Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Creative_Cloud_Set-Up.exe

Overview

General Information

Sample Name:Creative_Cloud_Set-Up.exe
Analysis ID:751170
MD5:d204f6faa69eba874c97689fa5f57fcd
SHA1:836b626e8e70ffd8e0154a0715374e852a5d5b36
SHA256:a900770863f79ce72b40d04385172db27c377246f75cfd98e83f5de636b7c552
Infos:

Detection

Score:6
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Stores large binary data to the registry
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Uses insecure TLS / SSL version for HTTPS connection
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Allocates memory with a write watch (potentially for evading sandboxes)
Tries to load missing DLLs
Creates a window with clipboard capturing capabilities
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries disk information (often used to detect virtual machines)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Classification

Analysis Advice

Sample may be VM or Sandbox-aware, try analysis on a native machine
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook

Process Tree

  • System is w7x64
  • Creative_Cloud_Set-Up.exe (PID: 1152 cmdline: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe MD5: D204F6FAA69EBA874C97689FA5F57FCD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeRegistry value created: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION Creative_Cloud_Set-Up.exeJump to behavior
Source: Creative_Cloud_Set-Up.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 52.41.149.13:443 -> 192.168.2.22:49174 version: TLS 1.0
Source: unknownHTTPS traffic detected: 34.209.103.105:443 -> 192.168.2.22:49177 version: TLS 1.0
Source: unknownHTTPS traffic detected: 54.188.127.72:443 -> 192.168.2.22:49179 version: TLS 1.0
Source: unknownHTTPS traffic detected: 44.239.229.78:443 -> 192.168.2.22:49184 version: TLS 1.0
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeFile created: C:\Users\user\AppData\Local\Temp\NGLClient_CreativeCloudInstaller12.1.logJump to behavior
Source: Creative_Cloud_Set-Up.exeStatic PE information: certificate valid
Source: Creative_Cloud_Set-Up.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: -up.pdb! source: Creative_Cloud_Set-Up.exe
Source: Binary string: D:\jenkins\Daily\Ccdinstaller\build\main\ccd-installer\build\msvs_win32\Release\x86\sym\CCDInstaller\CCDInstaller\Set-up.pdb source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1285692901.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp
Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
Source: unknownHTTPS traffic detected: 52.41.149.13:443 -> 192.168.2.22:49174 version: TLS 1.0
Source: unknownHTTPS traffic detected: 34.209.103.105:443 -> 192.168.2.22:49177 version: TLS 1.0
Source: unknownHTTPS traffic detected: 54.188.127.72:443 -> 192.168.2.22:49179 version: TLS 1.0
Source: unknownHTTPS traffic detected: 44.239.229.78:443 -> 192.168.2.22:49184 version: TLS 1.0
Source: unknownNetwork traffic detected: HTTP traffic on port 49184 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49179
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49177
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49174
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49184
Source: unknownNetwork traffic detected: HTTP traffic on port 49174 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49177 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49179 -> 443
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1303261250.0000000006E4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: /moc.nideknil.wwwwww.linkedin.com equals www.linkedin.com (Linkedin)
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1303261250.0000000006E4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1292717537.00000000044DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: http://allyoucanleet.com/
Source: Creative_Cloud_Set-Up.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: Creative_Cloud_Set-Up.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: Creative_Cloud_Set-Up.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: Creative_Cloud_Set-Up.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1292903128.00000000044F5000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292717537.00000000044DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1292903128.00000000044F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1292903128.00000000044F5000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292717537.00000000044DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1293008878.0000000004517000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1292717537.00000000044DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1292903128.00000000044F5000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292717537.00000000044DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: Creative_Cloud_Set-Up.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: Creative_Cloud_Set-Up.exeString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: Creative_Cloud_Set-Up.exeString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: Creative_Cloud_Set-Up.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: Creative_Cloud_Set-Up.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: Creative_Cloud_Set-Up.exeString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: Creative_Cloud_Set-Up.exeString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: Creative_Cloud_Set-Up.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1290159070.0000000003930000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fb.me/use-check-prop-types
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1303714404.0000000006EB5000.00000004.00000800.00020000.00000000.sdmp, AdobeMessagingClient[1].js.1.drString found in binary or memory: http://feross.org
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: http://jedwatson.github.io/classnames
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1292903128.00000000044F5000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292717537.00000000044DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1292717537.00000000044DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1292903128.00000000044F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1292903128.00000000044F5000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292717537.00000000044DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1292717537.00000000044DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
Source: Creative_Cloud_Set-Up.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: Creative_Cloud_Set-Up.exeString found in binary or memory: http://ocsp.digicert.com0H
Source: Creative_Cloud_Set-Up.exeString found in binary or memory: http://ocsp.digicert.com0I
Source: Creative_Cloud_Set-Up.exeString found in binary or memory: http://ocsp.digicert.com0O
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1292903128.00000000044F5000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292717537.00000000044DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1292903128.00000000044F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1298578796.0000000006530000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://typekit.com/eulas/000000000000000000014f4d
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1302441597.0000000006C83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://typekit.com/eulas/000000000000000000014f4f
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1302441597.0000000006C83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://typekit.com/eulas/000000000000000000014f50
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1302441597.0000000006C83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://typekit.com/eulas/000000000000000000014f51
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1292903128.00000000044F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: Creative_Cloud_Set-Up.exeString found in binary or memory: http://www.digicert.com/CPS0
Source: Creative_Cloud_Set-Up.exeString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1292903128.00000000044F5000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292717537.00000000044DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1285692901.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://bnjmnt4n.now.sh/
Source: Creative_Cloud_Set-Up.exe, 00000001.00000003.932173649.0000000006949000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000003.932073541.0000000006946000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000003.931493989.000000000693C000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000003.931714919.000000000693E000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1300592406.000000000694A000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000003.932006137.0000000006943000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000003.931797995.000000000693F000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000003.931688217.000000000693D000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000003.931935858.0000000006940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cc-api-data-stage.adobe.io/ingest/
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1289259794.0000000003190000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cc-api-data.adobe.io/ingest/3
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1298578796.0000000006530000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cc-api-data.adobe.io/ingest/?api_key=ccinstaller-serviceo_
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1298578796.0000000006530000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.adob
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1306951341.00000000095B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.t
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1285040980.0000000000619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://creativecloud.adoAE
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1284942722.00000000005E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://delegated.adobelogin.com
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1290784257.0000000003F1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fb.me/react-async-component-lifecycle-hooks
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1290937958.0000000003F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fb.me/react-polyfills
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1290937958.0000000003F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fb.me/react-polyfillschildren
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1303714404.0000000006EB5000.00000004.00000800.00020000.00000000.sdmp, AdobeMessagingClient[1].js.1.drString found in binary or memory: https://feross.org/opensource
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1285692901.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://ims-na1-stg1.adobelogin.com
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1285692901.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1284996482.000000000060A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ims-prod06.adobelogin.com
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1284996482.000000000060A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ims-prod06.adobelogin.comNN
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1284942722.00000000005E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ims-prod07.adobelogin.com96148
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1285692901.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://lcs-cops-dev.adobe.io
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1285692901.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://lcs-cops-stage.adobe.io
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1285692901.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1284996482.000000000060A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lcs-cops.adobe.io
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1285692901.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://lcs-cops.adobe.iohttps://lcs-cops-stage.adobe.iohttps://lcs-cops-dev.adobe.iohttps://lcs-ule
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1285692901.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://lcs-robs-dev.adobe.io
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1285692901.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://lcs-robs-stage.adobe.io
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1285692901.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1284996482.000000000060A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lcs-robs.adobe.io
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1285692901.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://lcs-ulecs-dev.adobe.io
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1285692901.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://lcs-ulecs-stage.adobe.io
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1285692901.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://lcs-ulecs.adobe.io
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://mths.be/he
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://mths.be/mit
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://mths.be/platform
Source: CCDInstaller.js.1.drString found in binary or memory: https://play.google.com/store/apps/dev?id=4734916851270416020
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1290037113.00000000038D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1292903128.00000000044F5000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292717537.00000000044DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
Source: CCDInstaller.js.1.drString found in binary or memory: https://support.apple.com/guide/safari/download-items-from-the-web-sfri40598/mac
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1291154321.00000000040B3000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292124599.000000000410E000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=cs
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293356465.00000000045A0000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=da
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1290511808.0000000003D60000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=de
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293566636.0000000004670000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=es
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293566636.0000000004670000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=fi
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293566636.0000000004670000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=fr
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293356465.00000000045A0000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=it
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293566636.0000000004670000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=ja
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292334183.0000000004170000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=ko
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292380128.0000000004184000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=nb
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292380128.0000000004184000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=nl
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=pl
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1293738857.0000000004760000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=pt
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1293738857.0000000004760000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=ru
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1293738857.0000000004760000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=sv
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1294461717.00000000049B0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=tr
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1294461717.00000000049B0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=zh-Hans
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1294461717.00000000049B0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000003.900474375.00000000004C8000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=zh-Hant
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1306951341.00000000095B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mD
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1306951341.00000000095B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsoft.co&B
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1306951341.00000000095B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/.
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1289259794.0000000003190000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.mozilla.org/cs-CZ/kb/where-find-and-manage-downloaded-files-firefox
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1290562005.0000000003D6D000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.mozilla.org/da-DK/kb/where-find-and-manage-downloaded-files-firefox
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1291154321.00000000040B3000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.mozilla.org/de-DE/kb/where-find-and-manage-downloaded-files-firefox
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293356465.00000000045A0000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.mozilla.org/en-US/kb/where-find-and-manage-downloaded-files-firefox
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293356465.00000000045A0000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.mozilla.org/es-ES/kb/where-find-and-manage-downloaded-files-firefox
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293566636.0000000004670000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.mozilla.org/fi-FI/kb/where-find-and-manage-downloaded-files-firefox
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293566636.0000000004670000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.mozilla.org/fr-FR/kb/where-find-and-manage-downloaded-files-firefox
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293566636.0000000004670000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.mozilla.org/it-IT/kb/where-find-and-manage-downloaded-files-firefox
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293356465.00000000045A0000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.mozilla.org/ja-JP/kb/where-find-and-manage-downloaded-files-firefox
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1290845244.0000000003F32000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.mozilla.org/ko-KR/kb/where-find-and-manage-downloaded-files-firefox
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293566636.0000000004670000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.mozilla.org/nb-NO/kb/where-find-and-manage-downloaded-files-firefox
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292334183.0000000004170000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.mozilla.org/nl-NL/kb/where-find-and-manage-downloaded-files-firefox
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292380128.0000000004184000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.mozilla.org/pl-PL/kb/where-find-and-manage-downloaded-files-firefox
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1293738857.0000000004760000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.mozilla.org/pt-BR/kb/where-find-and-manage-downloaded-files-firefox
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1293738857.0000000004760000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.mozilla.org/ru-RU/kb/where-find-and-manage-downloaded-files-firefox
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1293738857.0000000004760000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.mozilla.org/sv-SE/kb/where-find-and-manage-downloaded-files-firefox
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1294461717.00000000049B0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.mozilla.org/tr-TR/kb/where-find-and-manage-downloaded-files-firefox
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1293738857.0000000004760000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.mozilla.org/zh-CN/kb/where-find-and-manage-downloaded-files-firefox
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1294461717.00000000049B0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000003.900474375.00000000004C8000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drString found in binary or memory: https://support.mozilla.org/zh-TW/kb/where-find-and-manage-downloaded-files-firefox
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1290745063.0000000003F12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/t.componentWillReceiveProps
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1306951341.00000000095B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.apple.com/macos/Q
Source: CCDInstaller.js.1.drString found in binary or memory: https://www.apple.com/macos/how-to-upgrade/
Source: Creative_Cloud_Set-Up.exeString found in binary or memory: https://www.digicert.com/CPS0
Source: unknownHTTP traffic detected: POST /hsmessaging/rest HTTP/1.1Connection: closeContent-Type: text/xmlUser-Agent: Creative CloudContent-Length: 2693Host: na1e-acc.services.adobe.com
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\AdobeMessagingClient[1].cssJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
Source: Creative_Cloud_Set-Up.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1288496414.0000000001598000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAdobe Installer@ vs Creative_Cloud_Set-Up.exe
Source: Creative_Cloud_Set-Up.exe, 00000001.00000000.888294215.000000000158E000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAdobe Installer@ vs Creative_Cloud_Set-Up.exe
Source: Creative_Cloud_Set-Up.exeBinary or memory string: OriginalFilenameAdobe Installer@ vs Creative_Cloud_Set-Up.exe
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeSection loaded: windows.globalization.dllJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeMemory allocated: 77620000 page execute and read and writeJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeMemory allocated: 77740000 page execute and read and writeJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeFile read: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeFile created: C:\Users\user\AppData\Local\Adobe\licflagsJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeFile created: C:\Users\user\AppData\Local\Temp\CreativeCloudJump to behavior
Source: classification engineClassification label: clean6.winEXE@1/13@0/4
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{3EBE6875-9C4E-4782-8A43-275AFFFCA6FB}
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeMutant created: \Sessions\1\BaseNamedObjects\WAM.log
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeMutant created: \Sessions\1\BaseNamedObjects\Global\17984755fe166b7170b9b5099053521c
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeMutant created: \Sessions\1\BaseNamedObjects\Global\359dca4322b8b4a0f7f92bf448150fb
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeMutant created: \Sessions\1\BaseNamedObjects\Global\_MSIExecute
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Creative_Cloud_Set-Up.exeStatic file information: File size 3220040 > 1048576
Source: Creative_Cloud_Set-Up.exeStatic PE information: certificate valid
Source: Creative_Cloud_Set-Up.exeStatic PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x304600
Source: Creative_Cloud_Set-Up.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: -up.pdb! source: Creative_Cloud_Set-Up.exe
Source: Binary string: D:\jenkins\Daily\Ccdinstaller\build\main\ccd-installer\build\msvs_win32\Release\x86\sym\CCDInstaller\CCDInstaller\Set-up.pdb source: Creative_Cloud_Set-Up.exe, 00000001.00000002.1285692901.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeCode function: 1_3_0978C692 push F609EA52h; ret 1_3_0978C697
Source: Creative_Cloud_Set-Up.exeStatic PE information: real checksum: 0x3189da should be: 0x31e3d3
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeFile created: C:\Users\user\AppData\Local\Temp\NGLClient_CreativeCloudInstaller12.1.logJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe TID: 2860Thread sleep time: -180000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe TID: 264Thread sleep time: -80150s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe TID: 2860Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeWindow / User API: threadDelayed 1603Jump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeMemory allocated: 4890000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeMemory allocated: CD0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeMemory allocated: D90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeMemory allocated: 3060000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeMemory allocated: 5AC0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeMemory allocated: 3110000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeMemory allocated: 45C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeMemory allocated: 4990000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\Creative_Cloud_Set-Up.exeRegistry value created: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATIONJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts11
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Masquerading		OS Credential Dumping2
Security Software Discovery		Remote Services1
Clipboard Data		Exfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default Accounts1
Scripting		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts41
Virtualization/Sandbox Evasion		LSASS Memory1
Query Registry		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)11
Modify Registry		Security Account Manager41
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
Scripting		NTDS1
Process Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer2
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script11
Obfuscated Files or Information		LSA Secrets1
Application Window Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
Software Packing		Cached Domain Credentials1
Remote System Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items1
DLL Side-Loading		DCSync1
File and Directory Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem23
System Information Discovery		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Creative_Cloud_Set-Up.exe1%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://ocsp.entrust.net030%URL Reputationsafe
http://ocsp.entrust.net030%URL Reputationsafe
https://bnjmnt4n.now.sh/0%URL Reputationsafe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
https://mths.be/mit0%URL Reputationsafe
https://mths.be/platform0%URL Reputationsafe
http://ocsp.entrust.net0D0%URL Reputationsafe
http://jedwatson.github.io/classnames0%URL Reputationsafe
http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
http://allyoucanleet.com/0%URL Reputationsafe
https://support.microsoft.co&B0%Avira URL Cloudsafe
https://support.mD0%Avira URL Cloudsafe
https://crea.t0%Avira URL Cloudsafe
https://mths.be/he0%VirustotalBrowse
https://creativecloud.adoAE0%Avira URL Cloudsafe
https://support.mD0%VirustotalBrowse
https://community.adob0%Avira URL Cloudsafe
https://mths.be/he0%Avira URL Cloudsafe
https://ims-prod07.adobelogin.com961480%Avira URL Cloudsafe
https://ims-prod06.adobelogin.comNN0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com
52.41.149.13
truefalse
    		high
    ETS-PRD2-UW1-COLL-ELB-2013165758.us-west-2.elb.amazonaws.com
    		44.239.229.78
    		truefalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=zh-HansCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1294461717.00000000049B0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
        		high
        https://ims-prod06.adobelogin.comCreative_Cloud_Set-Up.exe, 00000001.00000002.1285692901.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1284996482.000000000060A000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=zh-HantCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1294461717.00000000049B0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000003.900474375.00000000004C8000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
            		high
            https://support.mozilla.org/.Creative_Cloud_Set-Up.exe, 00000001.00000002.1306951341.00000000095B2000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              https://support.mozilla.org/ja-JP/kb/where-find-and-manage-downloaded-files-firefoxCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293356465.00000000045A0000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drfalse
                		high
                http://ocsp.entrust.net03Creative_Cloud_Set-Up.exe, 00000001.00000002.1292903128.00000000044F5000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292717537.00000000044DD000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                https://support.mozilla.org/sv-SE/kb/where-find-and-manage-downloaded-files-firefoxCreative_Cloud_Set-Up.exe, 00000001.00000002.1293738857.0000000004760000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                  		high
                  https://support.mozilla.org/pt-BR/kb/where-find-and-manage-downloaded-files-firefoxCreative_Cloud_Set-Up.exe, 00000001.00000002.1293738857.0000000004760000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                    		high
                    https://bnjmnt4n.now.sh/Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://support.mozilla.org/en-US/kb/where-find-and-manage-downloaded-files-firefoxCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293356465.00000000045A0000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drfalse
                      		high
                      https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=ptCreative_Cloud_Set-Up.exe, 00000001.00000002.1293738857.0000000004760000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                        		high
                        https://support.mozilla.org/ru-RU/kb/where-find-and-manage-downloaded-files-firefoxCreative_Cloud_Set-Up.exe, 00000001.00000002.1293738857.0000000004760000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                          		high
                          http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0Creative_Cloud_Set-Up.exe, 00000001.00000002.1292717537.00000000044DD000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.diginotar.nl/cps/pkioverheid0Creative_Cloud_Set-Up.exe, 00000001.00000002.1292903128.00000000044F5000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292717537.00000000044DD000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=plCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                            		high
                            https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=trCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1294461717.00000000049B0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                              		high
                              https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=daCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293356465.00000000045A0000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drfalse
                                		high
                                https://play.google.com/store/apps/dev?id=4734916851270416020CCDInstaller.js.1.drfalse
                                  		high
                                  https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=deCreative_Cloud_Set-Up.exe, 00000001.00000002.1290511808.0000000003D60000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                    		high
                                    http://typekit.com/eulas/000000000000000000014f4dCreative_Cloud_Set-Up.exe, 00000001.00000002.1298578796.0000000006530000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://support.mozilla.org/fr-FR/kb/where-find-and-manage-downloaded-files-firefoxCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293566636.0000000004670000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                        		high
                                        https://mths.be/heCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://support.mDCreative_Cloud_Set-Up.exe, 00000001.00000002.1306951341.00000000095B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://crea.tCreative_Cloud_Set-Up.exe, 00000001.00000002.1306951341.00000000095B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://delegated.adobelogin.comCreative_Cloud_Set-Up.exe, 00000001.00000002.1284942722.00000000005E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://fb.me/react-polyfillschildrenCreative_Cloud_Set-Up.exe, 00000001.00000002.1290937958.0000000003F90000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://mths.be/mitCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1Creative_Cloud_Set-Up.exe, 00000001.00000002.1291154321.00000000040B3000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                              		high
                                              https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=csCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292124599.000000000410E000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                                		high
                                                https://community.adobCreative_Cloud_Set-Up.exe, 00000001.00000002.1298578796.0000000006530000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://typekit.com/eulas/000000000000000000014f4fCreative_Cloud_Set-Up.exe, 00000001.00000002.1302441597.0000000006C83000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://mths.be/platformCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=koCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292334183.0000000004170000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drfalse
                                                    		high
                                                    https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=svCreative_Cloud_Set-Up.exe, 00000001.00000002.1293738857.0000000004760000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                                      		high
                                                      https://support.mozilla.org/de-DE/kb/where-find-and-manage-downloaded-files-firefoxCreative_Cloud_Set-Up.exe, 00000001.00000002.1291154321.00000000040B3000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                                        		high
                                                        http://typekit.com/eulas/000000000000000000014f51Creative_Cloud_Set-Up.exe, 00000001.00000002.1302441597.0000000006C83000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://typekit.com/eulas/000000000000000000014f50Creative_Cloud_Set-Up.exe, 00000001.00000002.1302441597.0000000006C83000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://ocsp.entrust.net0DCreative_Cloud_Set-Up.exe, 00000001.00000002.1292903128.00000000044F5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://jedwatson.github.io/classnamesCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://ims-na1-stg1.adobelogin.comCreative_Cloud_Set-Up.exe, 00000001.00000002.1285692901.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpfalse
                                                              		high
                                                              http://crl.entrust.net/server1.crl0Creative_Cloud_Set-Up.exe, 00000001.00000002.1292903128.00000000044F5000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292717537.00000000044DD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://support.microsoft.co&BCreative_Cloud_Set-Up.exe, 00000001.00000002.1306951341.00000000095B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		low
                                                                https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=frCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293566636.0000000004670000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                                                  		high
                                                                  https://support.mozilla.org/cs-CZ/kb/where-find-and-manage-downloaded-files-firefoxCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1289259794.0000000003190000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                                                    		high
                                                                    https://creativecloud.adoAECreative_Cloud_Set-Up.exe, 00000001.00000002.1285040980.0000000000619000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://support.mozilla.org/da-DK/kb/where-find-and-manage-downloaded-files-firefoxCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1290562005.0000000003D6D000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                                                      		high
                                                                      https://reactjs.org/docs/error-decoder.html?invariant=Creative_Cloud_Set-Up.exe, 00000001.00000002.1290037113.00000000038D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://fb.me/react-async-component-lifecycle-hooksCreative_Cloud_Set-Up.exe, 00000001.00000002.1290784257.0000000003F1F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://ims-prod07.adobelogin.com96148Creative_Cloud_Set-Up.exe, 00000001.00000002.1284942722.00000000005E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=fiCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293566636.0000000004670000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                                                            		high
                                                                            https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=ruCreative_Cloud_Set-Up.exe, 00000001.00000002.1293738857.0000000004760000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                                                              		high
                                                                              https://support.mozilla.org/zh-CN/kb/where-find-and-manage-downloaded-files-firefoxCreative_Cloud_Set-Up.exe, 00000001.00000002.1293738857.0000000004760000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                                                                		high
                                                                                https://support.mozilla.org/it-IT/kb/where-find-and-manage-downloaded-files-firefoxCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293566636.0000000004670000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                                                                  		high
                                                                                  https://support.mozilla.org/tr-TR/kb/where-find-and-manage-downloaded-files-firefoxCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1294461717.00000000049B0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                                                                    		high
                                                                                    http://fb.me/use-check-prop-typesCreative_Cloud_Set-Up.exe, 00000001.00000002.1290159070.0000000003930000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=nlCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292380128.0000000004184000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drfalse
                                                                                        		high
                                                                                        https://support.mozilla.org/es-ES/kb/where-find-and-manage-downloaded-files-firefoxCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293356465.00000000045A0000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drfalse
                                                                                          		high
                                                                                          https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=nbCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292380128.0000000004184000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drfalse
                                                                                            		high
                                                                                            https://support.mozilla.org/nl-NL/kb/where-find-and-manage-downloaded-files-firefoxCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292334183.0000000004170000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drfalse
                                                                                              		high
                                                                                              https://support.mozilla.org/zh-TW/kb/where-find-and-manage-downloaded-files-firefoxCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1294461717.00000000049B0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000003.900474375.00000000004C8000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                                                                                		high
                                                                                                https://support.mozilla.org/nb-NO/kb/where-find-and-manage-downloaded-files-firefoxCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293566636.0000000004670000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                                                                                  		high
                                                                                                  http://crl.pkioverheid.nl/DomOvLatestCRL.crl0Creative_Cloud_Set-Up.exe, 00000001.00000002.1292903128.00000000044F5000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292717537.00000000044DD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://feross.org/opensourceCreative_Cloud_Set-Up.exe, 00000001.00000002.1303714404.0000000006EB5000.00000004.00000800.00020000.00000000.sdmp, AdobeMessagingClient[1].js.1.drfalse
                                                                                                    		high
                                                                                                    https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=jaCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293566636.0000000004670000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                                                                                      		high
                                                                                                      https://support.mozilla.org/fi-FI/kb/where-find-and-manage-downloaded-files-firefoxCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293566636.0000000004670000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                                                                                        		high
                                                                                                        https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=itCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293356465.00000000045A0000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drfalse
                                                                                                          		high
                                                                                                          https://support.google.com/chrome/answer/95759?visit_id=637090496096814473-703968052&rd=1&hl=esCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1293566636.0000000004670000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                                                                                            		high
                                                                                                            https://support.mozilla.org/ko-KR/kb/where-find-and-manage-downloaded-files-firefoxCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1290845244.0000000003F32000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drfalse
                                                                                                              		high
                                                                                                              https://fb.me/react-polyfillsCreative_Cloud_Set-Up.exe, 00000001.00000002.1290937958.0000000003F90000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.winimage.com/zLibDllCreative_Cloud_Set-Up.exe, 00000001.00000002.1285692901.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://ims-prod06.adobelogin.comNNCreative_Cloud_Set-Up.exe, 00000001.00000002.1284996482.000000000060A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://allyoucanleet.com/Creative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, CCDInstaller.js.1.drfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://feross.orgCreative_Cloud_Set-Up.exe, 00000001.00000002.1303714404.0000000006EB5000.00000004.00000800.00020000.00000000.sdmp, AdobeMessagingClient[1].js.1.drfalse
                                                                                                                    		high
                                                                                                                    https://secure.comodo.com/CPS0Creative_Cloud_Set-Up.exe, 00000001.00000002.1292903128.00000000044F5000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292717537.00000000044DD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://support.mozilla.org/pl-PL/kb/where-find-and-manage-downloaded-files-firefoxCreative_Cloud_Set-Up.exe, 00000001.00000002.1296837178.00000000060F0000.00000004.00000800.00020000.00000000.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1287064952.00000000011CA000.00000040.00000001.01000000.00000003.sdmp, Creative_Cloud_Set-Up.exe, 00000001.00000002.1292380128.0000000004184000.00000004.00000800.00020000.00000000.sdmp, CCDInstaller.js.1.drfalse
                                                                                                                        		high
                                                                                                                        http://crl.entrust.net/2048ca.crl0Creative_Cloud_Set-Up.exe, 00000001.00000002.1292903128.00000000044F5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://use.typekit.net/t.componentWillReceivePropsCreative_Cloud_Set-Up.exe, 00000001.00000002.1290745063.0000000003F12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high

