File name:

Creative_Cloud_Set-Up.exe

Full analysis: https://app.any.run/tasks/cb9b3e38-baaf-4041-98f3-ee09ec8456a1
Verdict: Malicious activity
Analysis date: February 07, 2025, 16:30:42
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

1A87954051382BEE9EB3238506ADF81B

SHA1:

E6F84C96013CB2F97B9709B89E39D6907F7356B8

SHA256:

C3EC382DB96090AB67E70813B19CA5C53AFDB2BFE4F999C5D121FAED5C193656

SSDEEP:

98304:m4lTUghYoYfNMFMgF7DyCFKPrtTCKm8zgiXb7r+cIYYVx3X+D2Flokb5DN3Zv5ng:RnFpkbR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • Creative_Cloud_Set-Up.exe (PID: 6384)

    • Reads Internet Explorer settings

      • Creative_Cloud_Set-Up.exe (PID: 6384)

    • Reads security settings of Internet Explorer

      • Creative_Cloud_Set-Up.exe (PID: 6384)

    • Checks Windows Trust Settings

      • Creative_Cloud_Set-Up.exe (PID: 6384)

    • Application launched itself

      • Creative_Cloud_Set-Up.exe (PID: 6384)

    • Adds/modifies Windows certificates

      • Creative_Cloud_Set-Up.exe (PID: 6384)

    • Starts CMD.EXE for commands execution

      • Creative_Cloud_Set-Up.exe (PID: 6384)

  • INFO

    • Checks supported languages

      • Creative_Cloud_Set-Up.exe (PID: 6384)
      • identity_helper.exe (PID: 7024)
      • Creative_Cloud_Set-Up.exe (PID: 7036)

    • Reads the software policy settings

      • Creative_Cloud_Set-Up.exe (PID: 6384)

    • Process checks whether UAC notifications are on

      • Creative_Cloud_Set-Up.exe (PID: 6384)

    • Reads the machine GUID from the registry

      • Creative_Cloud_Set-Up.exe (PID: 6384)

    • Create files in a temporary directory

      • Creative_Cloud_Set-Up.exe (PID: 6384)
      • Creative_Cloud_Set-Up.exe (PID: 7036)

    • Creates files or folders in the user directory

      • Creative_Cloud_Set-Up.exe (PID: 6384)
      • Creative_Cloud_Set-Up.exe (PID: 7036)

    • Reads the computer name

      • Creative_Cloud_Set-Up.exe (PID: 6384)
      • Creative_Cloud_Set-Up.exe (PID: 7036)
      • identity_helper.exe (PID: 7024)

    • The sample compiled with english language support

      • Creative_Cloud_Set-Up.exe (PID: 6384)

    • UPX packer has been detected

      • Creative_Cloud_Set-Up.exe (PID: 6384)
      • Creative_Cloud_Set-Up.exe (PID: 7036)

    • Process checks computer location settings

      • Creative_Cloud_Set-Up.exe (PID: 6384)

    • Checks proxy server information

      • Creative_Cloud_Set-Up.exe (PID: 6384)

    • Reads CPU info

      • Creative_Cloud_Set-Up.exe (PID: 7036)
      • Creative_Cloud_Set-Up.exe (PID: 6384)

    • Reads Environment values

      • identity_helper.exe (PID: 7024)

