File name:

Premiere_Pro_Set-Up.exe

Full analysis: https://app.any.run/tasks/05ce053a-0a4e-4704-8ea9-a6e571033d9f
Verdict: Malicious activity
Analysis date: December 14, 2024, 12:32:52
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
arch-exec
arch-scr
arch-html
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

4752608DDFC13ED7BD42175FA2ABBE2D

SHA1:

08EACA0A97A22667E5932574AF7D05393128DA29

SHA256:

A6485EFFA3A11B6AFA219FA131587433263DA36F9EE28FDC8F7CD24C8E38F870

SSDEEP:

98304:khrrrAZbJJcNChltm1kO0U2qcJtWYhcU91jTJ7bWu7Cw28/H/EDOjdmRFva3opug:BQn3xQj3C

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • vcredist_x86.exe (PID: 6660)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 5320)
      • gccustomhook.exe (PID: 6092)
      • Premiere_Pro_Set-Up.exe (PID: 6480)

    • Registers / Runs the DLL via REGSVR32.EXE

      • Creative Cloud Desktop App.exe (PID: 6468)

  • SUSPICIOUS

    • Application launched itself

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • vcredist_x86.exe (PID: 6660)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 5320)
      • AGSService.exe (PID: 6988)

    • Reads Microsoft Outlook installation path

      • Premiere_Pro_Set-Up.exe (PID: 188)

    • Reads security settings of Internet Explorer

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • Setup.exe (PID: 3848)
      • Setup.exe (PID: 3488)
      • vcredist_x86.exe (PID: 6660)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 5320)
      • UPICustomHook.exe (PID: 6148)
      • UPICustomHook.exe (PID: 4540)
      • AdobeServiceInstaller.exe (PID: 1200)
      • Adobe Installer.exe (PID: 6852)
      • Adobe Installer.exe (PID: 4012)

    • Checks Windows Trust Settings

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • Setup.exe (PID: 3848)
      • msiexec.exe (PID: 4968)
      • Setup.exe (PID: 3488)
      • msiexec.exe (PID: 1192)
      • vcredist_x86.exe (PID: 6660)
      • msiexec.exe (PID: 1540)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 5320)
      • AGSService.exe (PID: 6988)
      • Adobe Installer.exe (PID: 6852)
      • AdobeServiceInstaller.exe (PID: 1200)
      • Adobe Installer.exe (PID: 4012)

    • Reads Internet Explorer settings

      • Premiere_Pro_Set-Up.exe (PID: 188)

    • Executable content was dropped or overwritten

      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • vcredist_x86.exe (PID: 4716)
      • vcredist_x64.exe (PID: 420)
      • vcredist_x86.exe (PID: 3808)
      • vcredist_x86.exe (PID: 6660)
      • vcredist_x64.exe (PID: 6460)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4400)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 3260)
      • vcredist_x64.exe (PID: 5320)
      • gccustomhook.exe (PID: 6092)

    • Process drops legitimate windows executable

      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • vcredist_x86.exe (PID: 4716)
      • msiexec.exe (PID: 4968)
      • vcredist_x64.exe (PID: 420)
      • msiexec.exe (PID: 1192)
      • vcredist_x86.exe (PID: 3808)
      • vcredist_x86.exe (PID: 6660)
      • vcredist_x64.exe (PID: 6460)
      • msiexec.exe (PID: 1540)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x86.exe (PID: 4400)
      • vcredist_x64.exe (PID: 3260)
      • vcredist_x64.exe (PID: 5320)

    • The process drops C-runtime libraries

      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • vcredist_x86.exe (PID: 4716)
      • msiexec.exe (PID: 4968)
      • msiexec.exe (PID: 1192)
      • msiexec.exe (PID: 1540)

    • Drops 7-zip archiver for unpacking

      • Premiere_Pro_Set-Up.exe (PID: 6480)