                                                                                                                            World Map of Contacted IPs

                                                                                                                            • No. of IPs < 25%
                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                            • 75% < No. of IPs

                                                                                                                            Public IPs

                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                            52.41.149.13
                                                                                                                            		ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.comUnited States
                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                            54.188.127.72
                                                                                                                            		unknownUnited States
                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                            34.209.103.105
                                                                                                                            		unknownUnited States
                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                            44.239.229.78
                                                                                                                            		ETS-PRD2-UW1-COLL-ELB-2013165758.us-west-2.elb.amazonaws.comUnited States
                                                                                                                            		16509AMAZON-02USfalse

                                                                                                                            General Information

                                                                                                                            Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                            Analysis ID:751170
                                                                                                                            Start date and time:2022-11-21 21:06:47 +01:00
                                                                                                                            Joe Sandbox Product:CloudBasic
                                                                                                                            Overall analysis duration:0h 8m 10s
                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                            Report type:full
                                                                                                                            Sample file name:Creative_Cloud_Set-Up.exe
                                                                                                                            Cookbook file name:default.jbs
                                                                                                                            Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                                            Run name:Run with higher sleep bypass
                                                                                                                            Number of analysed new started processes analysed:5
                                                                                                                            Number of new started drivers analysed:0
                                                                                                                            Number of existing processes analysed:0
                                                                                                                            Number of existing drivers analysed:0
                                                                                                                            Number of injected processes analysed:0
                                                                                                                            Technologies:
                                                                                                                            • HCA enabled
                                                                                                                            • EGA enabled
                                                                                                                            • HDC enabled
                                                                                                                            • AMSI enabled
                                                                                                                            Analysis Mode:default
                                                                                                                            Analysis stop reason:Timeout
                                                                                                                            Detection:CLEAN
                                                                                                                            Classification:clean6.winEXE@1/13@0/4
                                                                                                                            EGA Information:Failed
                                                                                                                            HDC Information:Failed
                                                                                                                            HCA Information:
                                                                                                                            • Successful, ratio: 100%
                                                                                                                            • Number of executed functions: 1
                                                                                                                            • Number of non-executed functions: 0
                                                                                                                            Cookbook Comments:
                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                            Warnings