    • Application launched itself

      • msedge.exe (PID: 556)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (43.5)
.exe | Win32 EXE Yoda's Crypter (42.7)
.exe | Win32 Executable (generic) (7.2)
.exe | Generic Win/DOS Executable (3.2)
.exe | DOS Executable Generic (3.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:02:03 15:43:40+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.33
CodeSize: 3289088
InitializedDataSize: 49152
UninitializedDataSize: 7745536
EntryPoint: 0xa861e0
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.14.0.35
ProductVersionNumber: 2.14.0.35
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Adobe Inc.
FileDescription: Adobe Installer
FileVersion: 2.14.0.35
InternalName: Adobe Installer
LegalCopyright: © 2015-2024 Adobe. All rights reserved.
OriginalFileName: Adobe Installer
ProductName: Adobe Installer
ProductVersion: 2.14.0.35
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
174
Monitored processes
43
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start creative_cloud_set-up.exe creative_cloud_set-up.exe cmd.exe no specs conhost.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
556"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://ims-na1.adobelogin.com/ims/authorize?client_id=CreativeCloudInstallerWeb_v1_0&scope=allow_ac_dt_exchange%2Copenid%2CAdobeID%2Ccreative_cloud%2Ccreative_sdk%2Cread_organizations%2Csao.cce_private%2Cadditional_info.account_type&locale=en_US&redirect_uri=https%3A%2F%2Fauth.services.adobe.com%2Fen_US%2Fdeeplink.html%3Fdelegated_request_id%3D02da053c-58f8-4358-9c64-cfbd578e01ee%26client_id%3DCreativeCloudInstallerWeb_v1_0%26deeplink%3Ddelegation&ctx_id=WAM2_KCCC_5_1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1580"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6292 --field-trial-handle=2448,i,5017470109052596915,16749587664165916034,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
3080"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2444 --field-trial-handle=2448,i,5017470109052596915,16749587664165916034,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
3260"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2648 --field-trial-handle=2448,i,5017470109052596915,16749587664165916034,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
4512"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5552 --field-trial-handle=2448,i,5017470109052596915,16749587664165916034,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
4668"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2680 --field-trial-handle=2448,i,5017470109052596915,16749587664165916034,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
4716"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5340 --field-trial-handle=2448,i,5017470109052596915,16749587664165916034,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
4716"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6044 --field-trial-handle=2448,i,5017470109052596915,16749587664165916034,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
5712"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4112 --field-trial-handle=2448,i,5017470109052596915,16749587664165916034,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6096"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5748 --field-trial-handle=2448,i,5017470109052596915,16749587664165916034,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
13 316
Read events
13 283
Write events
29
Delete events
4