    • Creates file in the systems drive root

      • vcredist_x86.exe (PID: 4716)
      • vcredist_x64.exe (PID: 420)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 4968)
      • msiexec.exe (PID: 1192)
      • msiexec.exe (PID: 1540)

    • Searches for installed software

      • vcredist_x86.exe (PID: 3808)
      • dllhost.exe (PID: 6808)
      • vcredist_x86.exe (PID: 6660)
      • vcredist_x64.exe (PID: 6460)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4400)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 3260)
      • vcredist_x64.exe (PID: 5320)
      • Premiere_Pro_Set-Up.exe (PID: 6480)

    • Executes as Windows Service

      • VSSVC.exe (PID: 1016)
      • AGSService.exe (PID: 6988)
      • AdobeUpdateService.exe (PID: 2136)

    • Creates a software uninstall entry

      • vcredist_x86.exe (PID: 6660)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 5320)
      • Premiere_Pro_Set-Up.exe (PID: 6480)

    • Uses ICACLS.EXE to modify access control lists

      • AdobeIPCBrokerCustomHook.exe (PID: 5972)
      • UPICustomHook.exe (PID: 6148)
      • UPICustomHook.exe (PID: 4540)

    • Reads the date of Windows installation

      • UPICustomHook.exe (PID: 6148)
      • UPICustomHook.exe (PID: 4540)

    • Executes application which crashes

      • UPICustomHook.exe (PID: 6148)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 4864)
      • regsvr32.exe (PID: 4400)

  • INFO

    • The sample compiled with english language support

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • vcredist_x86.exe (PID: 4716)
      • msiexec.exe (PID: 4968)
      • vcredist_x64.exe (PID: 420)
      • msiexec.exe (PID: 1192)
      • vcredist_x86.exe (PID: 3808)
      • vcredist_x86.exe (PID: 6660)
      • msiexec.exe (PID: 1540)
      • vcredist_x64.exe (PID: 6460)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x86.exe (PID: 4400)
      • vcredist_x64.exe (PID: 3260)
      • vcredist_x64.exe (PID: 5320)
      • gccustomhook.exe (PID: 6092)

    • Create files in a temporary directory

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • AdobeIPCBrokerCustomHook.exe (PID: 3532)
      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • Setup.exe (PID: 3848)
      • Setup.exe (PID: 3488)
      • vcredist_x86.exe (PID: 3808)
      • vcredist_x86.exe (PID: 6660)
      • vcredist_x64.exe (PID: 6460)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4400)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 3260)
      • vcredist_x64.exe (PID: 5320)
      • adobe_licensing_helper.exe (PID: 6964)
      • AdobeIPCBroker.exe (PID: 5000)

    • Creates files or folders in the user directory

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • msiexec.exe (PID: 4968)
      • vcredist_x86.exe (PID: 6660)
      • vcredist_x86.exe (PID: 4596)
      • UPICustomHook.exe (PID: 6148)
      • AdobeServiceInstaller.exe (PID: 1200)
      • Adobe Installer.exe (PID: 6852)
      • adobe_licensing_helper.exe (PID: 6964)

    • Process checks computer location settings

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • UPICustomHook.exe (PID: 6148)
      • UPICustomHook.exe (PID: 4540)

    • Checks proxy server information

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • vcredist_x86.exe (PID: 6660)
      • vcredist_x86.exe (PID: 4596)
      • WerFault.exe (PID: 4144)
      • Adobe Installer.exe (PID: 6852)
      • AdobeServiceInstaller.exe (PID: 1200)
      • adobe_licensing_helper.exe (PID: 6964)