                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                                                                                                                            • Excluded IPs from analysis (whitelisted): 54.194.243.238, 54.195.71.107, 34.250.67.152, 54.74.179.44, 54.77.72.255, 3.248.26.100, 93.184.221.240, 209.197.3.8, 18.64.119.10, 18.64.119.52, 18.64.119.7, 18.64.119.120
                                                                                                                            • Excluded domains from analysis (whitelisted): wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, na1e-acc.services.adobe.com, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, na1e-uw.services.adobe.com, cc-api-data.adobe.io, wu-bg-shim.trafficmanager.net, wu.azureedge.net, client.messaging.adobe.com
                                                                                                                            • Execution Graph export aborted for target Creative_Cloud_Set-Up.exe, PID 1152 because there are no executed function
                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                            Simulations

                                                                                                                            Behavior and APIs

                                                                                                                            No simulations

                                                                                                                            Joe Sandbox View / Context

                                                                                                                            IPs

                                                                                                                            No context

                                                                                                                            Domains

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                            ETS-PRD2-UW1-COLL-ELB-2013165758.us-west-2.elb.amazonaws.comMsYJ3XxLoA.exeGet hashmaliciousBrowse
                                                                                                                            • 54.149.159.228
                                                                                                                            Creative_Cloud_Set-Up.exeGet hashmaliciousBrowse
                                                                                                                            • 52.32.14.85
                                                                                                                            Creative_Cloud_Set-Up.exeGet hashmaliciousBrowse
                                                                                                                            • 44.231.113.218
                                                                                                                            ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.comMsYJ3XxLoA.exeGet hashmaliciousBrowse
                                                                                                                            • 54.149.159.228
                                                                                                                            Creative_Cloud_Set-Up.exeGet hashmaliciousBrowse
                                                                                                                            • 52.32.14.85
                                                                                                                            Creative_Cloud_Set-Up.exeGet hashmaliciousBrowse
                                                                                                                            • 44.231.113.218

                                                                                                                            ASNs

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                            AMAZON-02USfile.exeGet hashmaliciousBrowse
                                                                                                                            • 52.216.162.211
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 104.192.141.1
                                                                                                                            DvrWebClient.exeGet hashmaliciousBrowse
                                                                                                                            • 54.194.190.252
                                                                                                                            Aposporogony.exeGet hashmaliciousBrowse
                                                                                                                            • 3.13.90.76
                                                                                                                            https://us-west-2.protection.sophos.com/?d=gingrapp.com&u=aHR0cDovL2VtYWlsLm1haWxndW4uZ2luZ3JhcHAuY29tL2MvZUp4VXpFOVBnekFZZ1BGUFUyNlEwZ0tGQXdkMVlZa3hHbzNMbHQzZXZuM0xjT1dQTGJETlQyOTI4T0Q5ZVg2bUJzcEZYa1JVcDBWUmNWa1ZQSXRPZFpXcFFtZFNZeVUwbGtxVnFTV3JVc3FGaFZTQ2lycWFTeVdrUklxdEZpck9DNEZ4bVJzVjI5SVl3eXVORWkzTGVBLWRhNWNoYWJ1aDlUQk5DWTU5NU9yVFBFOU1QakRSTU5GUTRzRjBTMEFZd01DOVlLTDVvREF1SG1rWG9LVUV3blJsc2xtOFkzTHpiNVpQT185endPSHktWFpPZXBwaEpSOW9HZzFDbUVNU19qd201SEhfdk9yaHZPaXQ0Mlo3ZGNnZnYyRl83T2xnVnV5djU1Zi1kZFh2bk1sTjVHdlM0M0JMWERmUGpnTEwtRmRuN2UweWVtZnU0RzhBQUFEX18xVXJaWXM=&i=NjBlN2U0YjcyYzU4ZjEwZjVlMTAxOGEw&t=REpubjFoRjROWXdoaWZPRktrS0dXSWN5R3l3N0IvNDFSSUdaZmk1KzdvYz0=&h=c48938bfb13e497e8706340db09941a4&s=AVNPUEhUT0NFTkNSWVBUSVY7uy5ifmEVJg80a0a5KrC1bMbgSP5ZWgOuGGz--wPrL_2DpnmRxkU2uRIOtWRYzs3sFvyJ8ESaRm6Tz-d67nZMJv1hgw7CQOVESxq3uFSAtQGet hashmaliciousBrowse
                                                                                                                            • 65.9.86.44
                                                                                                                            D_20221121155357.xlsGet hashmaliciousBrowse
                                                                                                                            • 52.29.58.98
                                                                                                                            http://gofile.meGet hashmaliciousBrowse
                                                                                                                            • 52.85.92.2
                                                                                                                            MSG111925056.htmlGet hashmaliciousBrowse
                                                                                                                            • 54.230.206.25
                                                                                                                            https://www.people.work.gd/logon.htmlGet hashmaliciousBrowse
                                                                                                                            • 52.222.191.79
                                                                                                                            https://t.co/DPdzrHssgoGet hashmaliciousBrowse
                                                                                                                            • 52.85.92.70
                                                                                                                            proforma pdf.exeGet hashmaliciousBrowse
                                                                                                                            • 3.64.163.50
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 54.231.192.201
                                                                                                                            NDA_Non-Disclosure Agreement_NFE-PROJECT.exeGet hashmaliciousBrowse
                                                                                                                            • 3.64.163.50
                                                                                                                            20221117_300495_XMLNOTA.msiGet hashmaliciousBrowse
                                                                                                                            • 52.85.92.97
                                                                                                                            http://moekyepkd.comGet hashmaliciousBrowse
                                                                                                                            • 65.9.66.48
                                                                                                                            FZpbMvlXqQ.elfGet hashmaliciousBrowse
                                                                                                                            • 15.193.36.162
                                                                                                                            payment copy_$31,400.exeGet hashmaliciousBrowse
                                                                                                                            • 54.151.192.117
                                                                                                                            payment_copy_receipt_file.exeGet hashmaliciousBrowse
                                                                                                                            • 75.2.115.196
                                                                                                                            https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fedufoster.org%2fsarahd07prasada51headres0h3urr9singd07r9s0h3nW1&c=4308Get hashmaliciousBrowse
                                                                                                                            • 143.204.215.82
                                                                                                                            https://edufoster.org/guybartera51rhsd070h3rgd07ukGet hashmaliciousBrowse
                                                                                                                            • 65.9.66.6
                                                                                                                            AMAZON-02USfile.exeGet hashmaliciousBrowse
                                                                                                                            • 52.216.162.211
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 104.192.141.1
                                                                                                                            DvrWebClient.exeGet hashmaliciousBrowse
                                                                                                                            • 54.194.190.252
                                                                                                                            Aposporogony.exeGet hashmaliciousBrowse
                                                                                                                            • 3.13.90.76
                                                                                                                            https://us-west-2.protection.sophos.com/?d=gingrapp.com&u=aHR0cDovL2VtYWlsLm1haWxndW4uZ2luZ3JhcHAuY29tL2MvZUp4VXpFOVBnekFZZ1BGUFUyNlEwZ0tGQXdkMVlZa3hHbzNMbHQzZXZuM0xjT1dQTGJETlQyOTI4T0Q5ZVg2bUJzcEZYa1JVcDBWUmNWa1ZQSXRPZFpXcFFtZFNZeVUwbGtxVnFTV3JVc3FGaFZTQ2lycWFTeVdrUklxdEZpck9DNEZ4bVJzVjI5SVl3eXVORWkzTGVBLWRhNWNoYWJ1aDlUQk5DWTU5NU9yVFBFOU1QakRSTU5GUTRzRjBTMEFZd01DOVlLTDVvREF1SG1rWG9LVUV3blJsc2xtOFkzTHpiNVpQT185endPSHktWFpPZXBwaEpSOW9HZzFDbUVNU19qd201SEhfdk9yaHZPaXQ0Mlo3ZGNnZnYyRl83T2xnVnV5djU1Zi1kZFh2bk1sTjVHdlM0M0JMWERmUGpnTEwtRmRuN2UweWVtZnU0RzhBQUFEX18xVXJaWXM=&i=NjBlN2U0YjcyYzU4ZjEwZjVlMTAxOGEw&t=REpubjFoRjROWXdoaWZPRktrS0dXSWN5R3l3N0IvNDFSSUdaZmk1KzdvYz0=&h=c48938bfb13e497e8706340db09941a4&s=AVNPUEhUT0NFTkNSWVBUSVY7uy5ifmEVJg80a0a5KrC1bMbgSP5ZWgOuGGz--wPrL_2DpnmRxkU2uRIOtWRYzs3sFvyJ8ESaRm6Tz-d67nZMJv1hgw7CQOVESxq3uFSAtQGet hashmaliciousBrowse
                                                                                                                            • 65.9.86.44
                                                                                                                            D_20221121155357.xlsGet hashmaliciousBrowse
                                                                                                                            • 52.29.58.98
                                                                                                                            http://gofile.meGet hashmaliciousBrowse
                                                                                                                            • 52.85.92.2
                                                                                                                            MSG111925056.htmlGet hashmaliciousBrowse
                                                                                                                            • 54.230.206.25
                                                                                                                            https://www.people.work.gd/logon.htmlGet hashmaliciousBrowse
                                                                                                                            • 52.222.191.79
                                                                                                                            https://t.co/DPdzrHssgoGet hashmaliciousBrowse
                                                                                                                            • 52.85.92.70
                                                                                                                            proforma pdf.exeGet hashmaliciousBrowse
                                                                                                                            • 3.64.163.50
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 54.231.192.201
                                                                                                                            NDA_Non-Disclosure Agreement_NFE-PROJECT.exeGet hashmaliciousBrowse
                                                                                                                            • 3.64.163.50
                                                                                                                            20221117_300495_XMLNOTA.msiGet hashmaliciousBrowse
                                                                                                                            • 52.85.92.97
                                                                                                                            http://moekyepkd.comGet hashmaliciousBrowse
                                                                                                                            • 65.9.66.48
                                                                                                                            FZpbMvlXqQ.elfGet hashmaliciousBrowse
                                                                                                                            • 15.193.36.162
                                                                                                                            payment copy_$31,400.exeGet hashmaliciousBrowse
                                                                                                                            • 54.151.192.117
                                                                                                                            payment_copy_receipt_file.exeGet hashmaliciousBrowse
                                                                                                                            • 75.2.115.196
                                                                                                                            https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fedufoster.org%2fsarahd07prasada51headres0h3urr9singd07r9s0h3nW1&c=4308Get hashmaliciousBrowse
                                                                                                                            • 143.204.215.82
                                                                                                                            https://edufoster.org/guybartera51rhsd070h3rgd07ukGet hashmaliciousBrowse
                                                                                                                            • 65.9.66.6

                                                                                                                            JA3 Fingerprints

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                            05af1f5ca1b87cc9cc9b25185115607dPO20221121.docxGet hashmaliciousBrowse
                                                                                                                            • 52.41.149.13
                                                                                                                            • 54.188.127.72
                                                                                                                            • 34.209.103.105
                                                                                                                            • 44.239.229.78
                                                                                                                            https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exeGet hashmaliciousBrowse
                                                                                                                            • 52.41.149.13
                                                                                                                            • 54.188.127.72
                                                                                                                            • 34.209.103.105
                                                                                                                            • 44.239.229.78
                                                                                                                            SecuriteInfo.com.Exploit.CVE-2017-11882.123.27890.29642.rtfGet hashmaliciousBrowse
                                                                                                                            • 52.41.149.13
                                                                                                                            • 54.188.127.72
                                                                                                                            • 34.209.103.105
                                                                                                                            • 44.239.229.78
                                                                                                                            SecuriteInfo.com.Exploit.CVE-2017-11882.123.10681.28191.rtfGet hashmaliciousBrowse
                                                                                                                            • 52.41.149.13
                                                                                                                            • 54.188.127.72
                                                                                                                            • 34.209.103.105
                                                                                                                            • 44.239.229.78
                                                                                                                            #Uc774#Ub825#Uc11c.docxGet hashmaliciousBrowse
                                                                                                                            • 52.41.149.13
                                                                                                                            • 54.188.127.72
                                                                                                                            • 34.209.103.105
                                                                                                                            • 44.239.229.78
                                                                                                                            SecuriteInfo.com.Exploit.CVE-2017-11882.123.7797.1932.rtfGet hashmaliciousBrowse
                                                                                                                            • 52.41.149.13
                                                                                                                            • 54.188.127.72
                                                                                                                            • 34.209.103.105
                                                                                                                            • 44.239.229.78
                                                                                                                            424-xpl.docx.docGet hashmaliciousBrowse
                                                                                                                            • 52.41.149.13
                                                                                                                            • 54.188.127.72
                                                                                                                            • 34.209.103.105
                                                                                                                            • 44.239.229.78
                                                                                                                            SecuriteInfo.com.Exploit.CVE-2017-11882.123.14567.31626.rtfGet hashmaliciousBrowse
                                                                                                                            • 52.41.149.13
                                                                                                                            • 54.188.127.72
                                                                                                                            • 34.209.103.105
                                                                                                                            • 44.239.229.78
                                                                                                                            SecuriteInfo.com.Exploit.CVE-2017-11882.123.5845.25121.rtfGet hashmaliciousBrowse
                                                                                                                            • 52.41.149.13
                                                                                                                            • 54.188.127.72
                                                                                                                            • 34.209.103.105
                                                                                                                            • 44.239.229.78
                                                                                                                            PvuvjSPQfV.docGet hashmaliciousBrowse
                                                                                                                            • 52.41.149.13
                                                                                                                            • 54.188.127.72
                                                                                                                            • 34.209.103.105
                                                                                                                            • 44.239.229.78
                                                                                                                            9nb3k8Z54A.docxGet hashmaliciousBrowse
                                                                                                                            • 52.41.149.13
                                                                                                                            • 54.188.127.72
                                                                                                                            • 34.209.103.105
                                                                                                                            • 44.239.229.78
                                                                                                                            mputernicki-za4253423pka.vbsGet hashmaliciousBrowse
                                                                                                                            • 52.41.149.13
                                                                                                                            • 54.188.127.72
                                                                                                                            • 34.209.103.105
                                                                                                                            • 44.239.229.78
                                                                                                                            INVOICE-24 Onvrey.xlsmGet hashmaliciousBrowse
                                                                                                                            • 52.41.149.13
                                                                                                                            • 54.188.127.72
                                                                                                                            • 34.209.103.105
                                                                                                                            • 44.239.229.78
                                                                                                                            7193344666.htaGet hashmaliciousBrowse
                                                                                                                            • 52.41.149.13
                                                                                                                            • 54.188.127.72
                                                                                                                            • 34.209.103.105
                                                                                                                            • 44.239.229.78
                                                                                                                            SecuriteInfo.com.Exploit.CVE-2017-11882.123.7580.20808.rtfGet hashmaliciousBrowse
                                                                                                                            • 52.41.149.13
                                                                                                                            • 54.188.127.72
                                                                                                                            • 34.209.103.105
                                                                                                                            • 44.239.229.78
                                                                                                                            Cooling_off_period_for_rental_agreement_qld (yni).jsGet hashmaliciousBrowse
                                                                                                                            • 52.41.149.13
                                                                                                                            • 54.188.127.72
                                                                                                                            • 34.209.103.105
                                                                                                                            • 44.239.229.78
                                                                                                                            inv_221027.docGet hashmaliciousBrowse
                                                                                                                            • 52.41.149.13
                                                                                                                            • 54.188.127.72
                                                                                                                            • 34.209.103.105
                                                                                                                            • 44.239.229.78
                                                                                                                            0082099375.doc__.rtfGet hashmaliciousBrowse
                                                                                                                            • 52.41.149.13
                                                                                                                            • 54.188.127.72
                                                                                                                            • 34.209.103.105
                                                                                                                            • 44.239.229.78
                                                                                                                            SecuriteInfo.com.Exploit.ShellCode.69.26742.16842.rtfGet hashmaliciousBrowse
                                                                                                                            • 52.41.149.13
                                                                                                                            • 54.188.127.72
                                                                                                                            • 34.209.103.105
                                                                                                                            • 44.239.229.78
                                                                                                                            SecuriteInfo.com.Exploit.Rtf.Obfuscated.32.16235.2157.rtfGet hashmaliciousBrowse
                                                                                                                            • 52.41.149.13
                                                                                                                            • 54.188.127.72
                                                                                                                            • 34.209.103.105
                                                                                                                            • 44.239.229.78