Modification events

(PID) Process:(6384) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6384) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6384) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6384) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates
Operation:delete valueName:686DF0A4A89F7CB6BFB4D33C6A48E2EE5FB6C4FB
Value:
(PID) Process:(6384) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\686DF0A4A89F7CB6BFB4D33C6A48E2EE5FB6C4FB
Operation:writeName:Blob
Value:
030000000100000014000000686DF0A4A89F7CB6BFB4D33C6A48E2EE5FB6C4FB2000000001000000C3050000308205BF308203A7A003020102020401CFBD1C300D06092A864886F70D01010D050030818E310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F67793124302206035504030C1B41646F626520496E7465726D6564696174652043412031302D3139301E170D3233303830373135313132375A170D3330303830353135313132355A308191310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F67793127302506035504030C1E41646F626520436F6E74656E742043657274696669636174652031302D3830820222300D06092A864886F70D01010105000382020F003082020A0282020100D119F9B8D2D41D892ABF9F1F3CD1F947141B9867E9BE6D96E479C74C87E42F61F5B927BCCB7CAEBE27B26465B8E2F1118C2041980B88D7F559B8F9D041110E19F29CE5033FE9B8184D47982257E97D1B62744521BC329A7861A2376EEB8F3248EB031A7B43B1F22174FCC3C642033770137CAD8329B240970127EDD3030D9A69AF242FC7405B5867D0F5950BB0B79F702E84180EE43CA21F46ADCE07AD014F5CFD7BE25E735EB0431889BCCE40A4E94791FCA5A65DA24838D189B85218C9961EB1BCE8DB4CB2FFC7A2C3419788E68098350CACC6AA61DFB3D8476454927F9AB767037A84ED4E39862B3F386A065B169403259617150679E34AF188035D8BEBD9F4F22544CBF81F0D0516799D39A17A56C12E5C151945D65084367647C6F6A78ADE46F7BCC0B8ACA7D8ABFE3EB34AB2D1FB7800A98DA86C8DA956B267E309634D55FF7F6570F9B926BD602D4A94E77C662D1479C576B972D87BB35EA634B5F676774D40E04A0A908948C269C7DC71778ED5D15D9B8F4519EE858BC273A49AFC7A206AFD97286716B832E64154A074305D7BBCB7F2205017D1ED5CA6E42EDC6D35FABC88DD188028B15E5AA5296E12C03486A80A6E3CB0C001E4742B1EDF02FA70C2EBDCBEC606480054FC467729E99D1EB80BEE04B36FB17C722068079146FDE54B06C3EC5C4BAFAF113D2000EF36AEBE8454560E81D0CF982A798BAE3C39CD430203010001A320301E300E0603551D0F0101FF040403020780300C0603551D130101FF04023000300D06092A864886F70D01010D050003820201006BF0137EE63D74F0DF4EE19376625AC33574898A025B764E9BD69F8C7D9FA1C7F9B58F0355F206CAB84927D626275A8FD0D1C6A3B9A7811B361A68523AD86199EC1188922CE525246BFEF1B4DD23EB5B8EE0894D4495CEB1C0F27BCA3812C7C02432F9A693C7A331C53162A76C687C0FF60B31389A0E11F9DA1FD8CEAE91FF671222083643E0A7C0B97F170AB051856AB58C8B3278D16753CFAAC05CEC9A08C0FCC2E993AAEA79225D70E9EC8BFB53C93BE8915B2026A35BF05D3C9E5E417FABC5648D9FD8F153E8787F1E3CDD637FE2ABD8C8A5D1C9171C342E588A77FF2739DC6B88C79DC933DEDF535C496BA652A184B6B65B831AA7706251494108D58F8565624E37A343696F2E42C029333DAB8B1A9E34BDA64B58546906E9BD3F0D67F3CB830E8B6BF3B01F653C938DA93B53A6878A14FE75550B546D580FA40F0E6E6FAC25113513F48C9FC79B27689B906AFD59D11ABBDF4FDE466D2A93431606DB3938D9E9F7505D1A0CD91E4F116A2F3E1837BA0C1AB0CC74724916A65D9B2C09B00EEF96BDA7156F789449923371B5AAC2A6728B0B3E71AC656EBC820BAD65977CEBAF56611C8D322C78AF95C5DC1C2E56D95ECA6EFB5664010860DD6C82FAF60A9CD493EECC6B013449633928D96BB0D38F28F838564DB989958ECFD5325FA51F8EC4148545C5A94705BEB7200B427F978959CC7A031FE58F7E2F42AD48E3BB82