    • Checks supported languages

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • AdobeIPCBrokerCustomHook.exe (PID: 3532)
      • Setup.exe (PID: 3848)
      • vcredist_x86.exe (PID: 4716)
      • RuntimeCustomHook.exe (PID: 4128)
      • msiexec.exe (PID: 4968)
      • vcredist_x64.exe (PID: 420)
      • Setup.exe (PID: 3488)
      • msiexec.exe (PID: 1192)
      • vcredist_x86.exe (PID: 6660)
      • vcredist_x86.exe (PID: 3808)
      • msiexec.exe (PID: 1540)
      • vcredist_x64.exe (PID: 6460)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4400)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 5320)
      • vcredist_x64.exe (PID: 3260)
      • AdobeIPCBrokerCustomHook.exe (PID: 5972)
      • ADSCustomHook.exe (PID: 420)
      • HDCoreCustomHook.exe (PID: 6220)
      • gccustomhook.exe (PID: 6092)
      • AGSService.exe (PID: 6988)
      • UPICustomHook.exe (PID: 6148)
      • AGSService.exe (PID: 2076)
      • AGSService.exe (PID: 7044)
      • AGSService.exe (PID: 5916)
      • AGSService.exe (PID: 4968)
      • UPICustomHook.exe (PID: 4540)
      • AGSService.exe (PID: 1292)
      • Creative Cloud Desktop App.exe (PID: 6468)
      • Creative Cloud CustomHook.exe (PID: 1216)
      • AGSService.exe (PID: 4384)
      • AGSService.exe (PID: 4516)
      • AdobeServiceInstaller.exe (PID: 1200)
      • AdobeUpdateService.exe (PID: 2136)
      • Adobe Installer.exe (PID: 6852)
      • Adobe Installer.exe (PID: 4012)
      • AdobeIPCBroker.exe (PID: 5000)
      • adobe_licensing_helper.exe (PID: 6964)

    • Reads the computer name

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • Setup.exe (PID: 3848)
      • vcredist_x86.exe (PID: 4716)
      • msiexec.exe (PID: 4968)
      • vcredist_x64.exe (PID: 420)
      • Setup.exe (PID: 3488)
      • msiexec.exe (PID: 1192)
      • vcredist_x86.exe (PID: 6660)
      • vcredist_x86.exe (PID: 3808)
      • msiexec.exe (PID: 1540)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x64.exe (PID: 6460)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x86.exe (PID: 4400)
      • vcredist_x64.exe (PID: 3260)
      • vcredist_x64.exe (PID: 5320)
      • gccustomhook.exe (PID: 6092)
      • AGSService.exe (PID: 6988)
      • UPICustomHook.exe (PID: 6148)
      • UPICustomHook.exe (PID: 4540)
      • Creative Cloud CustomHook.exe (PID: 1216)
      • Adobe Installer.exe (PID: 6852)
      • AdobeServiceInstaller.exe (PID: 1200)
      • AdobeUpdateService.exe (PID: 2136)
      • adobe_licensing_helper.exe (PID: 6964)
      • AdobeIPCBroker.exe (PID: 5000)
      • Adobe Installer.exe (PID: 4012)

    • Reads the software policy settings

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • Setup.exe (PID: 3848)
      • msiexec.exe (PID: 4968)
      • Setup.exe (PID: 3488)
      • msiexec.exe (PID: 1192)
      • vcredist_x86.exe (PID: 6660)
      • msiexec.exe (PID: 1540)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 5320)
      • UPICustomHook.exe (PID: 6148)
      • WerFault.exe (PID: 4144)
      • UPICustomHook.exe (PID: 4540)
      • AGSService.exe (PID: 6988)
      • AdobeServiceInstaller.exe (PID: 1200)
      • Adobe Installer.exe (PID: 6852)
      • Adobe Installer.exe (PID: 4012)
      • adobe_licensing_helper.exe (PID: 6964)

    • Process checks whether UAC notifications are on

      • Premiere_Pro_Set-Up.exe (PID: 188)

    • The process uses the downloaded file

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • UPICustomHook.exe (PID: 6148)
      • UPICustomHook.exe (PID: 4540)

