up.exe (PID: 6480)

    • Executes as Windows Service

      • VSSVC.exe (PID: 1016)
      • AGSService.exe (PID: 6988)
      • AdobeUpdateService.exe (PID: 2136)

    • Creates a software uninstall entry

      • vcredist_x86.exe (PID: 6660)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 5320)
      • Premiere_Pro_Set-Up.exe (PID: 6480)

    • Uses ICACLS.EXE to modify access control lists

      • AdobeIPCBrokerCustomHook.exe (PID: 5972)
      • UPICustomHook.exe (PID: 6148)
      • UPICustomHook.exe (PID: 4540)

    • Reads the date of Windows installation

      • UPICustomHook.exe (PID: 6148)
      • UPICustomHook.exe (PID: 4540)

    • Executes application which crashes

      • UPICustomHook.exe (PID: 6148)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 4864)
      • regsvr32.exe (PID: 4400)

  • INFO

    • The sample compiled with english language support

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • vcredist_x86.exe (PID: 4716)
      • msiexec.exe (PID: 4968)
      • vcredist_x64.exe (PID: 420)
      • msiexec.exe (PID: 1192)
      • vcredist_x86.exe (PID: 3808)
      • vcredist_x86.exe (PID: 6660)
      • msiexec.exe (PID: 1540)
      • vcredist_x64.exe (PID: 6460)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4400)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 3260)
      • vcredist_x64.exe (PID: 5320)
      • gccustomhook.exe (PID: 6092)

    • Reads the computer name

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • vcredist_x86.exe (PID: 4716)
      • Setup.exe (PID: 3848)
      • msiexec.exe (PID: 4968)
      • vcredist_x64.exe (PID: 420)
      • Setup.exe (PID: 3488)
      • msiexec.exe (PID: 1192)
      • vcredist_x86.exe (PID: 6660)
      • vcredist_x86.exe (PID: 3808)
      • msiexec.exe (PID: 1540)
      • vcredist_x64.exe (PID: 6460)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x86.exe (PID: 4400)
      • gccustomhook.exe (PID: 6092)
      • AGSService.exe (PID: 6988)
      • UPICustomHook.exe (PID: 6148)
      • Creative Cloud CustomHook.exe (PID: 1216)
      • UPICustomHook.exe (PID: 4540)
      • AdobeServiceInstaller.exe (PID: 1200)
      • Adobe Installer.exe (PID: 4012)
      • AdobeUpdateService.exe (PID: 2136)
      • Adobe Installer.exe (PID: 6852)
      • adobe_licensing_helper.exe (PID: 6964)
      • AdobeIPCBroker.exe (PID: 5000)
      • vcredist_x64.exe (PID: 5320)
      • vcredist_x64.exe (PID: 3260)

    • Checks proxy server information

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • vcredist_x86.exe (PID: 6660)
      • vcredist_x86.exe (PID: 4596)
      • WerFault.exe (PID: 4144)
      • AdobeServiceInstaller.exe (PID: 1200)
      • Adobe Installer.exe (PID: 6852)
      • adobe_licensing_helper.exe (PID: 6964)

    • Reads the software policy settings

      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • Premiere_Pro_Set-Up.exe (PID: 188)
      • Setup.exe (PID: 3848)
      • msiexec.exe (PID: 4968)
      • Setup.exe (PID: 3488)
      • msiexec.exe (PID: 1192)
      • vcredist_x86.exe (PID: 6660)
      • msiexec.exe (PID: 1540)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 5320)
      • UPICustomHook.exe (PID: 6148)
      • WerFault.exe (PID: 4144)
      • AGSService.exe (PID: 6988)
      • UPICustomHook.exe (PID: 4540)
      • AdobeServiceInstaller.exe (PID: 1200)
      • Adobe Installer.exe (PID: 6852)
      • Adobe Installer.exe (PID: 4012)
      • adobe_licensing_helper.exe (PID: 6964)

    • Process checks whether UAC notifications are on

      • Premiere_Pro_Set-Up.exe (PID: 188)

    • UPX packer has been detected

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • Premiere_Pro_Set-Up.exe (PID: 6480)

    • Reads the machine GUID from the registry

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • vcredist_x86.exe (PID: 4716)
      • Setup.exe (PID: 3848)
      • msiexec.exe (PID: 4968)
      • vcredist_x64.exe (PID: 420)
      • Setup.exe (PID: 3488)
      • msiexec.exe (PID: 1192)
      • vcredist_x86.exe (PID: 6660)
      • msiexec.exe (PID: 1540)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 5320)
      • AGSService.exe (PID: 6988)
      • UPICustomHook.exe (PID: 6148)
      • UPICustomHook.exe (PID: 4540)
      • AdobeServiceInstaller.exe (PID: 1200)
      • Adobe Installer.exe (PID: 6852)
      • Adobe Installer.exe (PID: 4012)