                                                                                                                            Dropped Files

                                                                                                                            No context

                                                                                                                            Created / dropped Files

                                                                                                                            C:\Users\user\AppData\Local\Adobe\OOBE\temp_ins_lbs_wid

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):38
                                                                                                                            Entropy (8bit):4.010570934268484
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:DalNVumPUxZEnUvn:oNVueIEUvn
                                                                                                                            MD5:CB8FC798D9A67A3B33D6E24E1EDE1854
                                                                                                                            SHA1:DF8592AEE79C1BF92D64182999860B3265B5DEAF
                                                                                                                            SHA-256:4B190BC4F09F651BD20A0E38BC410BE90F57F8AD90BCFE9B6FD0D26371BA5C15
                                                                                                                            SHA-512:18A21DB8221224D05FC64A3E4E907ECA045DB8BC56A9CF5D223DDF5EFF370726D4E9AE44274CD471E9625043BF7A348B0AFBF04E0E0EC8A50E07D00901D1F33F
                                                                                                                            Malicious:false
                                                                                                                            Reputation:low
                                                                                                                            Preview:{9843E135-F704-4B53-A842-A0A60B1C1762}

                                                                                                                            C:\Users\user\AppData\Local\Adobe\OOBE\temp_lbs_wid

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):38
                                                                                                                            Entropy (8bit):3.905307776373747
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:JXHRk7gDcgv:he7gB
                                                                                                                            MD5:0C4F5D261DFDC98D86AB841808D42D3B
                                                                                                                            SHA1:D0CAF1731B7FE981D956D6D93CA5CB39A0C2AD34
                                                                                                                            SHA-256:916380DA3D07BA8EC96D4AF3DD7CB6758C0F6BB0C35561EBEA4D22B99F9AD312
                                                                                                                            SHA-512:CCE4C3D906DAAE49C4E52141B981E695A72FCC58450C0FA5622424B3A016BEB86BC466F33D968E42DBDD2F698020B3AA31FE4F9E48B03A2CC27F8831807D775B
                                                                                                                            Malicious:false
                                                                                                                            Reputation:low
                                                                                                                            Preview:{39D1D360-48AD-4903-B422-85856539EC9C}

                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\AdobeMessagingClient[1].css

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe
                                                                                                                            File Type:ASCII text, with very long lines (50241), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):50241
                                                                                                                            Entropy (8bit):5.106816597026
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:tKCRp5zGF0nNCFDdYnYBBe2mrETVaEBark4KxclmJNC2RTuiftIQgZq49N6N6B6j:jlNCR3Bb/MlmJNBv2Uv
                                                                                                                            MD5:E4D41B70125DC521E9023282F1E333B2
                                                                                                                            SHA1:253FC9EEF9B4B9703B5AB4E0795279895C27B4E2
                                                                                                                            SHA-256:475DE1A4C2309E8C6A69EAB6F3E4BC224108B87DFA3E05B089766BEE69978DDC
                                                                                                                            SHA-512:57B8506303FB85F935B45F047E50067AA2632D76B05C6E23C1D1BCADC93958BC663C2776B33B4699E94B9BB30BCD3A4D08C3A10ED3E335B85A9A2E4E7CD1A511
                                                                                                                            Malicious:false
                                                                                                                            Reputation:low
                                                                                                                            Preview:.adbMsgClientWrapper #adbmsgContainer *, .adbMsgClientWrapper #adbmsgContainer :after, .adbMsgClientWrapper #adbmsgContainer :before{box-sizing:border-box}.adbMsgClientWrapper #adbmsgContainer .outwardAnimate{transition:opacity .3s;animation-name:a;animation-duration:.3s;animation-timing-function:cubic-bezier(0,0,.4,1);-webkit-transition:opacity .3s;-webkit-animation-name:a;-webkit-animation-duration:.3s;-webkit-animation-timing-function:cubic-bezier(0,0,.4,1);-moz-transition:opacity .3s;-moz-animation-name:a;-moz-animation-duration:.3s;-moz-animation-timing-function:cubic-bezier(0,0,.4,1)}@keyframes a{0%{transform:scale(.83);opacity:0}to{transform:scale(1);opacity:1}}.adbMsgClientWrapper #adbmsgContainer .adbmsgCtaDarkest{background-color:#080808!important;border:2px solid #a2a2a2!important;background-image:url(assets/cta_darkest.svg)!important}.adbMsgClientWrapper #adbmsgContainer .adbmsgCtaDarkest:hover{border-color:#efefef!important}.adbMsgClientWrapper #adbmsgContainer .adbmsgCta{

                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\AdobeMessagingClient[1].js

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe
                                                                                                                            File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):124377
                                                                                                                            Entropy (8bit):5.354430128850854
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:5VFD35qvsf73iHSA7kItZkf9r4wtatc/b:5VKQjiHSA7kN9rV
                                                                                                                            MD5:BBD77E56DB7C008897CB32A9EFD470A6
                                                                                                                            SHA1:D72FDECADF3DE45EC99D5E52BB2686D3FFBF33ED
                                                                                                                            SHA-256:51934F54E61522163CE631F59D123B5CE7315B8F8BCD8388206ACD18DD999125
                                                                                                                            SHA-512:351D2050FE967FB2E80598FAF89ABAB12FD56149A2A9E079D652A4A9173454835726CC108716A774EE5219AE36993C5788B16D73D55F1055EEA643D2615ACD3F
                                                                                                                            Malicious:false
                                                                                                                            Reputation:low
                                                                                                                            Preview:!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.AdobeMessagingClient=t():e.AdobeMessagingClient=t()}("undefined"!=typeof self?self:this,function(){return function(e){var t={};function n(a){if(t[a])return t[a].exports;var i=t[a]={i:a,l:!1,exports:{}};return e[a].call(i.exports,i,i.exports,n),i.l=!0,i.exports}return n.m=e,n.c=t,n.d=function(e,t,a){n.o(e,t)||Object.defineProperty(e,t,{configurable:!1,enumerable:!0,get:a})},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=21)}([function(e,t,n){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var a=Object.assign||function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var a in n)Object.prototype.hasOwnProperty.call(n,a)&&(e[a]=n[a])}return e},i=function()

                                                                                                                            C:\Users\user\AppData\Local\Temp\CreativeCloud\ACC\WAM.log

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe
                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2
                                                                                                                            Entropy (8bit):1.0
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:Qn:Qn
                                                                                                                            MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                            SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                            SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                            SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                            Malicious:false
                                                                                                                            Reputation:high, very likely benign file
                                                                                                                            Preview:..

                                                                                                                            C:\Users\user\AppData\Local\Temp\dat9EA0.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe
                                                                                                                            File Type:Web Open Font Format, TrueType, length 106380, version 0.0
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):106380
                                                                                                                            Entropy (8bit):7.993290139237183
                                                                                                                            Encrypted:true
                                                                                                                            SSDEEP:1536:JyMTihCz2OrS11KrlnLQmqz8sZ58o17gosLpZ7wC/jRLS2MsXAtYpIdl3vfyupNJ:JbTyry+1yl8mq4LZG2LAtYp8zpNZ/
                                                                                                                            MD5:FA794EC12D353C26805FF53821331FC2
                                                                                                                            SHA1:CBC6658BADEDA2AD9B0D2E03A0A35FF7FBBA542A
                                                                                                                            SHA-256:CFDBD8A2AA463C11E483DC10C480ACD274E9786632F5571A3970E8A20A2D8237
                                                                                                                            SHA-512:1161AFDBF6FC9B74421031FE6E139587F291FFAEC03CAE4AA76C1A86E10A69C7B1602ECBFBF60287CE8ED926377AD159992CDE605BA98E75B212E971B7E14F18
                                                                                                                            Malicious:false
                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                            Preview:wOFF..............X.........................BASE.......F...Fe$].DYNA............q.&`GPOS......=.....$.i.GSUB..Dx.........W..OS/2...x...Z...`\8..cmap...p..........X@cvt .......&...&...nfpgm...........s.Y.7gasp................glyf..R<...G..V d.P.head.......6...6.@..hhea.......#...$. ..hmtx..n........4C.].loca..x....|...8.G.0maxp....... ... ....name...H........52..post..........-...prep...4...B...B.-................ideoromn..DFLT..cyrl..grek..latn...................\.........L.S.................7...}............x.].=N.0...8,..H..-+.+..R8.P.@(<.?.D..Hih\p..3]..`.....3......k..m.......L.. ...I ..U.I..8sl..w..dQ?..:.x.....o[...`..V.t...).*Q.....s.....L./..L`.//..F..i.C..+*=*ctEc.h.. ....G..d...57..J..T...AYCC.*.;..`<1....b.OLDYTI..<..Q.a.5..=.....'5...$.k.................7.Wq<._.<..........c[......c.K.%...1..............x.R.n.@...i%.T.8p@..]..Z.1...DN...#..l.+.7..H.!.W.H.x...G`..V..O..~3......?..}...8.s.Z.......-.{.f...z....^...........<..:..q./.......=.R...]|.~z..7....

                                                                                                                            C:\Users\user\AppData\Local\Temp\dat9EFF.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe
                                                                                                                            File Type:Web Open Font Format, TrueType, length 143804, version 0.0
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):143804
                                                                                                                            Entropy (8bit):7.994906444446731
                                                                                                                            Encrypted:true
                                                                                                                            SSDEEP:3072:esmFO0Yj8E3HftwXBS/Zc2mR+R7yHRS44+Ia8pRZZ3TAhG:e9LYQE31wxhC7CRSR3a8pPZDAhG
                                                                                                                            MD5:D070306A9062178AFDFA98FCC06D2525
                                                                                                                            SHA1:BA299B83EB0A3499820FDDCF305AF0DDBDA3E5D0
                                                                                                                            SHA-256:8F5CCDFD3DA9185D4AD262EC386EBB64B3EB6C0521EC5BD1662CEC04E1E0F895
                                                                                                                            SHA-512:7C69E576B01642ECD7DD5FE9531F90608FA9ADE9D98A364BCC81CCD0DA4DAEF55FD0BABC6CB35BFF2963274D09EF0CD2F9BCE8839040776577B4E6A86EB5ADD5
                                                                                                                            Malicious:false
                                                                                                                            Preview:wOFF......1................................BASE.......F...Fe(].DYNA............m...GPOS......`s....-GSUB..g(....../FL.Y.OS/2...|...W...`[.Hcmap..*............gcvt .......&...&...Ofpgm...........s.Y.7gasp................glyf...@..in..)...+.head.......6...6....hhea.......!...$....hmtx............ ).loca.......V........maxp....... ... .|..name...H........|'5post......#...R...!.prep...8...B...B0."...............ideoromn..DFLT..cyrl..grek..latn...................`.........-.0.................7...}............x.].=N.0...8,..H..-+.+..R8.P.@(<.?.D..Hih\p..3]..`.....3......k..m.......L.. ...I ..U.I..8sl..w..dQ?..:.x.....o[...`..V.t...).*Q.....s.....L./..L`.//..F..i.C..+*=*ctEc.h.. ....G..d...57..J..T...AYCC.*.;..`<1....b.OLDYTI..<..Q.a.5..=.....'5...$.k.................7..,.._.<..........c[......c.c.d...>..............x.SIn.0.}......}dJ..A+;1.....@..E...Wb.x.nz.... .....z.>QLk.T.....OQ6.w....u.Qc..9.q.opmq..0..E...6.x.....-...O...[.2.i....'...8_-nb.|..E./....h[|...bq....