    • Reads the machine GUID from the registry

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • vcredist_x86.exe (PID: 4716)
      • Setup.exe (PID: 3848)
      • msiexec.exe (PID: 4968)
      • vcredist_x64.exe (PID: 420)
      • Setup.exe (PID: 3488)
      • msiexec.exe (PID: 1192)
      • vcredist_x86.exe (PID: 6660)
      • msiexec.exe (PID: 1540)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4596)
      • vcredist_x64.exe (PID: 5320)
      • UPICustomHook.exe (PID: 6148)
      • AGSService.exe (PID: 6988)
      • UPICustomHook.exe (PID: 4540)
      • AdobeServiceInstaller.exe (PID: 1200)
      • Adobe Installer.exe (PID: 6852)
      • Adobe Installer.exe (PID: 4012)

    • UPX packer has been detected

      • Premiere_Pro_Set-Up.exe (PID: 188)
      • Premiere_Pro_Set-Up.exe (PID: 6480)

    • Creates files in the program directory

      • Premiere_Pro_Set-Up.exe (PID: 6480)
      • vcredist_x86.exe (PID: 6660)
      • vcredist_x64.exe (PID: 4308)
      • vcredist_x86.exe (PID: 4596)
      • ADSCustomHook.exe (PID: 420)
      • HDCoreCustomHook.exe (PID: 6220)
      • vcredist_x64.exe (PID: 5320)
      • gccustomhook.exe (PID: 6092)
      • AGSService.exe (PID: 6988)
      • UPICustomHook.exe (PID: 4540)
      • UPICustomHook.exe (PID: 6148)
      • Creative Cloud CustomHook.exe (PID: 1216)
      • AGSService.exe (PID: 4516)
      • adobe_licensing_helper.exe (PID: 6964)

    • The sample compiled with chinese language support

      • vcredist_x86.exe (PID: 4716)
      • msiexec.exe (PID: 4968)
      • vcredist_x64.exe (PID: 420)
      • msiexec.exe (PID: 1540)

    • The sample compiled with german language support

      • vcredist_x86.exe (PID: 4716)
      • msiexec.exe (PID: 4968)
      • vcredist_x64.exe (PID: 420)
      • msiexec.exe (PID: 1192)
      • msiexec.exe (PID: 1540)

    • The sample compiled with french language support

      • vcredist_x86.exe (PID: 4716)
      • msiexec.exe (PID: 4968)
      • vcredist_x64.exe (PID: 420)
      • msiexec.exe (PID: 1192)
      • msiexec.exe (PID: 1540)

    • The sample compiled with spanish language support

      • vcredist_x86.exe (PID: 4716)
      • msiexec.exe (PID: 4968)
      • msiexec.exe (PID: 1192)
      • msiexec.exe (PID: 1540)

    • The sample compiled with russian language support

      • vcredist_x86.exe (PID: 4716)
      • msiexec.exe (PID: 4968)
      • vcredist_x64.exe (PID: 420)
      • msiexec.exe (PID: 1192)
      • msiexec.exe (PID: 1540)

    • The sample compiled with japanese language support

      • vcredist_x86.exe (PID: 4716)
      • msiexec.exe (PID: 4968)
      • msiexec.exe (PID: 1540)

    • Reads CPU info

      • Setup.exe (PID: 3848)
      • Setup.exe (PID: 3488)

    • The sample compiled with Italian language support

      • vcredist_x86.exe (PID: 4716)
      • vcredist_x64.exe (PID: 420)
      • msiexec.exe (PID: 4968)
      • msiexec.exe (PID: 1192)
      • msiexec.exe (PID: 1540)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 4968)
      • msiexec.exe (PID: 1192)
      • msiexec.exe (PID: 1540)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 4968)
      • msiexec.exe (PID: 1192)
      • msiexec.exe (PID: 1540)

    • Sends debugging messages

      • Setup.exe (PID: 3848)
      • Setup.exe (PID: 3488)