    • Checks supported languages

      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • Premiere_Pro_Set-Up.exe (PID: 188)
      • AdobeIPCBrokerCustomHook.exe (PID: 3532)
      • vcredist_x86.exe (PID: 4716)
      • Setup.exe (PID: 3848)
      • RuntimeCustomHook.exe (PID: 4128)
      • msiexec.exe (PID: 4968)
      • vcredist_x64.exe (PID: 420)
      • Setup.exe (PID: 3488)
      • vcredist_x86.exe (PID: 6660)
      • vcredist_x86.exe (PID: 3808)
      • msiexec.exe (PID: 1192)
      • msiexec.exe (PID: 1540)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x64.exe (PID: 6460)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x86.exe (PID: 4400)
      • vcredist_x64.exe (PID: 5320)
      • vcredist_x64.exe (PID: 3260)
      • AdobeIPCBrokerCustomHook.exe (PID: 5972)
      • HDCoreCustomHook.exe (PID: 6220)
      • AGSService.exe (PID: 6988)
      • gccustomhook.exe (PID: 6092)
      • AGSService.exe (PID: 2076)
      • UPICustomHook.exe (PID: 6148)
      • ADSCustomHook.exe (PID: 420)
      • AGSService.exe (PID: 5916)
      • AGSService.exe (PID: 4968)
      • UPICustomHook.exe (PID: 4540)
      • AGSService.exe (PID: 7044)
      • AGSService.exe (PID: 1292)
      • Creative Cloud Desktop App.exe (PID: 6468)
      • Creative Cloud CustomHook.exe (PID: 1216)
      • AGSService.exe (PID: 4516)
      • AdobeServiceInstaller.exe (PID: 1200)
      • AGSService.exe (PID: 4384)
      • Adobe Installer.exe (PID: 6852)
      • Adobe Installer.exe (PID: 4012)
      • AdobeUpdateService.exe (PID: 2136)
      • AdobeIPCBroker.exe (PID: 5000)
      • adobe_licensing_helper.exe (PID: 6964)

    • The process uses the downloaded file

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • UPICustomHook.exe (PID: 6148)
      • UPICustomHook.exe (PID: 4540)

    • Create files in a temporary directory

      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • Premiere_Pro_Set-Up.exe (PID: 188)
      • AdobeIPCBrokerCustomHook.exe (PID: 3532)
      • Setup.exe (PID: 3848)
      • Setup.exe (PID: 3488)
      • vcredist_x86.exe (PID: 6660)
      • vcredist_x64.exe (PID: 6460)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4400)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x86.exe (PID: 3808)
      • vcredist_x64.exe (PID: 3260)
      • vcredist_x64.exe (PID: 5320)
      • adobe_licensing_helper.exe (PID: 6964)
      • AdobeIPCBroker.exe (PID: 5000)

    • Creates files in the program directory

      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • vcredist_x86.exe (PID: 6660)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 5320)
      • ADSCustomHook.exe (PID: 420)
      • HDCoreCustomHook.exe (PID: 6220)
      • gccustomhook.exe (PID: 6092)
      • AGSService.exe (PID: 6988)
      • UPICustomHook.exe (PID: 6148)
      • UPICustomHook.exe (PID: 4540)
      • AGSService.exe (PID: 4516)
      • Creative Cloud CustomHook.exe (PID: 1216)
      • adobe_licensing_helper.exe (PID: 6964)

    • Creates files or folders in the user directory

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • msiexec.exe (PID: 4968)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x86.exe (PID: 6660)
      • UPICustomHook.exe (PID: 6148)
      • AdobeServiceInstaller.exe (PID: 1200)
      • Adobe Installer.exe (PID: 6852)
      • adobe_licensing_helper.exe (PID: 6964)

    • Process checks computer location settings

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • UPICustomHook.exe (PID: 6148)
      • UPICustomHook.exe (PID: 4540)

    • The sample compiled with german language support

      • vcredist_x86.exe (PID: 4716)
      • msiexec.exe (PID: 4968)
      • vcredist_x64.exe (PID: 420)
      • msiexec.exe (PID: 1540)
      • msiexec.exe (PID: 1192)