                                                                                                                            C:\Users\user\AppData\Local\Temp\dat9F9C.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe
                                                                                                                            File Type:Web Open Font Format, TrueType, length 144168, version 0.0
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):144168
                                                                                                                            Entropy (8bit):7.994901288784953
                                                                                                                            Encrypted:true
                                                                                                                            SSDEEP:3072:0JsrKvbKys3MjOtF2manL9S85AsPO5TKljTSTXTqDqd7GrinYhG:0JsVcbnL9/AsPCT6SrTBauYhG
                                                                                                                            MD5:E204643042591AEEC2043C5EAE255099
                                                                                                                            SHA1:BA5F2F94740400F540BEFC89F1C4D022A26FAA84
                                                                                                                            SHA-256:7F58F56A7A353F8FC78EC2757394A7C7F28165E6BBF2A37D6A6E48E845874F3E
                                                                                                                            SHA-512:7196C5B8E88100A08EB296BE7570DF4D045268AD6BAB1C45EBAA9063AA9B46B8896886E24A9F861E322B167DD95E18D5A18ABB76F1BB01C8BC85C36BEAD855EF
                                                                                                                            Malicious:false
                                                                                                                            Preview:wOFF......3(.......|........................BASE.......F...Fe$].DYNA............m...GPOS......`......>x.GSUB..gX....../FL.Y.OS/2...x...Y...`\7..cmap..,............gcvt .......&...&...nfpgm...........s.Y.7gasp................glyf...p..j...7.uZ.yhead.......6...6...)hhea.......!...$....hmtx................loca.......z........maxp....... ... .|.#name...H............post......#...R...!.prep...4...B...B.-................ideoromn..DFLT..cyrl..grek..latn...................\.........L.S.................7...}............x.].=N.0...8,..H..-+.+..R8.P.@(<.?.D..Hih\p..3]..`.....3......k..m.......L.. ...I ..U.I..8sl..w..dQ?..:.x.....o[...`..V.t...).*Q.....s.....L./..L`.//..F..i.C..+*=*ctEc.h.. ....G..d...57..J..T...AYCC.*.;..`<1....b.OLDYTI..<..Q.a.5..=.....'5...$.k.................7.l.^*_.<..........c[......c.f.]...h..............x.R.n.@.=N."..!..G.m'c.V.^%m..j.H.;.$.b{"{.*+$.......,...|..N.SQ...j.3..s.<..5.!@.p48.+......=..;\y.&.x.=.{|.7..q.!...._rV.......-t.....C...65?<.....x.Zz.

                                                                                                                            C:\Users\user\AppData\Local\Temp\datA103.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe
                                                                                                                            File Type:Web Open Font Format, TrueType, length 143016, version 0.0
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):143016
                                                                                                                            Entropy (8bit):7.994779560734768
                                                                                                                            Encrypted:true
                                                                                                                            SSDEEP:3072:2De4YJzog90DMe34IKyca1puoUuDOa5xtTt9mkmpsxhG:2D/skj4IK+1lUU31t9cOxhG
                                                                                                                            MD5:DFCE51814CF6D2F42375F948602CD99D
                                                                                                                            SHA1:766E162FF305343010B67FBAA28B36AF277C5B34
                                                                                                                            SHA-256:7A8A945586A1D21D2922CB4AED9E28D872129F6C396AC69F47EF3E32EA972BA0
                                                                                                                            SHA-512:2C9489C18719AD29928E86A9E631E080B024C882A77A582F40F4F86F625DE9B08AD3C09710D5EE32B5CAE5284FD960F412F05290BDB3B4709F097B269B99CE21
                                                                                                                            Malicious:false
                                                                                                                            Preview:wOFF........................................BASE.......F...Fe!].DYNA............m...GPOS......`c....5..GSUB..g......./FL.Y.OS/2...x...Y...`]_..cmap..'............gcvt .......&...&....fpgm...........s.Y.7gasp................glyf...0..fQ...($g..head.......6...6...hhea.......!...$....hmtx...... .....N.Rloca......`.....,..maxp....... ... .|.yname...H..........{Qpost......#...R...!.prep...4...B...B..................ideoromn..DFLT..cyrl..grek..latn...................Y.........m.y.................7...}............x.].=N.0...8,..H..-+.+..R8.P.@(<.?.D..Hih\p..3]..`.....3......k..m.......L.. ...I ..U.I..8sl..w..dQ?..:.x.....o[...`..V.t...).*Q.....s.....L./..L`.//..F..i.C..+*=*ctEc.h.. ....G..d...57..J..T...AYCC.*.;..`<1....b.OLDYTI..<..Q.a.5..=.....'5...$.k.................7....._.<..........c[......c.V.L..................x...n.@.....!.V,.@.c.V..!i..U.D..'.4QlO.......@b...$<.'.)...W.....;?6.W....u.../8j.....w ..s....].....^..}D........=.x.............=.=..c.....t..1..

                                                                                                                            C:\Users\user\AppData\Local\Temp\{632250B6-F84A-4147-9FFB-43FA2EB6170E}\CCDInstaller.js

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe
                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (42309), with LF, NEL line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1411110
                                                                                                                            Entropy (8bit):5.709711531939242
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12288:3lbi9fSpLTzineLk5xxQ8uyE8f1vNRy2HDjfZzxCY+VM3eH:3lbi9IDLsxx2yECHDjfZzJ+W34
                                                                                                                            MD5:7C577A9F582682F27EEF11030195B57C
                                                                                                                            SHA1:3B517EDD713615F353AC85D910B0E7DF4AEEED47
                                                                                                                            SHA-256:AC03E251735B01492AFABA4EDA6A22F9A903B73AE2C16E5A7CD176DB43275A03
                                                                                                                            SHA-512:91A9DCA69C477A0D8D8EE085EFF2B7A89AC1C535AAD0A942B4D068F80BFF5E4A1F6B507643046D820E8150C17A1E5EF322F266D4F9D12A6592B4A972C054DB4C
                                                                                                                            Malicious:false
                                                                                                                            Preview:!function(e){var t={};function a(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,a),r.l=!0,r.exports}a.m=e,a.c=t,a.d=function(e,t,n){a.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:n})},a.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},a.t=function(e,t){if(1&t&&(e=a(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(a.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)a.d(n,r,function(t){return e[t]}.bind(null,r));return n},a.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return a.d(t,"a",t),t},a.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},a.p="",a(a.s=709)}([function(e,t,a){"use strict";e.exports=a(399)},function(e,t,a){e.exports=a(419)()},fun

                                                                                                                            C:\Users\user\AppData\Local\Temp\{632250B6-F84A-4147-9FFB-43FA2EB6170E}\cc_background.png

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe
                                                                                                                            File Type:PNG image data, 2560 x 1360, 8-bit/color RGBA, non-interlaced
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):644675
                                                                                                                            Entropy (8bit):7.981815336373706
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12288:xO0f7nEYj1gnD2v9fY3CQoaYSReRlVgHn3HteB34RQZsEkG7MMyGico:40PoDOxaDEl6HndwmG7MMyio
                                                                                                                            MD5:7894C7EFCB4CD15D1F8B398496AA08BF
                                                                                                                            SHA1:27594EF4DFADD9A0560F081C61A8703FDD120B8F
                                                                                                                            SHA-256:06DC39E15F27435278281A95176585047B54049101A72EB2572F4DE2D026639C
                                                                                                                            SHA-512:59C4D249BBE63D10C496A2C2B6D70C45C7AC9616EAAE7A79C916C9A8181F1E3518BF799E308DFA9D7A494E7D6B88A64B2AF907FAA1452F2353B2B135D9C21861
                                                                                                                            Malicious:false
                                                                                                                            Preview:.PNG........IHDR.......P.............pHYs...........~... .IDATx.....:.f..a.......w32.H.l.#.T...<a.G>.....O..Dj...0..F..Y...8.:.YH.&..#]0.+h........i..3.Tz.a...G..w|&...u*u.^.....p.~....oC....n.q....+..i..R.>.xZ.P.$...;..bu..UN...r..S.k........-c%.~.._.+...-/.1?.x.s......D.....s)..,...dZ.KN...M..q..w.O*.....>J...}D...u..z..C..Vy.....=z.a.9..y.s.Zz...l-c>..Y...3%.z.U.n.<.....^..,C.#.a...............#..3-..8.-.]*....N....w..0..<...?o...S,.D.-.Ga]..Sp<D...D..._...I....^..F.#,..8..P/.D...S.....4...l}...n$.FN_._.#gn..E..F..sn.(...k..1....Xg..o.v..0.../..............]..A..1..%1.x.3..'..5>6&k..8....%...q9..X.:?O..{.R_..]G......6S.(R <=.._..]8(.iI=...7J.9.3.;.../../R..`6F......H.V...Uz=.aN.u<x.K.Cs..\...g..,6{k..Yt..yf........:...O......h.q6X.g].B.=E....A..!WL.u..r..1a...&@3.m...i.{.........0.-.A.....CDP..K.....[*.r....U...Lb.=..9.W.h..'".I*.).jJ.'K..IK.$......0.,..W.E.....Z....`.yGf.9.U.y......he.Q.;....0..E.X../mD..A...k.e...........n2.....

                                                                                                                            C:\Users\user\AppData\Local\Temp\{632250B6-F84A-4147-9FFB-43FA2EB6170E}\index.css

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe
                                                                                                                            File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):876397
                                                                                                                            Entropy (8bit):6.07773291323344
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12288:TxiaHbr3Gq5XRi5i6jE/5acgsu0wxT63kaSROcdOLeK+CnjG1VWzWhHuazCGk0:dBP3/5XSo/5F5K65SROcwLeKVYgzWIU
                                                                                                                            MD5:842F4229DA2EE15A6368E42A36DD2503
                                                                                                                            SHA1:B346AC4F440C80E7DED768634DEE7D8C5C6B8130
                                                                                                                            SHA-256:E4601BF57689336CE3C6649939838758A83B7E2C846359E16F0583F3460452B3
                                                                                                                            SHA-512:9B1922E2492CF4AF563D07A9F4C1691BB235139515061B846BEB2C5B80FD65FD80451B271C96390D38FB000DFEDEEF1B341B6A32A743E00819E09F0EDF353D90
                                                                                                                            Malicious:false
                                                                                                                            Preview:/*! normalize.css v7.0.0 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}article,aside,footer,header,nav,section{display:block}h1{font-size:2em;margin:.67em 0}figcaption,figure,main{display:block}figure{margin:1em 40px}hr{box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}a{background-color:rgba(0,0,0,0);-webkit-text-decoration-skip:objects}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:inherit;font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}dfn{font-style:italic}mark{background-color:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}audio,video{display:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,inp

                                                                                                                            C:\Users\user\AppData\Local\Temp\{632250B6-F84A-4147-9FFB-43FA2EB6170E}\index.html

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe
                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):426
                                                                                                                            Entropy (8bit):5.032152269928686
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:lPgkOQfGVNYNfLAgBLMHXZKGZhw8k4GqJmWUwXAVXGu:lPiQeVCxo3ZKMfkcpAVXB
                                                                                                                            MD5:A28AB17B18FF254173DFEEF03245EFD0
                                                                                                                            SHA1:C6CE20924565644601D4E0DD0FBA9DDE8DEA5C77
                                                                                                                            SHA-256:886C0AB69E6E9D9D5B5909451640EA587ACCFCDF11B8369CAD8542D1626AC375
                                                                                                                            SHA-512:9371A699921B028BD93C35F9F2896D9997B906C8ABA90DD4279ABBA0AE1909A8808A43BF829584E552CCFE534B2C991A5A7E3E3DE7618343F50B1C47CFF269D6
                                                                                                                            Malicious:false
                                                                                                                            Preview:....<!DOCTYPE html>..<html>..<head>.. .. <meta charset='utf-8'>.. <meta http-equiv='X-UA-Compatible' content='chrome=1'>.. <meta name='viewport' content='width=1024, initial-scale=0.3, maximum-scale=1'>.... <title>CCD Installer</title>.... ....<link href="index.css" rel="stylesheet"></head>..<body>..<div id='root'>..</div>..<script type="text/javascript" src="CCDInstaller.js"></script></body>....</html>..

                                                                                                                            Static File Info

                                                                                                                            General

                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                            Entropy (8bit):7.903739730573314
                                                                                                                            TrID:
                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.39%
                                                                                                                            • UPX compressed Win32 Executable (30571/9) 0.30%
                                                                                                                            • Win32 EXE Yoda's Crypter (26571/9) 0.26%
                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                            File name:Creative_Cloud_Set-Up.exe
                                                                                                                            File size:3220040
                                                                                                                            MD5:d204f6faa69eba874c97689fa5f57fcd
                                                                                                                            SHA1:836b626e8e70ffd8e0154a0715374e852a5d5b36
                                                                                                                            SHA256:a900770863f79ce72b40d04385172db27c377246f75cfd98e83f5de636b7c552
                                                                                                                            SHA512:bdae46ac89255ef447d5a951fd3129248e3e0030913c57e8005a224ec57199951c90d97887880ae63e30dc5aac4dd7110f4c340ca35c47bae1f26e84ddf9e071
                                                                                                                            SSDEEP:98304:qfOUqRDnJHUdVjl4Of0WiUFTCC8uW+1NrLicaI64eT:2vqRD2++9SwJ164eT
                                                                                                                            TLSH:8DE523365438DF80E11FB579CA4399F00923EE66CC802B9F7A66BC82B1391D4F976547
                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6(..rI.FrI.FrI.F)!.GfI.F)!.G.I.Fs$.G.I.Fs$.GaI.Fs$.GkI.F)!.GPI.F)!.GpI.F)!.G]I.FrI.FrK.F.$.G)H.F.$.FsI.FrIhFsI.F.$.GsI.FRichrI.

