Windows Analysis Report Photoshop_x64_en-us.exe

Source: Photoshop_x64_en-us.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

File created: C:\Users\user\AppData\Local\Release_1.7.5.2\LICENSE.txt

Contains functionality for read data from the clipboard

Source: Photoshop_x64_en-us.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: System.Net.Sockets.ni.pdb source: System.Net.Sockets.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Json\Release\net8.0\System.Text.Json.pdb source: System.Text.Json.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml\Release\net8.0-windows\System.Private.Xml.pdb source: System.Private.Xml.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Parallel\Release\net8.0\System.Threading.Tasks.Parallel.pdbSHA2560 source: System.Threading.Tasks.Parallel.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\hostpolicy\standalone\hostpolicy.pdb\|\|\|GCTL source: hostpolicy.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Metadata\Release\net8.0\System.Reflection.Metadata.pdb source: System.Reflection.Metadata.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdbSHA256 source: System.Diagnostics.DiagnosticSource.dll.0.dr
Source:	Binary string: Microsoft.Win32.Registry.ni.pdb source: Microsoft.Win32.Registry.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Cryptography\Release\net8.0-windows\System.Security.Cryptography.pdb source: System.Security.Cryptography.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Immutable\Release\net8.0\System.Collections.Immutable.pdb source: System.Collections.Immutable.dll.0.dr
Source:	Binary string: System.Net.Security.ni.pdb source: System.Net.Security.dll.0.dr
Source:	Binary string: System.Reflection.Metadata.ni.pdb source: System.Reflection.Metadata.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscoree\coreclr\coreclr.pdb source: coreclr.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Concurrent\Release\net8.0\System.Collections.Concurrent.pdb source: System.Collections.Concurrent.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.NameResolution\Release\net8.0-windows\System.Net.NameResolution.pdb source: System.Net.NameResolution.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Formatters\Release\net8.0\System.Runtime.Serialization.Formatters.pdbSHA256 source: System.Runtime.Serialization.Formatters.dll.0.dr
Source:	Binary string: System.Private.Xml.Linq.ni.pdb source: System.Private.Xml.Linq.dll.0.dr
Source:	Binary string: System.Text.Json.ni.pdb source: System.Text.Json.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Http\Release\net8.0-windows\System.Net.Http.pdbSHA256 source: System.Net.Http.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Uri\Release\net8.0\System.Private.Uri.pdb source: System.Private.Uri.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Primitives\Release\net8.0-windows\System.Net.Primitives.pdb source: System.Net.Primitives.dll.0.dr
Source:	Binary string: System.Private.Xml.ni.pdb source: System.Private.Xml.dll.0.dr
Source:	Binary string: System.Net.WebSockets.Client.ni.pdb source: System.Net.WebSockets.Client.dll.0.dr
Source:	Binary string: System.Collections.Specialized.ni.pdb source: System.Collections.Specialized.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.CSharp\Release\net8.0-windows\Microsoft.CSharp.pdb source: Microsoft.CSharp.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.FileSystem.AccessControl\Release\net8.0-windows\System.IO.FileSystem.AccessControl.pdb source: System.IO.FileSystem.AccessControl.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets\Release\net8.0-windows\System.Net.WebSockets.pdb source: System.Net.WebSockets.dll.0.dr
Source:	Binary string: System.Net.Mail.ni.pdb source: System.Net.Mail.dll.0.dr
Source:	Binary string: System.Text.RegularExpressions.ni.pdb source: System.Text.RegularExpressions.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebClient\Release\net8.0\System.Net.WebClient.pdb source: System.Net.WebClient.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdbSHA256@ source: System.Net.Requests.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Parallel\Release\net8.0\System.Linq.Parallel.pdb source: System.Linq.Parallel.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.TraceSource\Release\net8.0\System.Diagnostics.TraceSource.pdb source: System.Diagnostics.TraceSource.dll.0.dr
Source:	Binary string: System.Collections.Immutable.ni.pdb source: System.Collections.Immutable.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\hostpolicy\standalone\hostpolicy.pdb source: hostpolicy.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Formatters\Release\net8.0\System.Runtime.Serialization.Formatters.pdb source: System.Runtime.Serialization.Formatters.dll.0.dr