    • Manages system restore points

      • SrTasks.exe (PID: 6888)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (76)
.exe | Win32 Executable (generic) (12.6)
.exe | Generic Win/DOS Executable (5.6)
.exe | DOS Executable Generic (5.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2020:10:30 03:14:41+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.23
CodeSize: 2072576
InitializedDataSize: 45056
UninitializedDataSize: 3280896
EntryPoint: 0x51b390
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 5.3.5.13
ProductVersionNumber: 5.3.5.13
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Adobe Inc.
FileDescription: Adobe Installer
FileVersion: 5.3.5.13
InternalName: Adobe Installer
LegalCopyright: © 2015-2020 Adobe. All rights reserved.
OriginalFileName: Adobe Installer
ProductName: Adobe Installer
ProductVersion: 5.3.5.13
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
253
Monitored processes
117
Malicious processes
18
Suspicious processes
2

Behavior graph

Click at the process to see the details
start premiere_pro_set-up.exe premiere_pro_set-up.exe adobeipcbrokercustomhook.exe no specs conhost.exe no specs runtimecustomhook.exe no specs conhost.exe no specs vcredist_x86.exe setup.exe msiexec.exe vcredist_x64.exe setup.exe msiexec.exe vcredist_x86.exe vcredist_x86.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe vcredist_x64.exe vcredist_x64.exe vcredist_x86.exe vcredist_x86.exe vcredist_x64.exe vcredist_x64.exe adobeipcbrokercustomhook.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs adscustomhook.exe no specs hdcorecustomhook.exe no specs conhost.exe no specs gccustomhook.exe agsservice.exe agsservice.exe no specs conhost.exe no specs upicustomhook.exe conhost.exe no specs agsservice.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs werfault.exe agsservice.exe no specs conhost.exe no specs agsservice.exe no specs conhost.exe no specs upicustomhook.exe conhost.exe no specs icacls.exe no specs conhost.exe no specs agsservice.exe no specs icacls.exe no specs conhost.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs creative cloud desktop app.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs creative cloud customhook.exe no specs agsservice.exe no specs conhost.exe no specs agsservice.exe no specs conhost.exe no specs adobeserviceinstaller.exe adobeupdateservice.exe no specs adobe installer.exe adobe installer.exe no specs adobe_licensing_helper.exe conhost.exe no specs adobeipcbroker.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
188"C:\Users\admin\AppData\Local\Temp\Premiere_Pro_Set-Up.exe" C:\Users\admin\AppData\Local\Temp\Premiere_Pro_Set-Up.exe
explorer.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
MEDIUM
Description:
Adobe Installer
Version:
5.3.5.13
Modules
Images
c:\users\admin\appdata\local\temp\premiere_pro_set-up.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
236\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeRuntimeCustomHook.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
236"C:\Windows\System32\icacls.exe" "C:\Users\admin\AppData\Roaming\Adobe\UPI\Configuration" /setowner adminC:\Windows\System32\icacls.exeUPICustomHook.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\icacls.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
420"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\vc10\64bit\vcredist_x64.exe" /q /norestartC:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\vc10\64bit\vcredist_x64.exe
RuntimeCustomHook.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2010 x64 Redistributable Setup
Exit code:
0
Version:
10.0.40219.325
Modules
Images
c:\program files (x86)\common files\adobe\adobe desktop common\runtime\customhook\vc10\64bit\vcredist_x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
420"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\customhook\ADSCustomHook.exe" --install=1 C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\customHook\ADSCustomHook.exePremiere_Pro_Set-Up.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
HIGH
Description:
ADSCustomHook
Exit code:
0
Version:
5.5.0.617
Modules
Images
c:\program files (x86)\common files\adobe\adobe desktop common\ads\customhook\adscustomhook.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
628"C:\Windows\System32\icacls.exe" "C:\Users\Administrator\AppData\Roaming\Adobe\UPI\Configuration\DB" /setowner AdministratorC:\Windows\System32\icacls.exeUPICustomHook.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\ucrtbase.dll
1016C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1192C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1200"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeServiceInstaller.exe" --register=1 --servicePath="C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe" --serviceLabel=AdobeUpdateServiceC:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeServiceInstaller.exe
Premiere_Pro_Set-Up.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
HIGH
Description:
Adobe Install Helper
Exit code:
0
Version:
5.5.0.617
Modules
Images
c:\program files (x86)\common files\adobe\adobe desktop common\elevationmanager\adobeserviceinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1216"C:\Windows\System32\icacls.exe" "C:\ProgramData\Adobe\UPI\EM Store" /inheritance:r /grant SYSTEM:(F) /grant ADMINISTRATORS:(F) /grant *S-1-5-32-545:(RX) /T /C C:\Windows\System32\icacls.exeUPICustomHook.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\icacls.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
87 461
Read events
84 017
Write events
3 014
Delete events
430