                                                                                                                            File Icon

                                                                                                                            Icon Hash:e08ef2e0e0f0b886

                                                                                                                            Static PE Info

                                                                                                                            General

                                                                                                                            Entrypoint:0xbcd2c0
                                                                                                                            Entrypoint Section:UPX1
                                                                                                                            Digitally signed:true
                                                                                                                            Imagebase:0x400000
                                                                                                                            Subsystem:windows gui
                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                            Time Stamp:0x605342E3 [Thu Mar 18 12:09:07 2021 UTC]
                                                                                                                            TLS Callbacks:
                                                                                                                            CLR (.Net) Version:
                                                                                                                            OS Version Major:5
                                                                                                                            OS Version Minor:1
                                                                                                                            File Version Major:5
                                                                                                                            File Version Minor:1
                                                                                                                            Subsystem Version Major:5
                                                                                                                            Subsystem Version Minor:1
                                                                                                                            Import Hash:0c4382116be926029fcc710474c6897c

                                                                                                                            Authenticode Signature

                                                                                                                            Signature Valid:true
                                                                                                                            Signature Issuer:CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US
                                                                                                                            Signature Validation Error:The operation completed successfully
                                                                                                                            Error Number:0
                                                                                                                            Not Before, Not After
                                                                                                                            • 12/18/2020 4:00:00 PM 12/20/2022 3:59:59 PM
                                                                                                                            Subject Chain
                                                                                                                            • CN=Adobe Inc., OU=AAM 256, O=Adobe Inc., L=San Jose, S=ca, C=US, SERIALNUMBER=2748129, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US
                                                                                                                            Version:3
                                                                                                                            Thumbprint MD5:469F2EFD2BEB24D56C92617C035CAA10
                                                                                                                            Thumbprint SHA-1:A2F2F55E9C0B040C6E2549DC19236BF4F300E1EF
                                                                                                                            Thumbprint SHA-256:ED00C31B4F5DBCD47CD3585E1E378B93C27FE8F1EF3D466042F3C971250297C6
                                                                                                                            Serial:053593BF71F7481B9FB76BCB4ECCF578

                                                                                                                            Entrypoint Preview

                                                                                                                            Instruction
                                                                                                                            pushad
                                                                                                                            mov esi, 008C9000h
                                                                                                                            lea edi, dword ptr [esi-004C8000h]
                                                                                                                            push edi
                                                                                                                            jmp 00007F0A510F26CDh
                                                                                                                            nop
                                                                                                                            mov al, byte ptr [esi]
                                                                                                                            inc esi
                                                                                                                            mov byte ptr [edi], al
                                                                                                                            inc edi
                                                                                                                            add ebx, ebx
                                                                                                                            jne 00007F0A510F26C9h
                                                                                                                            mov ebx, dword ptr [esi]
                                                                                                                            sub esi, FFFFFFFCh
                                                                                                                            adc ebx, ebx
                                                                                                                            jc 00007F0A510F26AFh
                                                                                                                            mov eax, 00000001h
                                                                                                                            add ebx, ebx
                                                                                                                            jne 00007F0A510F26C9h
                                                                                                                            mov ebx, dword ptr [esi]
                                                                                                                            sub esi, FFFFFFFCh
                                                                                                                            adc ebx, ebx
                                                                                                                            adc eax, eax
                                                                                                                            add ebx, ebx
                                                                                                                            jnc 00007F0A510F26CDh
                                                                                                                            jne 00007F0A510F26EAh
                                                                                                                            mov ebx, dword ptr [esi]
                                                                                                                            sub esi, FFFFFFFCh
                                                                                                                            adc ebx, ebx
                                                                                                                            jc 00007F0A510F26E1h
                                                                                                                            dec eax
                                                                                                                            add ebx, ebx
                                                                                                                            jne 00007F0A510F26C9h
                                                                                                                            mov ebx, dword ptr [esi]
                                                                                                                            sub esi, FFFFFFFCh
                                                                                                                            adc ebx, ebx
                                                                                                                            adc eax, eax
                                                                                                                            jmp 00007F0A510F2696h
                                                                                                                            add ebx, ebx
                                                                                                                            jne 00007F0A510F26C9h
                                                                                                                            mov ebx, dword ptr [esi]
                                                                                                                            sub esi, FFFFFFFCh
                                                                                                                            adc ebx, ebx
                                                                                                                            adc ecx, ecx
                                                                                                                            jmp 00007F0A510F2714h
                                                                                                                            xor ecx, ecx
                                                                                                                            sub eax, 03h
                                                                                                                            jc 00007F0A510F26D3h
                                                                                                                            shl eax, 08h
                                                                                                                            mov al, byte ptr [esi]
                                                                                                                            inc esi
                                                                                                                            xor eax, FFFFFFFFh
                                                                                                                            je 00007F0A510F2737h
                                                                                                                            sar eax, 1
                                                                                                                            mov ebp, eax
                                                                                                                            jmp 00007F0A510F26CDh
                                                                                                                            add ebx, ebx
                                                                                                                            jne 00007F0A510F26C9h
                                                                                                                            mov ebx, dword ptr [esi]
                                                                                                                            sub esi, FFFFFFFCh
                                                                                                                            adc ebx, ebx
                                                                                                                            jc 00007F0A510F268Eh
                                                                                                                            inc ecx
                                                                                                                            add ebx, ebx
                                                                                                                            jne 00007F0A510F26C9h
                                                                                                                            mov ebx, dword ptr [esi]
                                                                                                                            sub esi, FFFFFFFCh
                                                                                                                            adc ebx, ebx
                                                                                                                            jc 00007F0A510F2680h
                                                                                                                            add ebx, ebx
                                                                                                                            jne 00007F0A510F26C9h
                                                                                                                            mov ebx, dword ptr [esi]
                                                                                                                            sub esi, FFFFFFFCh
                                                                                                                            adc ebx, ebx
                                                                                                                            adc ecx, ecx
                                                                                                                            add ebx, ebx
                                                                                                                            jnc 00007F0A510F26B1h
                                                                                                                            jne 00007F0A510F26CBh
                                                                                                                            mov ebx, dword ptr [esi]
                                                                                                                            sub esi, FFFFFFFCh
                                                                                                                            adc ebx, ebx
                                                                                                                            jnc 00007F0A510F26A6h
                                                                                                                            add ecx, 02h
                                                                                                                            cmp ebp, FFFFFB00h
                                                                                                                            adc ecx, 02h
                                                                                                                            lea edx, dword ptr [edi+ebp]
                                                                                                                            cmp ebp, FFFFFFFCh
                                                                                                                            jbe 00007F0A510F26D0h
                                                                                                                            mov al, byte ptr [edx]

                                                                                                                            Data Directories

                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x7d8e380x4c4.rsrc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x7ce0000xae38.rsrc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x30fe000x2448UPX0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x7d92fc0x18.rsrc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x7cd4a40x18UPX1
                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x7cd4c40xa4UPX1
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                            Sections

                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                            UPX00x10000x4c80000x0unknownunknownunknownunknownIMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            UPX10x4c90000x3050000x304600unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            .rsrc0x7ce0000xc0000xb400False0.212109375data4.157160737549864IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                            Resources

                                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                                            CSS0x40a7c40xd5f6demptyEnglishUnited States
                                                                                                                            DICTIONARY0x4e07340x6a3adataEnglishUnited States
                                                                                                                            DICTIONARY0x4e71700x7e3bdataEnglishUnited States
                                                                                                                            DICTIONARY0x4eefac0x7fcadataEnglishUnited States
                                                                                                                            DICTIONARY0x4f6f780x8e36dataEnglishUnited States
                                                                                                                            DICTIONARY0x4ffdb00x776cdataEnglishUnited States
                                                                                                                            DICTIONARY0x50751c0x71a7dataEnglishUnited States
                                                                                                                            DICTIONARY0x50e6c40x7caedataEnglishUnited States
                                                                                                                            DICTIONARY0x5163740x75e5dataEnglishUnited States
                                                                                                                            DICTIONARY0x51d95c0x638fdataEnglishUnited States
                                                                                                                            DICTIONARY0x523cec0x65aadataEnglishUnited States
                                                                                                                            DICTIONARY0x52a2980x74c8dataEnglishUnited States
                                                                                                                            DICTIONARY0x5317600x70d0dataEnglishUnited States
                                                                                                                            DICTIONARY0x5388300x7642dataEnglishUnited States
                                                                                                                            DICTIONARY0x53fe740x76c6dataEnglishUnited States
                                                                                                                            DICTIONARY0x54753c0xa57ddataEnglishUnited States
                                                                                                                            DICTIONARY0x551abc0x7665dataEnglishUnited States
                                                                                                                            DICTIONARY0x5591240x7152dataEnglishUnited States
                                                                                                                            DICTIONARY0x5602780x7324OpenPGP Secret KeyEnglishUnited States
                                                                                                                            DICTIONARY0x56759c0x71f0dataEnglishUnited States
                                                                                                                            DICTIONARY0x56e78c0x776edataEnglishUnited States
                                                                                                                            DICTIONARY0x575efc0x7fe4dataEnglishUnited States
                                                                                                                            JS0x57dee00x158826dataEnglishUnited States
                                                                                                                            PNG0x6d67080x9d643dataEnglishUnited States
                                                                                                                            XML0x773d4c0x1e1dataEnglishUnited States
                                                                                                                            RT_ICON0x7ce7c80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishUnited States
                                                                                                                            RT_ICON0x7cec340x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 2834 x 2834 px/mEnglishUnited States
                                                                                                                            RT_ICON0x7cf5c00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States
                                                                                                                            RT_ICON0x7d066c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/mEnglishUnited States
                                                                                                                            RT_ICON0x7d2c180x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2834 x 2834 px/mEnglishUnited States
                                                                                                                            RT_ICON0x7d6e440x1514PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                            RT_GROUP_ICON0x7d835c0x5adataEnglishUnited States
                                                                                                                            RT_VERSION0x7d83bc0x304dataEnglishUnited States
                                                                                                                            RT_HTML0x77de0c0x1aadataEnglishUnited States
                                                                                                                            RT_MANIFEST0x7d86c40x773XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1847), with CRLF line terminatorsEnglishUnited States

                                                                                                                            Imports

                                                                                                                            DLLImport
                                                                                                                            KERNEL32.DLLLoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
                                                                                                                            ADVAPI32.dllFreeSid
                                                                                                                            bcrypt.dllBCryptDecrypt
                                                                                                                            COMCTL32.dllInitCommonControlsEx
                                                                                                                            credui.dllCredUnPackAuthenticationBufferW
                                                                                                                            CRYPT32.dllCertOpenStore
                                                                                                                            GDI32.dllBitBlt
                                                                                                                            IPHLPAPI.DLLGetAdaptersAddresses
                                                                                                                            msi.dll
                                                                                                                            ole32.dllOleRun
                                                                                                                            OLEAUT32.dllVariantClear
                                                                                                                            Secur32.dllGetUserNameExW
                                                                                                                            SHELL32.dll
                                                                                                                            SHLWAPI.dllUrlIsW
                                                                                                                            USER32.dllGetDC
                                                                                                                            VERSION.dllVerQueryValueW
                                                                                                                            WINHTTP.dllWinHttpOpen
                                                                                                                            WININET.dllInternetCanonicalizeUrlW
                                                                                                                            WINTRUST.dllWinVerifyTrust
                                                                                                                            WS2_32.dllWSAStartup
                                                                                                                            WTSAPI32.dllWTSFreeMemory

                                                                                                                            Possible Origin

                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                            EnglishUnited States

                                                                                                                            Network Behavior

                                                                                                                            Network Port Distribution

                                                                                                                            TCP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Nov 21, 2022 21:07:34.795782089 CET49174443192.168.2.2252.41.149.13
                                                                                                                            Nov 21, 2022 21:07:34.795844078 CET4434917452.41.149.13192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:34.795914888 CET49174443192.168.2.2252.41.149.13
                                                                                                                            Nov 21, 2022 21:07:34.799060106 CET49174443192.168.2.2252.41.149.13
                                                                                                                            Nov 21, 2022 21:07:34.799096107 CET4434917452.41.149.13192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:35.419909000 CET4434917452.41.149.13192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:35.420015097 CET49174443192.168.2.2252.41.149.13
                                                                                                                            Nov 21, 2022 21:07:35.420058012 CET4434917452.41.149.13192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:35.430468082 CET49174443192.168.2.2252.41.149.13
                                                                                                                            Nov 21, 2022 21:07:35.430495024 CET4434917452.41.149.13192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:35.430870056 CET4434917452.41.149.13192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:35.525558949 CET49174443192.168.2.2252.41.149.13
                                                                                                                            Nov 21, 2022 21:07:35.525604010 CET4434917452.41.149.13192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:35.526072979 CET49174443192.168.2.2252.41.149.13
                                                                                                                            Nov 21, 2022 21:07:35.526089907 CET4434917452.41.149.13192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:35.934112072 CET4434917452.41.149.13192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:35.934295893 CET4434917452.41.149.13192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:35.934380054 CET49174443192.168.2.2252.41.149.13
                                                                                                                            Nov 21, 2022 21:07:36.161462069 CET49174443192.168.2.2252.41.149.13
                                                                                                                            Nov 21, 2022 21:07:36.161509037 CET4434917452.41.149.13192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:36.161530972 CET49174443192.168.2.2252.41.149.13
                                                                                                                            Nov 21, 2022 21:07:36.161530972 CET49174443192.168.2.2252.41.149.13
                                                                                                                            Nov 21, 2022 21:07:36.161542892 CET4434917452.41.149.13192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:36.161550045 CET4434917452.41.149.13192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:36.826905012 CET49177443192.168.2.2234.209.103.105
                                                                                                                            Nov 21, 2022 21:07:36.826976061 CET4434917734.209.103.105192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:36.827033043 CET49177443192.168.2.2234.209.103.105
                                                                                                                            Nov 21, 2022 21:07:36.827512980 CET49177443192.168.2.2234.209.103.105
                                                                                                                            Nov 21, 2022 21:07:36.827545881 CET4434917734.209.103.105192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:37.419141054 CET4434917734.209.103.105192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:37.419521093 CET49177443192.168.2.2234.209.103.105
                                                                                                                            Nov 21, 2022 21:07:37.419575930 CET4434917734.209.103.105192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:37.430190086 CET49177443192.168.2.2234.209.103.105
                                                                                                                            Nov 21, 2022 21:07:37.430243969 CET4434917734.209.103.105192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:37.430980921 CET4434917734.209.103.105192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:37.467963934 CET49177443192.168.2.2234.209.103.105
                                                                                                                            Nov 21, 2022 21:07:37.467993975 CET4434917734.209.103.105192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:37.468060017 CET49177443192.168.2.2234.209.103.105
                                                                                                                            Nov 21, 2022 21:07:37.468080044 CET4434917734.209.103.105192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:37.873522043 CET4434917734.209.103.105192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:37.873708963 CET4434917734.209.103.105192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:37.874020100 CET49177443192.168.2.2234.209.103.105
                                                                                                                            Nov 21, 2022 21:07:37.894819975 CET49177443192.168.2.2234.209.103.105
                                                                                                                            Nov 21, 2022 21:07:37.894857883 CET4434917734.209.103.105192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:37.894938946 CET49177443192.168.2.2234.209.103.105
                                                                                                                            Nov 21, 2022 21:07:37.894958019 CET4434917734.209.103.105192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:52.305903912 CET49179443192.168.2.2254.188.127.72
                                                                                                                            Nov 21, 2022 21:07:52.305974960 CET4434917954.188.127.72192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:52.306127071 CET49179443192.168.2.2254.188.127.72
                                                                                                                            Nov 21, 2022 21:07:52.307358027 CET49179443192.168.2.2254.188.127.72
                                                                                                                            Nov 21, 2022 21:07:52.307389975 CET4434917954.188.127.72192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:52.896795034 CET4434917954.188.127.72192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:52.897083044 CET49179443192.168.2.2254.188.127.72
                                                                                                                            Nov 21, 2022 21:07:52.897129059 CET4434917954.188.127.72192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:52.919492960 CET49179443192.168.2.2254.188.127.72
                                                                                                                            Nov 21, 2022 21:07:52.919538021 CET4434917954.188.127.72192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:52.920443058 CET4434917954.188.127.72192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:52.929894924 CET49179443192.168.2.2254.188.127.72
                                                                                                                            Nov 21, 2022 21:07:52.929919958 CET4434917954.188.127.72192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:52.930043936 CET49179443192.168.2.2254.188.127.72
                                                                                                                            Nov 21, 2022 21:07:52.930059910 CET4434917954.188.127.72192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:53.336452007 CET4434917954.188.127.72192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:53.336617947 CET4434917954.188.127.72192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:53.336908102 CET49179443192.168.2.2254.188.127.72
                                                                                                                            Nov 21, 2022 21:07:53.344929934 CET49179443192.168.2.2254.188.127.72
                                                                                                                            Nov 21, 2022 21:07:53.344963074 CET4434917954.188.127.72192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:53.512053967 CET49184443192.168.2.2244.239.229.78
                                                                                                                            Nov 21, 2022 21:07:53.512104988 CET4434918444.239.229.78192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:53.512171030 CET49184443192.168.2.2244.239.229.78
                                                                                                                            Nov 21, 2022 21:07:53.513094902 CET49184443192.168.2.2244.239.229.78
                                                                                                                            Nov 21, 2022 21:07:53.513137102 CET4434918444.239.229.78192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:54.090495110 CET4434918444.239.229.78192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:54.090672016 CET49184443192.168.2.2244.239.229.78
                                                                                                                            Nov 21, 2022 21:07:54.090714931 CET4434918444.239.229.78192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:54.200711966 CET49184443192.168.2.2244.239.229.78
                                                                                                                            Nov 21, 2022 21:07:54.200741053 CET4434918444.239.229.78192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:54.201920033 CET4434918444.239.229.78192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:54.414767981 CET49184443192.168.2.2244.239.229.78
                                                                                                                            Nov 21, 2022 21:07:54.509212017 CET49184443192.168.2.2244.239.229.78
                                                                                                                            Nov 21, 2022 21:07:54.509244919 CET4434918444.239.229.78192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:54.549242020 CET49184443192.168.2.2244.239.229.78
                                                                                                                            Nov 21, 2022 21:07:54.549261093 CET4434918444.239.229.78192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:54.948929071 CET4434918444.239.229.78192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:54.949127913 CET4434918444.239.229.78192.168.2.22
                                                                                                                            Nov 21, 2022 21:07:54.949248075 CET49184443192.168.2.2244.239.229.78
                                                                                                                            Nov 21, 2022 21:07:55.738039017 CET49184443192.168.2.2244.239.229.78
                                                                                                                            Nov 21, 2022 21:07:55.738075972 CET4434918444.239.229.78192.168.2.22