    • The sample compiled with french language support

      • vcredist_x86.exe (PID: 4716)
      • msiexec.exe (PID: 4968)
      • vcredist_x64.exe (PID: 420)
      • msiexec.exe (PID: 1192)
      • msiexec.exe (PID: 1540)

    • The sample compiled with chinese language support

      • vcredist_x86.exe (PID: 4716)
      • msiexec.exe (PID: 4968)
      • vcredist_x64.exe (PID: 420)
      • msiexec.exe (PID: 1540)

    • The sample compiled with spanish language support

      • vcredist_x86.exe (PID: 4716)
      • msiexec.exe (PID: 4968)
      • msiexec.exe (PID: 1192)
      • msiexec.exe (PID: 1540)

    • The sample compiled with japanese language support

      • vcredist_x86.exe (PID: 4716)
      • msiexec.exe (PID: 4968)
      • msiexec.exe (PID: 1540)

    • The sample compiled with Italian language support

      • vcredist_x86.exe (PID: 4716)
      • msiexec.exe (PID: 4968)
      • msiexec.exe (PID: 1192)
      • vcredist_x64.exe (PID: 420)
      • msiexec.exe (PID: 1540)

    • The sample compiled with russian language support

      • vcredist_x86.exe (PID: 4716)
      • msiexec.exe (PID: 4968)
      • vcredist_x64.exe (PID: 420)
      • msiexec.exe (PID: 1192)
      • msiexec.exe (PID: 1540)

    • Reads CPU info

      • Setup.exe (PID: 3848)
      • Setup.exe (PID: 3488)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 4968)
      • msiexec.exe (PID: 1192)
      • msiexec.exe (PID: 1540)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 4968)
      • msiexec.exe (PID: 1192)
      • msiexec.exe (PID: 1540)

    • Sends debugging messages

      • Setup.exe (PID: 3848)
      • Setup.exe (PID: 3488)

    • Manages system restore points

      • SrTasks.exe (PID: 6888)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (76)
.exe | Win32 Executable (generic) (12.6)
.exe | Generic Win/DOS Executable (5.6)
.exe | DOS Executable Generic (5.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2020:10:30 03:14:41+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.23
CodeSize: 2072576
InitializedDataSize: 45056
UninitializedDataSize: 3280896
EntryPoint: 0x51b390
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 5.3.5.13
ProductVersionNumber: 5.3.5.13
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Adobe Inc.
FileDescription: Adobe Installer
FileVersion: 5.3.5.13
InternalName: Adobe Installer
LegalCopyright: © 2015-2020 Adobe. All rights reserved.
OriginalFileName: Adobe Installer
ProductName: Adobe Installer
ProductVersion: 5.3.5.13
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
253
Monitored processes
117
Malicious processes
18
Suspicious processes
2