Modification events

(PID) Process:(188) Premiere_Pro_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(188) Premiere_Pro_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(188) Premiere_Pro_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(188) Premiere_Pro_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\adobe.com
Operation:writeName:NumberOfSubdomains
Value:
1
(PID) Process:(188) Premiere_Pro_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\adobe.com
Operation:writeName:Total
Value:
48
(PID) Process:(188) Premiere_Pro_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\arkoselabs.com
Operation:writeName:NumberOfSubdomains
Value:
1
(PID) Process:(188) Premiere_Pro_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\MediaPlayer\Health\{6F171A55-97E4-494D-B6D7-15D8C69656AF}
Operation:delete keyName:(default)
Value:
(PID) Process:(188) Premiere_Pro_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\MediaPlayer\Health\{EE708116-5C90-4EF1-90C0-4ED753B9BAB8}
Operation:delete keyName:(default)
Value:
(PID) Process:(188) Premiere_Pro_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch
Operation:writeName:Version
Value:
WS not running
(PID) Process:(188) Premiere_Pro_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:writeName:DisableFirstRunCustomize
Value:
1
Executable files
453
Suspicious files
1 262
Text files
812
Unknown types
75

Dropped files

PID
Process
Filename
Type
188Premiere_Pro_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{52B9FE7B-4F75-4856-BE99-78CB51D1E9BC}\lib\jquery.min.jss
MD5:9AC39DC31635A363E377EDA0F6FBE03F
SHA256:9A2723C21FB1B7DFF0E2AA5DC6BE24A9670220A17AE21F70FDBC602D1F8ACD38
188Premiere_Pro_Set-Up.exeC:\Users\admin\AppData\Local\Adobe\OOBE\temp_ins_lbs_widtext
MD5:F03DF0244A09AB500188AA75B70931B0
SHA256:79FA555C198A71E230AAEC7D2A92CBB094C0036B90E03C0B8B69A82117EC252B
188Premiere_Pro_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{52B9FE7B-4F75-4856-BE99-78CB51D1E9BC}\js\mainController.jsbinary
MD5:51BDCC0E7D53C59FF20FF2F6E276E321
SHA256:EC5B0CEDE51F5FD48C341CD27D42433BB9A2ADB04836433FEE5A90B101E4B1B2
188Premiere_Pro_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{52B9FE7B-4F75-4856-BE99-78CB51D1E9BC}\js\overlayController.jsbinary
MD5:B610650C4D826B14C225CFBECA89B8C1
SHA256:79D00458B49A02ACEE141B53DCF026AA1302AB6B48A745B57E1215BD3B20501C
188Premiere_Pro_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{52B9FE7B-4F75-4856-BE99-78CB51D1E9BC}\lib\IE8\jquery.min.jss
MD5:E1288116312E4728F98923C79B034B67
SHA256:BA6EDA7945AB8D7E57B34CC5A3DD292FA2E4C60A5CED79236ECF1A9E0F0C2D32
188Premiere_Pro_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{52B9FE7B-4F75-4856-BE99-78CB51D1E9BC}\lib\jquery.custom-scrollbar.min.jsbinary
MD5:AB3ADF4AFF09A1C562A29DB05795C8AB
SHA256:D05E193674C6FC31DE0503CBC0B152600F22689AD7AD72ADB35FCC7C25D4B01B
188Premiere_Pro_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{52B9FE7B-4F75-4856-BE99-78CB51D1E9BC}\main.htmlhtml
MD5:A501355E23582CBC6C8C2835FE076F52
SHA256:4BE92DEE71936C52319D441434992895818586ACAB859000341AF74D0175AB54
188Premiere_Pro_Set-Up.exeC:\Users\admin\AppData\Local\Temp\CreativeCloud\ACC\WAM.logtext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