(PID) Process:(6384) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates
Operation:delete valueName:85E2C5B0D9CFF505363FA62A5E8B8C1D76A60B46
Value:
(PID) Process:(6384) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\85E2C5B0D9CFF505363FA62A5E8B8C1D76A60B46
Operation:writeName:Blob
Value:
03000000010000001400000085E2C5B0D9CFF505363FA62A5E8B8C1D76A60B462000000001000000BC050000308205B8308203A0A003020102020426C66CD0300D06092A864886F70D01010D0500308185310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F6779311B301906035504030C1241646F626520526F6F742043412031302D333020170D3138303831373137333831395A180F32303638303830343137333831395A30818E310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F67793124302206035504030C1B41646F626520496E7465726D6564696174652043412031302D313930820222300D06092A864886F70D01010105000382020F003082020A0282020100B533B875034A0E7563110700E026D838B4ED1369EE54D6DB09EBF764A4778EF8A7DC7DFBA9386A78E61BE8FF8722D2CA1535CC02C111F9FAE54FDC09698D22D9D936B3133AAB757B596A1C093CF3559F351D3F10DC44FB0F9787E1F685E83DC775C74D0E563F1509071A1D4BCD919D0B9EBAF925867A85E7E5B9B13040760DFBE2A9BD70E028963DD69631E9CF2F5CA3A6634AC8BFE2DAE5CDE9DF35E935B4F88A17FC78786052BADF6E5A378E34A16D16EC7EEB69BF0917FD7210AE129AE2B5F3473E28EA73E25E81176229F0AD99B74069CF6C30413AB85D86F7FEC519E01806A928CF2E5EA9C9AAE9F57A60401E76313FD017BBE23541B455DA6C7D49E39F6B451A67EA2160056781067C489526D297410AC05E87FBECA66D75BDA1EAEEC9652891598957F4C19FB53EC491B1D600D1AD75D7C164D613BA6CE275682F44399515C247D11D72DC440FD800225A13AE8D16494EAA9F1F82120D2F51243683D2AA62CDCF5BE075720B7D566EADB5E46EE3299B43296A49BF3FBE2E672E72E42E7918E608466028DE4F215CD362CFD921200FF946168717D09AF99095950812F5A4DE4073E2C5697A318B9EB51A585A36E74DBD8FB7277C8AEB7DDD42FFBEB32C181F9EDADDC1480B95F16E7EA37D0DAB3F2F5009D570AA4624B66A7017C75F1CAA7C544E15DEF0C6E6CF6A4F26312B68F633B7A5A4203C97E77A32141E7CF4970203010001A3233021300E0603551D0F0101FF040403020204300F0603551D130101FF040530030101FF300D06092A864886F70D01010D050003820201005BD66C82CA184490136B886EF3B5F5B6866768C8CFD13F701025AEB8DC8B7B4539C071032663327F1B55D773E062EA01551038BC12895B4A760A23EC0EF1E24C1D25649B12DAD880B576A952BA1F9D1ED0C5BDF45E8A9F9465C091E22FF7165912FBA642B3E2979897339AB2AE511615D3E20B27E3E60E13FE188C7C7119F14029CCFAF1E9FEF5C7E53CE1C0D1CFCB8507131C446AF5B7F67B701E1EE4151CADD14048737CF0EC86F8964D75B8509BF07A984441641622568D5EA1B9124101DB76C578BEE86ACDB651A90B5C3ABDAB541F3A41E82CBFC0D30319E1975924540A71E8D1A3603CAADE3CEFCF0B362B62FA09EFE97827276B0B79F58553136C89AA72A9F3F7FDAA87E5789978ABE6AF28C04F7D673954594329ACE012159C5EE6B2CB43B55F507E0E0F68233E8A3C6FE13A2CB23B4F38DDECAEAE21E99BD6E152793AD59B8286256EDE041654CB8A7C069D773868F8BDDEA44FCCDCFC4C0CFEC6F9357093024D88519A40BDB3B77B0988051418FCBA0A67C5CAABC66F21D094E5D612DD7F951291892A4F8EF35EFDB2C9D940FCBDDFDB75D19B1B215A36DEC147C9D716BB4A06047E90D0D0FAD64A56F24A6B650843D5CDD2ABA7E8894B4693D775AEBC8D65063D1813B0BE5C9C6357C43BE7AEA9B3B6021935ACC2B8F38746AEAB5EAA06F447BE0CFFF20B38811E273023CD035F14AD3A7BABEE646909282CC3EF
(PID) Process:(6384) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates
Operation:delete valueName:4C7C2E87F0BC79A039D39B05F899A1CC521FDE99
Value:
(PID) Process:(6384) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\4C7C2E87F0BC79A039D39B05F899A1CC521FDE99
Operation:writeName:Blob
Value:
0300000001000000140000004C7C2E87F0BC79A039D39B05F899A1CC521FDE992000000001000000C3050000308205BF308203A7A00302010202046E271780300D06092A864886F70D01010D050030818E310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F67793124302206035504030C1B41646F626520496E7465726D6564696174652043412031302D3135301E170D3233303830373133343834335A170D3330303830353133343834315A308191310B30090603550406130255533113301106035504080C0A43616C69666F726E69613111300F06035504070C0853616E204A6F736531163014060355040A0C0D41646F62652053797374656D7331193017060355040B0C10436C6F756420546563686E6F6C6F67793127302506035504030C1E41646F626520436F6E74656E742043657274696669636174652031302D3730820222300D06092A864886F70D01010105000382020F003082020A0282020100AD280D5CFB35F4129A580996209E83CD117CAB917F7F8B85E353C39899FA07BC7050077DB622FE4B43C477C0ABB8325A1EE90F76416E2AF5CB76ED9CCEC153694C6ADD14358E1C5C45D32DB721654781BA134E981AE3B21D56FE739AFD397DB8101FA65554AD67D9B808D45487D9913BD7CF30E094A948546DA75F51395AB7B0F122244976683D87CE6797AAEA3D5EE468553FC658B2B9530E33E2AA418950458D4147270F8773E3D93DA7DF6A1E8F58E439218236D110A658BF5037260D3F596E1F06B9E963F758ECA3F99FAA454640628E3BC66C16E914AAD9BEA5A47F954CA0FF73CF4237E8545E5E82F66795493508A6852F4564EF44DBB31B23C27D6DCC54E749094BB404073ED05AB6BF54AFADEC8EA7B58CE2D935C4B0EC8A054BEF86CEBFD63FAAB8FAE41104E8BDAF1F3F2474D78E050C8F33510C80ABBA83C0DA198107E47B40CD119B71827A510AE65E9B97D5E617B397CF517CFECBC47A890BBC350C5B631A50F254151D4D84CD512E0F57241E10B1BD1569287A900D4BF4A23532556266BC1C8B1014972F126B20A2E2E7DB73774EB822669FC2BCF56D817EE3F5D20F9B029EC62D377D5328000CE5D921C965337C500416A6C3E828ED27AD8ED370F8B9035C322CE75ED6DE25002E363475F95E24AD6E30B9350EB2934A431BF09C8B4DF073213FD6393192D796022B4275A73E5B4A2BF3B226D6A537E96C450203010001A320301E300E0603551D0F0101FF040403020780300C0603551D130101FF04023000300D06092A864886F70D01010D05000382020100315188A437CB6A526AB679D888EF1051EA301191B36FF818D3E7E1B8CBC8E1C078FC058E0D7BD61B11FD8EFEF27B411C3F494F6734C286008FFB39D2EECF012929913628C5B160F6CA24FAB63068FC48CB91293FC302F3D16F5DE8DBDFE3A57ABCA9A081C4CFA82FA3E06F36A318251A351C5E08FE4F4A286D1EBB4BF87278F7E54FAF53E1B37148F19F210136C5F3B5981A89A3AAF8351490555D001AEE6C9AB2BD27CC13D162EF6314C47FCE2C668E16ED641D2B6871EF3B0AFBC8E5E2B93D775049061496057A361C2CD1ED7CBDADD143A0F114E9D5066C6E2F2BFD771B44C8979CF0F094D2D89E104C935EF362EABCCCDA4559BB33E640B3C1920CF314688FDC639665E8E81F6B9312516D937A6DB751FD39E044271432D0E83BFCB5E8DF5CBE2A7C15E272E09AA96F939AC7B6655FCFE91E59474B3A4CECF12490CB1F3AA2A80AE53CBE867CCAEFF9CA84D487BF438F4213B253148FF8BE54CAEE1E4AA157353F707A966F946E89A8FC8964849EB948BD54B2B2E6D1DD85BA7DF45208206472A5AA93860C5EE8F6460739EA3231EC590F09602FF29F09ECEDBDBD635CB42670C8288B3F051DD6C393240D0A668B9A2C20BD70F182CE58D152089385AB717C7C624826EC39424050AD45048927D2E771BE6F6693055589F3612DF47C206D6AE8600F9D60F7AEBC5567458D8A423B76D6082AB213FFF88584909E76B458AB
(PID) Process:(6384) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates
Operation:delete valueName:A5C8D928986EC17FCC7D5F2353885D1709B73A29
Value:
Executable files
6
Suspicious files
269
Text files
50
Unknown types
0