Behavior graph

Click at the process to see the details
start premiere_pro_set-up.exe premiere_pro_set-up.exe adobeipcbrokercustomhook.exe no specs conhost.exe no specs runtimecustomhook.exe no specs conhost.exe no specs vcredist_x86.exe setup.exe msiexec.exe vcredist_x64.exe setup.exe msiexec.exe vcredist_x86.exe vcredist_x86.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe vcredist_x64.exe vcredist_x64.exe vcredist_x86.exe vcredist_x86.exe vcredist_x64.exe vcredist_x64.exe adobeipcbrokercustomhook.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs adscustomhook.exe no specs hdcorecustomhook.exe no specs conhost.exe no specs gccustomhook.exe agsservice.exe agsservice.exe no specs conhost.exe no specs upicustomhook.exe conhost.exe no specs agsservice.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs werfault.exe agsservice.exe no specs conhost.exe no specs agsservice.exe no specs conhost.exe no specs upicustomhook.exe conhost.exe no specs icacls.exe no specs conhost.exe no specs agsservice.exe no specs icacls.exe no specs conhost.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs creative cloud desktop app.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs creative cloud customhook.exe no specs agsservice.exe no specs conhost.exe no specs agsservice.exe no specs conhost.exe no specs adobeserviceinstaller.exe adobeupdateservice.exe no specs adobe installer.exe adobe installer.exe no specs adobe_licensing_helper.exe conhost.exe no specs adobeipcbroker.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
188"C:\Users\admin\AppData\Local\Temp\Premiere_Pro_Set-Up.exe" C:\Users\admin\AppData\Local\Temp\Premiere_Pro_Set-Up.exe
explorer.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
MEDIUM
Description:
Adobe Installer
Version:
5.3.5.13
Modules
Images
c:\users\admin\appdata\local\temp\premiere_pro_set-up.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
236\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeRuntimeCustomHook.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
236"C:\Windows\System32\icacls.exe" "C:\Users\admin\AppData\Roaming\Adobe\UPI\Configuration" /setowner adminC:\Windows\System32\icacls.exeUPICustomHook.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\icacls.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
420"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\vc10\64bit\vcredist_x64.exe" /q /norestartC:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\vc10\64bit\vcredist_x64.exe
RuntimeCustomHook.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2010 x64 Redistributable Setup
Exit code:
0
Version:
10.0.40219.325
Modules
Images
c:\program files (x86)\common files\adobe\adobe desktop common\runtime\customhook\vc10\64bit\vcredist_x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
420"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\customhook\ADSCustomHook.exe" --install=1 C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\customHook\ADSCustomHook.exePremiere_Pro_Set-Up.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
HIGH
Description:
ADSCustomHook
Exit code:
0
Version:
5.5.0.617
Modules
Images
c:\program files (x86)\common files\adobe\adobe desktop common\ads\customhook\adscustomhook.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
628"C:\Windows\System32\icacls.exe" "C:\Users\Administrator\AppData\Roaming\Adobe\UPI\Configuration\DB" /setowner AdministratorC:\Windows\System32\icacls.exeUPICustomHook.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\ucrtbase.dll
1016C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1192C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1200"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeServiceInstaller.exe" --register=1 --servicePath="C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe" --serviceLabel=AdobeUpdateServiceC:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeServiceInstaller.exe
Premiere_Pro_Set-Up.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
HIGH
Description:
Adobe Install Helper
Exit code:
0
Version:
5.5.0.617
Modules
Images
c:\program files (x86)\common files\adobe\adobe desktop common\elevationmanager\adobeserviceinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1216"C:\Windows\System32\icacls.exe" "C:\ProgramData\Adobe\UPI\EM Store" /inheritance:r /grant SYSTEM:(F) /grant ADMINISTRATORS:(F) /grant *S-1-5-32-545:(RX) /T /C C:\Windows\System32\icacls.exeUPICustomHook.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\icacls.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
87 461
Read events
84 017
Write events
3 014
Delete events
430

Modification events

(PID) Process:(188) Premiere_Pro_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(188) Premiere_Pro_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(188) Premiere_Pro_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(188) Premiere_Pro_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\adobe.com
Operation:writeName:NumberOfSubdomains
Value:
1
(PID) Process:(188) Premiere_Pro_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\adobe.com
Operation:writeName:Total
Value:
48
(PID) Process:(188) Premiere_Pro_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\arkoselabs.com
Operation:writeName:NumberOfSubdomains
Value:
1
(PID) Process:(188) Premiere_Pro_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\MediaPlayer\Health\{6F171A55-97E4-494D-B6D7-15D8C69656AF}
Operation:delete keyName:(default)
Value:
(PID) Process:(188) Premiere_Pro_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\MediaPlayer\Health\{EE708116-5C90-4EF1-90C0-4ED753B9BAB8}
Operation:delete keyName:(default)
Value:
(PID) Process:(188) Premiere_Pro_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch
Operation:writeName:Version
Value:
WS not running
(PID) Process:(188) Premiere_Pro_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:writeName:DisableFirstRunCustomize
Value:
1
Executable files
453
Suspicious files
1 262
Text files
812
Unknown types
75