                                                                                                                            DNS Answers

                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                            Nov 21, 2022 21:07:34.760698080 CET8.8.8.8192.168.2.220x4afeNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com52.41.149.13A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:34.760698080 CET8.8.8.8192.168.2.220x4afeNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com54.184.128.64A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:34.760698080 CET8.8.8.8192.168.2.220x4afeNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com52.41.36.250A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:34.760698080 CET8.8.8.8192.168.2.220x4afeNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com35.164.49.136A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:34.760698080 CET8.8.8.8192.168.2.220x4afeNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com34.209.103.105A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:34.760698080 CET8.8.8.8192.168.2.220x4afeNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com44.240.28.212A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:34.760698080 CET8.8.8.8192.168.2.220x4afeNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com35.82.104.151A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:34.760698080 CET8.8.8.8192.168.2.220x4afeNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com44.241.91.182A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:34.794363022 CET8.8.8.8192.168.2.220x337eNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com34.208.191.135A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:34.794363022 CET8.8.8.8192.168.2.220x337eNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com44.236.46.9A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:34.794363022 CET8.8.8.8192.168.2.220x337eNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com35.81.37.194A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:34.794363022 CET8.8.8.8192.168.2.220x337eNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com34.210.112.240A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:34.794363022 CET8.8.8.8192.168.2.220x337eNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com52.41.36.250A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:34.794363022 CET8.8.8.8192.168.2.220x337eNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com44.241.249.163A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:34.794363022 CET8.8.8.8192.168.2.220x337eNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com44.239.111.189A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:34.794363022 CET8.8.8.8192.168.2.220x337eNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com52.41.149.13A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:36.762087107 CET8.8.8.8192.168.2.220x2fe5No error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com34.209.103.105A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:36.762087107 CET8.8.8.8192.168.2.220x2fe5No error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com44.241.1.190A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:36.762087107 CET8.8.8.8192.168.2.220x2fe5No error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com35.82.20.240A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:36.762087107 CET8.8.8.8192.168.2.220x2fe5No error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com35.81.37.194A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:36.762087107 CET8.8.8.8192.168.2.220x2fe5No error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com35.165.246.198A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:36.762087107 CET8.8.8.8192.168.2.220x2fe5No error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com100.21.235.228A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:36.762087107 CET8.8.8.8192.168.2.220x2fe5No error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com35.164.49.136A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:36.762087107 CET8.8.8.8192.168.2.220x2fe5No error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com34.214.165.145A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:36.825504065 CET8.8.8.8192.168.2.220x20adNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com52.41.149.13A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:36.825504065 CET8.8.8.8192.168.2.220x20adNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com54.184.128.64A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:36.825504065 CET8.8.8.8192.168.2.220x20adNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com52.41.36.250A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:36.825504065 CET8.8.8.8192.168.2.220x20adNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com35.164.49.136A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:36.825504065 CET8.8.8.8192.168.2.220x20adNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com34.209.103.105A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:36.825504065 CET8.8.8.8192.168.2.220x20adNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com44.240.28.212A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:36.825504065 CET8.8.8.8192.168.2.220x20adNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com35.82.104.151A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:36.825504065 CET8.8.8.8192.168.2.220x20adNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com44.241.91.182A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:52.086806059 CET8.8.8.8192.168.2.220x14f6No error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com54.188.127.72A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:52.086806059 CET8.8.8.8192.168.2.220x14f6No error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com44.241.249.163A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:52.086806059 CET8.8.8.8192.168.2.220x14f6No error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com34.208.191.135A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:52.086806059 CET8.8.8.8192.168.2.220x14f6No error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com34.209.103.105A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:52.086806059 CET8.8.8.8192.168.2.220x14f6No error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com34.214.165.145A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:52.086806059 CET8.8.8.8192.168.2.220x14f6No error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com100.21.235.228A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:52.086806059 CET8.8.8.8192.168.2.220x14f6No error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com54.71.156.212A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:52.086806059 CET8.8.8.8192.168.2.220x14f6No error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com44.241.1.190A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:52.228774071 CET8.8.8.8192.168.2.220xb5e6No error (0)ETS-PRD2-UW1-COLL-ELB-2013165758.us-west-2.elb.amazonaws.com44.239.229.78A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:52.228774071 CET8.8.8.8192.168.2.220xb5e6No error (0)ETS-PRD2-UW1-COLL-ELB-2013165758.us-west-2.elb.amazonaws.com54.184.128.64A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:52.228774071 CET8.8.8.8192.168.2.220xb5e6No error (0)ETS-PRD2-UW1-COLL-ELB-2013165758.us-west-2.elb.amazonaws.com35.164.49.136A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:52.228774071 CET8.8.8.8192.168.2.220xb5e6No error (0)ETS-PRD2-UW1-COLL-ELB-2013165758.us-west-2.elb.amazonaws.com44.240.28.212A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:52.228774071 CET8.8.8.8192.168.2.220xb5e6No error (0)ETS-PRD2-UW1-COLL-ELB-2013165758.us-west-2.elb.amazonaws.com54.71.156.212A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:52.228774071 CET8.8.8.8192.168.2.220xb5e6No error (0)ETS-PRD2-UW1-COLL-ELB-2013165758.us-west-2.elb.amazonaws.com44.241.249.163A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:52.228774071 CET8.8.8.8192.168.2.220xb5e6No error (0)ETS-PRD2-UW1-COLL-ELB-2013165758.us-west-2.elb.amazonaws.com44.239.111.189A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:52.228774071 CET8.8.8.8192.168.2.220xb5e6No error (0)ETS-PRD2-UW1-COLL-ELB-2013165758.us-west-2.elb.amazonaws.com44.240.119.72A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:53.475162029 CET8.8.8.8192.168.2.220x5503No error (0)ETS-PRD2-UW1-COLL-ELB-2013165758.us-west-2.elb.amazonaws.com44.239.229.78A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:53.475162029 CET8.8.8.8192.168.2.220x5503No error (0)ETS-PRD2-UW1-COLL-ELB-2013165758.us-west-2.elb.amazonaws.com54.184.128.64A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:53.475162029 CET8.8.8.8192.168.2.220x5503No error (0)ETS-PRD2-UW1-COLL-ELB-2013165758.us-west-2.elb.amazonaws.com35.164.49.136A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:53.475162029 CET8.8.8.8192.168.2.220x5503No error (0)ETS-PRD2-UW1-COLL-ELB-2013165758.us-west-2.elb.amazonaws.com44.240.28.212A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:53.475162029 CET8.8.8.8192.168.2.220x5503No error (0)ETS-PRD2-UW1-COLL-ELB-2013165758.us-west-2.elb.amazonaws.com54.71.156.212A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:53.475162029 CET8.8.8.8192.168.2.220x5503No error (0)ETS-PRD2-UW1-COLL-ELB-2013165758.us-west-2.elb.amazonaws.com44.241.249.163A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:53.475162029 CET8.8.8.8192.168.2.220x5503No error (0)ETS-PRD2-UW1-COLL-ELB-2013165758.us-west-2.elb.amazonaws.com44.239.111.189A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:53.475162029 CET8.8.8.8192.168.2.220x5503No error (0)ETS-PRD2-UW1-COLL-ELB-2013165758.us-west-2.elb.amazonaws.com44.240.119.72A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:53.510571003 CET8.8.8.8192.168.2.220xf6cfNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com34.210.112.240A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:53.510571003 CET8.8.8.8192.168.2.220xf6cfNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com54.70.190.161A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:53.510571003 CET8.8.8.8192.168.2.220xf6cfNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com54.203.12.103A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:53.510571003 CET8.8.8.8192.168.2.220xf6cfNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com35.166.209.204A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:53.510571003 CET8.8.8.8192.168.2.220xf6cfNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com34.214.165.145A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:53.510571003 CET8.8.8.8192.168.2.220xf6cfNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com35.82.104.151A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:53.510571003 CET8.8.8.8192.168.2.220xf6cfNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com52.41.149.13A (IP address)IN (0x0001)false
                                                                                                                            Nov 21, 2022 21:07:53.510571003 CET8.8.8.8192.168.2.220xf6cfNo error (0)ets-prd2-uw1-coll-elb-2013165758.us-west-2.elb.amazonaws.com35.165.246.198A (IP address)IN (0x0001)false