Dropped files

PID
Process
Filename
Type
6384Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\9588c35f-d920-4e8d-94de-1a34cd1cf83a
MD5:
SHA256:
6384Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\anon_events\cb562dd2-bc73-4961-beca-54bfdba6ccf0
MD5:
SHA256:
6384Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\CreativeCloud\ACC\WAM.logtext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
6384Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\manifestbinary
MD5:45971D4E3A47775BB5A7260BB5EA3C36
SHA256:81C611F35BFF79491538B2F7CF201C7597A661A5C549633541C62BDC8AF1613F
6384Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\dat6AA4.tmpbinary
MD5:FA794EC12D353C26805FF53821331FC2
SHA256:CFDBD8A2AA463C11E483DC10C480ACD274E9786632F5571A3970E8A20A2D8237
6384Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{AE2B2D6A-F1BC-4740-8013-A212E113E93B}\index.htmlhtml
MD5:A28AB17B18FF254173DFEEF03245EFD0
SHA256:886C0AB69E6E9D9D5B5909451640EA587ACCFCDF11B8369CAD8542D1626AC375
6384Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Adobe\OOBE\temp_lbs_widtext
MD5:1177EA68CA9739FBD611DC2C918823DB
SHA256:88983C6D786BDF9B16F7C51163B38F61AE4B7FD92D74D44169ECE75EF41F2202
6384Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBbinary
MD5:47668124BBFA927815D6E8822F6F6D8C
SHA256:25A41D558611BC9A350C9E8C6588D0E51F9D92F2AB5179812579EFB909FFEC6F
6384Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141binary
MD5:F84EBB0F093155273D9E0EC5432AC1A7
SHA256:59170B187112FBD68418F2C3008709E6EF15BCE28245693ACAF4E5C250FE721C
6384Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419binary
MD5:99814DE85E9ECB9D5A5D94C8B056B81D
SHA256:850E54EC4DF45B2551C6580FF889282E6461B0E559851109C2D8DBE369D882A9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
20
TCP/UDP connections
117
DNS requests
98
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6384
Creative_Cloud_Set-Up.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6384
Creative_Cloud_Set-Up.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
8016
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1739537047&P2=404&P3=2&P4=QenXEQWB%2brrqjRJpKZOQjSq%2bo%2bXlkh5k988yy12vQEForV2eTyR689d3WrKFesYv4DAsRi6k2nH0jzWT6SoafQ%3d%3d
unknown
whitelisted
7528
SIHClient.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
8016
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/6ca9004c-2afd-40c0-a9b1-4fec460952e5?P1=1739537048&P2=404&P3=2&P4=VuYMGZB2YG5j7kHuWFdtsavgptHcm9jdJrQwhIPni8bjIp3UvNXoTCAU0YJ0U6HYrdfbuEJrX9gt2Jsk%2fGNSzQ%3d%3d
unknown
whitelisted
8016
svchost.exe
HEAD
200
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fb6dd03b-99d7-4cc8-a878-91c8e655c2d3?P1=1739537047&P2=404&P3=2&P4=Xl16TX%2fLc7DAtUpCFCH7h4AQ4bdqAV9kK6bzr4FWucH4GzQZB9Di%2fV%2fblpb1jppEVqf2S1EPNGDaBc%2fNbcgnWQ%3d%3d
unknown
whitelisted
8016
svchost.exe
HEAD
200
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1739537047&P2=404&P3=2&P4=QenXEQWB%2brrqjRJpKZOQjSq%2bo%2bXlkh5k988yy12vQEForV2eTyR689d3WrKFesYv4DAsRi6k2nH0jzWT6SoafQ%3d%3d
unknown
whitelisted
8016
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1739537047&P2=404&P3=2&P4=QenXEQWB%2brrqjRJpKZOQjSq%2bo%2bXlkh5k988yy12vQEForV2eTyR689d3WrKFesYv4DAsRi6k2nH0jzWT6SoafQ%3d%3d
unknown
whitelisted
6384
Creative_Cloud_Set-Up.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAmKLzE6ssKc1CsGKg5Geww%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
5064
SearchApp.exe
2.19.80.122:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1176
svchost.exe
40.126.32.133:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1176
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1076
svchost.exe
23.218.210.69:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
6384
Creative_Cloud_Set-Up.exe
52.31.218.129:443
cc-api-data.adobe.io
AMAZON-02
IE
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 2.19.80.122
  • 2.19.80.82
  • 2.19.80.75
  • 2.19.80.88
  • 2.19.80.17
  • 2.19.80.90
  • 2.19.80.8
  • 2.19.80.123
  • 2.19.80.104
  • 2.19.80.27
  • 2.19.80.99
  • 2.19.80.89
  • 2.19.80.25
  • 2.19.80.24
  • 2.19.80.115
  • 2.21.65.154
  • 2.21.65.132
  • 2.21.65.153
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
login.live.com
  • 40.126.32.133
  • 40.126.32.76
  • 40.126.32.68
  • 40.126.32.74
  • 20.190.160.67
  • 20.190.160.65
  • 20.190.160.130
  • 40.126.32.140
whitelisted
go.microsoft.com
  • 23.218.210.69
  • 184.28.89.167
whitelisted
cc-api-data.adobe.io
  • 52.31.218.129
  • 34.252.184.159
  • 52.48.8.54
whitelisted
p13n.adobe.io
  • 18.213.11.84
  • 50.16.47.176
  • 34.237.241.83
  • 54.224.241.105
whitelisted
client.messaging.adobe.com
  • 13.32.99.75
  • 13.32.99.32
  • 13.32.99.120
  • 13.32.99.117
whitelisted
lcs-cops.adobe.io
  • 34.246.54.182
  • 54.228.247.11
  • 52.48.126.58
whitelisted
resources.licenses.adobe.com
  • 13.32.47.160
whitelisted
delegated.adobelogin.com
  • 54.159.164.167
  • 34.192.27.249
  • 3.226.175.71
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Creative_Cloud_Set-Up.exe