Dropped files

PID
Process
Filename
Type
188Premiere_Pro_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{52B9FE7B-4F75-4856-BE99-78CB51D1E9BC}\lib\jquery.custom-scrollbar.min.jsbinary
MD5:AB3ADF4AFF09A1C562A29DB05795C8AB
SHA256:D05E193674C6FC31DE0503CBC0B152600F22689AD7AD72ADB35FCC7C25D4B01B
188Premiere_Pro_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{52B9FE7B-4F75-4856-BE99-78CB51D1E9BC}\js\overlayController.jsbinary
MD5:B610650C4D826B14C225CFBECA89B8C1
SHA256:79D00458B49A02ACEE141B53DCF026AA1302AB6B48A745B57E1215BD3B20501C
188Premiere_Pro_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{52B9FE7B-4F75-4856-BE99-78CB51D1E9BC}\js\utils.jstxt
MD5:11671543588B007E7BE2AF6C784CB8AC
SHA256:BC354F2E25FE40AE21745C51B06D8F34643E238EE67FB94F5CD59C9B56AC17F5
188Premiere_Pro_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{52B9FE7B-4F75-4856-BE99-78CB51D1E9BC}\lib\IE8\angular.min.jss
MD5:2064E68A3817059E5560DD83C5419422
SHA256:98126704568532E8B3FB771CE6F5F44AE6A24FBF53D61CD7792E23A75971ABC6
188Premiere_Pro_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{52B9FE7B-4F75-4856-BE99-78CB51D1E9BC}\js\mainController.jsbinary
MD5:51BDCC0E7D53C59FF20FF2F6E276E321
SHA256:EC5B0CEDE51F5FD48C341CD27D42433BB9A2ADB04836433FEE5A90B101E4B1B2
188Premiere_Pro_Set-Up.exeC:\Users\admin\AppData\Local\Adobe\OOBE\temp_ins_lbs_widtext
MD5:F03DF0244A09AB500188AA75B70931B0
SHA256:79FA555C198A71E230AAEC7D2A92CBB094C0036B90E03C0B8B69A82117EC252B
188Premiere_Pro_Set-Up.exeC:\Users\admin\AppData\Local\Adobe\OOBE\temp_lbs_widtext
MD5:8ED156C3393C25E84921D6F4CA10B6B4
SHA256:FCDE411E19EE397F5668B0BFCEE6D36AEC849383C5A74EA5D3DB3821400C21CE
188Premiere_Pro_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{52B9FE7B-4F75-4856-BE99-78CB51D1E9BC}\images\productIcon4x.pngimage
MD5:A99A41B9525D820733E39D7CD051AA44
SHA256:FE4E106A0AF4455633299E3BCD09073603241D9577D3E6240D57EBA93A6238DC
188Premiere_Pro_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{52B9FE7B-4F75-4856-BE99-78CB51D1E9BC}\lib\IE8\jquery.min.jss
MD5:E1288116312E4728F98923C79B034B67
SHA256:BA6EDA7945AB8D7E57B34CC5A3DD292FA2E4C60A5CED79236ECF1A9E0F0C2D32
188Premiere_Pro_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{52B9FE7B-4F75-4856-BE99-78CB51D1E9BC}\js\main.jsbinary
MD5:A2ECC3BBA3A5033720DD046CC6CF64D3
SHA256:FC1BBA3A598AF6605A402AD2552CD8D7605E51A019AF119F25F30DFBD67E63C0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
29
TCP/UDP connections
517
DNS requests
76
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5340
svchost.exe
GET
200
23.48.23.164:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5340
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
188
Premiere_Pro_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEAEIBkgh7xl%2BVJhmzHsukM0%3D
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
188
Premiere_Pro_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAhflMAthXvozBT%2FU%2B2iPio%3D
unknown
whitelisted
188
Premiere_Pro_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
6160
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
5004
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
188
Premiere_Pro_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEAfATp7LIVYw4gbHcu36vds%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4712
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5340
svchost.exe
23.48.23.164:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5340
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
104.126.37.138:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
188
Premiere_Pro_Set-Up.exe
52.26.194.234:443
na1e-acc.services.adobe.com
AMAZON-02
US
whitelisted
188
Premiere_Pro_Set-Up.exe
52.31.218.129:443
cc-api-data.adobe.io
AMAZON-02
IE
whitelisted
6480
Premiere_Pro_Set-Up.exe
52.31.218.129:443
cc-api-data.adobe.io
AMAZON-02
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 52.140.118.28
whitelisted
crl.microsoft.com
  • 23.48.23.164
  • 23.48.23.143
  • 2.16.164.106
  • 2.16.164.49
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 88.221.169.152
whitelisted
google.com
  • 142.250.185.174
whitelisted
www.bing.com
  • 104.126.37.138
  • 104.126.37.154
  • 104.126.37.160
  • 104.126.37.145
  • 104.126.37.146
  • 104.126.37.152
  • 104.126.37.139
  • 104.126.37.136
  • 104.126.37.147
whitelisted
na1e-acc.services.adobe.com
  • 52.26.194.234
  • 52.39.77.152
  • 35.82.131.201
whitelisted
cc-api-data.adobe.io
  • 52.31.218.129
  • 52.48.8.54
  • 34.252.184.159
  • 54.228.247.11
  • 34.246.54.182
  • 52.48.126.58
whitelisted
login.live.com
  • 20.190.159.0
  • 20.190.159.23
  • 20.190.159.64
  • 20.190.159.2
  • 20.190.159.71
  • 20.190.159.4
  • 40.126.31.69
  • 20.190.159.73
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
ims-prod07.adobelogin.com
  • 162.159.140.165
  • 172.66.0.163
whitelisted

Threats

No threats detected
Process
Message
Setup.exe
The operation completed successfully.
Setup.exe
The operation completed successfully.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Premiere_Pro_Set-Up.exe