                                                                                                                            HTTP Request Dependency Graph

                                                                                                                            • na1e-acc.services.adobe.com

                                                                                                                            HTTPS Proxied Packets

                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            0192.168.2.224917452.41.149.13443C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            2022-11-21 20:07:35 UTC0OUTPOST /hsmessaging/rest HTTP/1.1
                                                                                                                            Connection: close
                                                                                                                            Content-Type: text/xml
                                                                                                                            User-Agent: Creative Cloud
                                                                                                                            Content-Length: 2693
                                                                                                                            Host: na1e-acc.services.adobe.com
                                                                                                                            2022-11-21 20:07:35 UTC0OUTData Raw: 3c
                                                                                                                            Data Ascii: <
                                                                                                                            2022-11-21 20:07:35 UTC0OUTData Raw: 65 76 65 6e 74 4c 69 73 74 3e 3c 48 6f 73 74 65 64 53 65 72 76 69 63 65 73 45 76 65 6e 74 3e 3c 65 76 65 6e 74 47 75 69 64 3e 64 66 38 34 31 65 34 65 2d 62 36 31 65 2d 34 63 64 31 2d 62 32 35 30 2d 66 35 39 63 30 65 65 33 61 34 65 30 3c 2f 65 76 65 6e 74 47 75 69 64 3e 3c 65 76 65 6e 74 44 74 73 3e 32 30 32 32 2d 31 31 2d 32 31 54 32 31 3a 30 38 3a 31 32 2e 35 36 38 2d 30 38 3a 30 30 3c 2f 65 76 65 6e 74 44 74 73 3e 3c 65 76 65 6e 74 43 6f 64 65 3e 41 43 43 43 5f 53 45 52 56 49 43 45 3c 2f 65 76 65 6e 74 43 6f 64 65 3e 3c 65 76 65 6e 74 53 75 62 43 6f 64 65 3e 4e 55 4c 4c 5f 53 55 42 5f 43 4f 44 45 3c 2f 65 76 65 6e 74 53 75 62 43 6f 64 65 3e 3c 65 76 65 6e 74 53 6f 75 72 63 65 3e 61 63 63 63 2e 61 63 63 63 5f 63 6c 69 65 6e 74 2e 32 2e 34 2e 30 2e 34 38
                                                                                                                            Data Ascii: eventList><HostedServicesEvent><eventGuid>df841e4e-b61e-4cd1-b250-f59c0ee3a4e0</eventGuid><eventDts>2022-11-21T21:08:12.568-08:00</eventDts><eventCode>ACCC_SERVICE</eventCode><eventSubCode>NULL_SUB_CODE</eventSubCode><eventSource>accc.accc_client.2.4.0.48
                                                                                                                            2022-11-21 20:07:35 UTC2INHTTP/1.1 200 OK
                                                                                                                            Date: Mon, 21 Nov 2022 20:07:35 GMT
                                                                                                                            Content-Length: 165
                                                                                                                            Connection: close
                                                                                                                            X-Request-ID: ef3183a2-bab6-4f11-bc92-ac6a6248fd33
                                                                                                                            2022-11-21 20:07:35 UTC2INData Raw: 3c 45 76 65 6e 74 4c 69 73 74 41 63 6b 20 64 74 73 3d 22 32 30 32 32 2d 31 31 2d 32 31 54 32 30 3a 30 37 3a 33 35 2e 30 30 30 2b 30 30 3a 30 30 22 20 65 6c 61 70 73 65 64 4d 69 6c 6c 69 73 3d 22 32 36 2e 30 22 20 65 76 65 6e 74 43 6f 75 6e 74 3d 22 31 22 3e 0a 20 20 3c 45 76 65 6e 74 41 63 6b 20 65 76 65 6e 74 47 75 69 64 3d 22 64 66 38 34 31 65 34 65 2d 62 36 31 65 2d 34 63 64 31 2d 62 32 35 30 2d 66 35 39 63 30 65 65 33 61 34 65 30 22 2f 3e 0a 3c 2f 45 76 65 6e 74 4c 69 73 74 41 63 6b 3e
                                                                                                                            Data Ascii: <EventListAck dts="2022-11-21T20:07:35.000+00:00" elapsedMillis="26.0" eventCount="1"> <EventAck eventGuid="df841e4e-b61e-4cd1-b250-f59c0ee3a4e0"/></EventListAck>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            1192.168.2.224917734.209.103.105443C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            2022-11-21 20:07:37 UTC3OUTPOST /hsmessaging/rest HTTP/1.1
                                                                                                                            Connection: close
                                                                                                                            Content-Type: text/xml
                                                                                                                            User-Agent: Creative Cloud
                                                                                                                            Content-Length: 2701
                                                                                                                            Host: na1e-acc.services.adobe.com
                                                                                                                            2022-11-21 20:07:37 UTC3OUTData Raw: 3c
                                                                                                                            Data Ascii: <
                                                                                                                            2022-11-21 20:07:37 UTC3OUTData Raw: 65 76 65 6e 74 4c 69 73 74 3e 3c 48 6f 73 74 65 64 53 65 72 76 69 63 65 73 45 76 65 6e 74 3e 3c 65 76 65 6e 74 47 75 69 64 3e 63 63 31 33 63 37 34 37 2d 31 31 33 30 2d 34 62 31 35 2d 38 32 39 33 2d 61 35 31 63 32 38 30 35 37 63 30 34 3c 2f 65 76 65 6e 74 47 75 69 64 3e 3c 65 76 65 6e 74 44 74 73 3e 32 30 32 32 2d 31 31 2d 32 31 54 32 31 3a 30 38 3a 31 34 2e 31 35 39 2d 30 38 3a 30 30 3c 2f 65 76 65 6e 74 44 74 73 3e 3c 65 76 65 6e 74 43 6f 64 65 3e 41 43 43 43 5f 53 45 52 56 49 43 45 3c 2f 65 76 65 6e 74 43 6f 64 65 3e 3c 65 76 65 6e 74 53 75 62 43 6f 64 65 3e 4e 55 4c 4c 5f 53 55 42 5f 43 4f 44 45 3c 2f 65 76 65 6e 74 53 75 62 43 6f 64 65 3e 3c 65 76 65 6e 74 53 6f 75 72 63 65 3e 61 63 63 63 2e 61 63 63 63 5f 63 6c 69 65 6e 74 2e 32 2e 34 2e 30 2e 34 38
                                                                                                                            Data Ascii: eventList><HostedServicesEvent><eventGuid>cc13c747-1130-4b15-8293-a51c28057c04</eventGuid><eventDts>2022-11-21T21:08:14.159-08:00</eventDts><eventCode>ACCC_SERVICE</eventCode><eventSubCode>NULL_SUB_CODE</eventSubCode><eventSource>accc.accc_client.2.4.0.48
                                                                                                                            2022-11-21 20:07:37 UTC5INHTTP/1.1 200 OK
                                                                                                                            Date: Mon, 21 Nov 2022 20:07:37 GMT
                                                                                                                            Content-Length: 165
                                                                                                                            Connection: close
                                                                                                                            X-Request-ID: 33736fe8-0491-418c-8802-dafea8c6df18
                                                                                                                            2022-11-21 20:07:37 UTC6INData Raw: 3c 45 76 65 6e 74 4c 69 73 74 41 63 6b 20 64 74 73 3d 22 32 30 32 32 2d 31 31 2d 32 31 54 32 30 3a 30 37 3a 33 37 2e 30 30 30 2b 30 30 3a 30 30 22 20 65 6c 61 70 73 65 64 4d 69 6c 6c 69 73 3d 22 32 32 2e 30 22 20 65 76 65 6e 74 43 6f 75 6e 74 3d 22 31 22 3e 0a 20 20 3c 45 76 65 6e 74 41 63 6b 20 65 76 65 6e 74 47 75 69 64 3d 22 63 63 31 33 63 37 34 37 2d 31 31 33 30 2d 34 62 31 35 2d 38 32 39 33 2d 61 35 31 63 32 38 30 35 37 63 30 34 22 2f 3e 0a 3c 2f 45 76 65 6e 74 4c 69 73 74 41 63 6b 3e
                                                                                                                            Data Ascii: <EventListAck dts="2022-11-21T20:07:37.000+00:00" elapsedMillis="22.0" eventCount="1"> <EventAck eventGuid="cc13c747-1130-4b15-8293-a51c28057c04"/></EventListAck>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            2192.168.2.224917954.188.127.72443C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            2022-11-21 20:07:52 UTC6OUTPOST /hsmessaging/rest HTTP/1.1
                                                                                                                            Connection: close
                                                                                                                            Content-Type: text/xml
                                                                                                                            User-Agent: Creative Cloud
                                                                                                                            Content-Length: 2696
                                                                                                                            Host: na1e-acc.services.adobe.com
                                                                                                                            2022-11-21 20:07:52 UTC6OUTData Raw: 3c
                                                                                                                            Data Ascii: <
                                                                                                                            2022-11-21 20:07:52 UTC6OUTData Raw: 65 76 65 6e 74 4c 69 73 74 3e 3c 48 6f 73 74 65 64 53 65 72 76 69 63 65 73 45 76 65 6e 74 3e 3c 65 76 65 6e 74 47 75 69 64 3e 65 37 33 38 30 62 33 39 2d 63 30 33 35 2d 34 35 35 64 2d 62 39 32 61 2d 61 34 62 31 34 39 35 34 38 37 36 66 3c 2f 65 76 65 6e 74 47 75 69 64 3e 3c 65 76 65 6e 74 44 74 73 3e 32 30 32 32 2d 31 31 2d 32 31 54 32 31 3a 30 38 3a 32 34 2e 33 36 32 2d 30 38 3a 30 30 3c 2f 65 76 65 6e 74 44 74 73 3e 3c 65 76 65 6e 74 43 6f 64 65 3e 41 43 43 43 5f 53 45 52 56 49 43 45 3c 2f 65 76 65 6e 74 43 6f 64 65 3e 3c 65 76 65 6e 74 53 75 62 43 6f 64 65 3e 4e 55 4c 4c 5f 53 55 42 5f 43 4f 44 45 3c 2f 65 76 65 6e 74 53 75 62 43 6f 64 65 3e 3c 65 76 65 6e 74 53 6f 75 72 63 65 3e 61 63 63 63 2e 61 63 63 63 5f 63 6c 69 65 6e 74 2e 32 2e 34 2e 30 2e 34 38
                                                                                                                            Data Ascii: eventList><HostedServicesEvent><eventGuid>e7380b39-c035-455d-b92a-a4b14954876f</eventGuid><eventDts>2022-11-21T21:08:24.362-08:00</eventDts><eventCode>ACCC_SERVICE</eventCode><eventSubCode>NULL_SUB_CODE</eventSubCode><eventSource>accc.accc_client.2.4.0.48
                                                                                                                            2022-11-21 20:07:53 UTC8INHTTP/1.1 200 OK
                                                                                                                            Date: Mon, 21 Nov 2022 20:07:53 GMT
                                                                                                                            Content-Length: 165
                                                                                                                            Connection: close
                                                                                                                            X-Request-ID: 64b9eaec-eeeb-4033-b086-3bce914949b1
                                                                                                                            2022-11-21 20:07:53 UTC9INData Raw: 3c 45 76 65 6e 74 4c 69 73 74 41 63 6b 20 64 74 73 3d 22 32 30 32 32 2d 31 31 2d 32 31 54 32 30 3a 30 37 3a 35 33 2e 30 30 30 2b 30 30 3a 30 30 22 20 65 6c 61 70 73 65 64 4d 69 6c 6c 69 73 3d 22 32 37 2e 30 22 20 65 76 65 6e 74 43 6f 75 6e 74 3d 22 31 22 3e 0a 20 20 3c 45 76 65 6e 74 41 63 6b 20 65 76 65 6e 74 47 75 69 64 3d 22 65 37 33 38 30 62 33 39 2d 63 30 33 35 2d 34 35 35 64 2d 62 39 32 61 2d 61 34 62 31 34 39 35 34 38 37 36 66 22 2f 3e 0a 3c 2f 45 76 65 6e 74 4c 69 73 74 41 63 6b 3e
                                                                                                                            Data Ascii: <EventListAck dts="2022-11-21T20:07:53.000+00:00" elapsedMillis="27.0" eventCount="1"> <EventAck eventGuid="e7380b39-c035-455d-b92a-a4b14954876f"/></EventListAck>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            3192.168.2.224918444.239.229.78443C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            2022-11-21 20:07:54 UTC9OUTPOST /hsmessaging/rest HTTP/1.1
                                                                                                                            Connection: close
                                                                                                                            Content-Type: text/xml
                                                                                                                            User-Agent: Creative Cloud
                                                                                                                            Content-Length: 2694
                                                                                                                            Host: na1e-acc.services.adobe.com
                                                                                                                            2022-11-21 20:07:54 UTC9OUTData Raw: 3c
                                                                                                                            Data Ascii: <
                                                                                                                            2022-11-21 20:07:54 UTC9OUTData Raw: 65 76 65 6e 74 4c 69 73 74 3e 3c 48 6f 73 74 65 64 53 65 72 76 69 63 65 73 45 76 65 6e 74 3e 3c 65 76 65 6e 74 47 75 69 64 3e 30 34 36 31 66 38 66 65 2d 31 39 31 37 2d 34 32 38 31 2d 62 30 39 61 2d 63 66 65 32 30 33 32 32 31 39 36 31 3c 2f 65 76 65 6e 74 47 75 69 64 3e 3c 65 76 65 6e 74 44 74 73 3e 32 30 32 32 2d 31 31 2d 32 31 54 32 31 3a 30 38 3a 33 31 2e 33 36 36 2d 30 38 3a 30 30 3c 2f 65 76 65 6e 74 44 74 73 3e 3c 65 76 65 6e 74 43 6f 64 65 3e 41 43 43 43 5f 53 45 52 56 49 43 45 3c 2f 65 76 65 6e 74 43 6f 64 65 3e 3c 65 76 65 6e 74 53 75 62 43 6f 64 65 3e 4e 55 4c 4c 5f 53 55 42 5f 43 4f 44 45 3c 2f 65 76 65 6e 74 53 75 62 43 6f 64 65 3e 3c 65 76 65 6e 74 53 6f 75 72 63 65 3e 61 63 63 63 2e 61 63 63 63 5f 63 6c 69 65 6e 74 2e 32 2e 34 2e 30 2e 34 38
                                                                                                                            Data Ascii: eventList><HostedServicesEvent><eventGuid>0461f8fe-1917-4281-b09a-cfe203221961</eventGuid><eventDts>2022-11-21T21:08:31.366-08:00</eventDts><eventCode>ACCC_SERVICE</eventCode><eventSubCode>NULL_SUB_CODE</eventSubCode><eventSource>accc.accc_client.2.4.0.48
                                                                                                                            2022-11-21 20:07:54 UTC12INHTTP/1.1 200 OK
                                                                                                                            Date: Mon, 21 Nov 2022 20:07:54 GMT
                                                                                                                            Content-Length: 165
                                                                                                                            Connection: close
                                                                                                                            X-Request-ID: afb755df-3746-4cd6-82eb-d4b2bc6196ce
                                                                                                                            2022-11-21 20:07:54 UTC12INData Raw: 3c 45 76 65 6e 74 4c 69 73 74 41 63 6b 20 64 74 73 3d 22 32 30 32 32 2d 31 31 2d 32 31 54 32 30 3a 30 37 3a 35 34 2e 30 30 30 2b 30 30 3a 30 30 22 20 65 6c 61 70 73 65 64 4d 69 6c 6c 69 73 3d 22 32 34 2e 30 22 20 65 76 65 6e 74 43 6f 75 6e 74 3d 22 31 22 3e 0a 20 20 3c 45 76 65 6e 74 41 63 6b 20 65 76 65 6e 74 47 75 69 64 3d 22 30 34 36 31 66 38 66 65 2d 31 39 31 37 2d 34 32 38 31 2d 62 30 39 61 2d 63 66 65 32 30 33 32 32 31 39 36 31 22 2f 3e 0a 3c 2f 45 76 65 6e 74 4c 69 73 74 41 63 6b 3e
                                                                                                                            Data Ascii: <EventListAck dts="2022-11-21T20:07:54.000+00:00" elapsedMillis="24.0" eventCount="1"> <EventAck eventGuid="0461f8fe-1917-4281-b09a-cfe203221961"/></EventListAck>


                                                                                                                            Statistics

                                                                                                                            CPU Usage

                                                                                                                            Click to jump to process

                                                                                                                            Memory Usage

                                                                                                                            Click to jump to process

                                                                                                                            High Level Behavior Distribution

                                                                                                                            Click to dive into process behavior distribution

                                                                                                                            System Behavior

                                                                                                                            General

                                                                                                                            Target ID:1
                                                                                                                            Start time:21:08:11
                                                                                                                            Start date:21/11/2022
                                                                                                                            Path:C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:C:\Users\user\Desktop\Creative_Cloud_Set-Up.exe
                                                                                                                            Imagebase:0xdc0000
                                                                                                                            File size:3220040 bytes
                                                                                                                            MD5 hash:D204F6FAA69EBA874C97689FA5F57FCD
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:low

                                                                                                                            Disassembly

                                                                                                                            Reset < >

                                                                                                                              Executed Functions

                                                                                                                              Function 0978C624 Relevance: .0, Instructions: 16COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000003.927473073.000000000978C000.00000004.00000800.00020000.00000000.sdmp, Offset: 0978C000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_3_978c000_Creative_Cloud_Set-Up.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9ca2f977afaffddec7de5b2d84396149cac2312c71ee11e19b63f325e41e16f1
                                                                                                                              • Instruction ID: 4aa1710e84d094f585ac34a57586ee4537b7510526b414ef333bbd97394d3eaf
                                                                                                                              • Opcode Fuzzy Hash: 9ca2f977afaffddec7de5b2d84396149cac2312c71ee11e19b63f325e41e16f1
                                                                                                                              • Instruction Fuzzy Hash: 82D0A752FCC7C1DA43023AA0025D3770FF12C426C432905C7A482559C1D75048059327
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%