188Premiere_Pro_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{52B9FE7B-4F75-4856-BE99-78CB51D1E9BC}\js\utils.jstxt
MD5:11671543588B007E7BE2AF6C784CB8AC
SHA256:BC354F2E25FE40AE21745C51B06D8F34643E238EE67FB94F5CD59C9B56AC17F5
188Premiere_Pro_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{52B9FE7B-4F75-4856-BE99-78CB51D1E9BC}\clean.csstext
MD5:4F3364AF3E396F92A8826532BFB1A7E5
SHA256:45B9B77499356527E9047256DB96A542A720BF075D67E9F6BA55D51FD562339E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
29
TCP/UDP connections
517
DNS requests
76
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5340
svchost.exe
GET
200
23.48.23.164:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5340
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
188
Premiere_Pro_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAhflMAthXvozBT%2FU%2B2iPio%3D
unknown
whitelisted
188
Premiere_Pro_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
188
Premiere_Pro_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEAEIBkgh7xl%2BVJhmzHsukM0%3D
unknown
whitelisted
188
Premiere_Pro_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEAMXnzAk6xrhhz5OEWuk8sk%3D
unknown
whitelisted
188
Premiere_Pro_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEAfATp7LIVYw4gbHcu36vds%3D
unknown
whitelisted
188
Premiere_Pro_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4712
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5340
svchost.exe
23.48.23.164:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5340
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
104.126.37.138:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
188
Premiere_Pro_Set-Up.exe
52.26.194.234:443
na1e-acc.services.adobe.com
AMAZON-02
US
whitelisted
188
Premiere_Pro_Set-Up.exe
52.31.218.129:443
cc-api-data.adobe.io
AMAZON-02
IE
whitelisted
6480
Premiere_Pro_Set-Up.exe
52.31.218.129:443
cc-api-data.adobe.io
AMAZON-02
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 52.140.118.28
whitelisted
crl.microsoft.com
  • 23.48.23.164
  • 23.48.23.143
  • 2.16.164.106
  • 2.16.164.49
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 88.221.169.152
whitelisted
google.com
  • 142.250.185.174
whitelisted
www.bing.com
  • 104.126.37.138
  • 104.126.37.154
  • 104.126.37.160
  • 104.126.37.145
  • 104.126.37.146
  • 104.126.37.152
  • 104.126.37.139
  • 104.126.37.136
  • 104.126.37.147
whitelisted
na1e-acc.services.adobe.com
  • 52.26.194.234
  • 52.39.77.152
  • 35.82.131.201
whitelisted
cc-api-data.adobe.io
  • 52.31.218.129
  • 52.48.8.54
  • 34.252.184.159
  • 54.228.247.11
  • 34.246.54.182
  • 52.48.126.58
whitelisted
login.live.com
  • 20.190.159.0
  • 20.190.159.23
  • 20.190.159.64
  • 20.190.159.2
  • 20.190.159.71
  • 20.190.159.4
  • 40.126.31.69
  • 20.190.159.73
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
ims-prod07.adobelogin.com
  • 162.159.140.165
  • 172.66.0.163
whitelisted

Threats

No threats detected
Process
Message
Setup.exe
The operation completed successfully.
Setup.exe
The operation completed successfully.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Premiere_Pro_Set-Up.exe