Source:	Binary string: System.Net.NameResolution.ni.pdb source: System.Net.NameResolution.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\clretwrc\clretwrc.pdb source: clretwrc.dll.0.dr
Source:	Binary string: System.Diagnostics.DiagnosticSource.ni.pdb source: System.Diagnostics.DiagnosticSource.dll.0.dr
Source:	Binary string: System.Threading.Tasks.Parallel.ni.pdb source: System.Threading.Tasks.Parallel.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Expressions\Release\net8.0\System.Linq.Expressions.pdb source: System.Linq.Expressions.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdb source: System.Net.Requests.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.InteropServices\Release\net8.0\System.Runtime.InteropServices.pdb source: System.Runtime.InteropServices.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Specialized\Release\net8.0\System.Collections.Specialized.pdb source: System.Collections.Specialized.dll.0.dr
Source:	Binary string: System.Net.NetworkInformation.ni.pdb source: System.Net.NetworkInformation.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Mail\Release\net8.0-windows\System.Net.Mail.pdb source: System.Net.Mail.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Parallel\Release\net8.0\System.Threading.Tasks.Parallel.pdb source: System.Threading.Tasks.Parallel.dll.0.dr
Source:	Binary string: System.Reflection.Emit.ni.pdb source: System.Reflection.Emit.dll.0.dr
Source:	Binary string: Microsoft.CSharp.ni.pdb source: Microsoft.CSharp.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\gc\clrgc.pdbMMMGCTL source: clrgc.dll.0.dr
Source:	Binary string: System.Text.Encodings.Web.ni.pdb source: System.Text.Encodings.Web.dll.0.dr
Source:	Binary string: System.Net.WebClient.ni.pdb source: System.Net.WebClient.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression\Release\net8.0-windows\System.IO.Compression.pdb source: System.IO.Compression.dll.0.dr
Source:	Binary string: System.Diagnostics.TraceSource.ni.pdb source: System.Diagnostics.TraceSource.dll.0.dr
Source:	Binary string: System.Collections.Concurrent.ni.pdb source: System.Collections.Concurrent.dll.0.dr
Source:	Binary string: C:\__w\1\s\artifacts\bin\windows\x64_Release_schannel\msquic.pdbbb6bUGP source: msquic.dll.0.dr
Source:	Binary string: System.Linq.Parallel.ni.pdb source: System.Linq.Parallel.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Mail\Release\net8.0-windows\System.Net.Mail.pdbSHA256 source: System.Net.Mail.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.NetworkInformation\Release\net8.0-windows\System.Net.NetworkInformation.pdb source: System.Net.NetworkInformation.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit\Release\net8.0\System.Reflection.Emit.pdb source: System.Reflection.Emit.dll.0.dr
Source:	Binary string: System.Private.Uri.ni.pdb source: System.Private.Uri.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.AccessControl\Release\net8.0-windows\System.Security.AccessControl.pdb source: System.Security.AccessControl.dll.0.dr
Source:	Binary string: System.Runtime.Serialization.Formatters.ni.pdb source: System.Runtime.Serialization.Formatters.dll.0.dr
Source:	Binary string: Microsoft.VisualBasic.Core.ni.pdb source: Microsoft.VisualBasic.Core.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.VisualBasic.Core\Release\net8.0-windows\Microsoft.VisualBasic.Core.pdb source: Microsoft.VisualBasic.Core.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Console\Release\net8.0-windows\System.Console.pdb source: System.Console.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscordac\mscordaccore.pdb source: mscordaccore.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Formats.Asn1\Release\net8.0\System.Formats.Asn1.pdb source: System.Formats.Asn1.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Registry\Release\net8.0-windows\Microsoft.Win32.Registry.pdb source: Microsoft.Win32.Registry.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Security\Release\net8.0-windows\System.Net.Security.pdbSHA256 source: System.Net.Security.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdb source: System.Diagnostics.DiagnosticSource.dll.0.dr
Source:	Binary string: System.Linq.Expressions.ni.pdb source: System.Linq.Expressions.dll.0.dr
Source:	Binary string: C:\__w\1\s\artifacts\bin\windows\x64_Release_schannel\msquic.pdb source: msquic.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscorrc\mscorrc.pdb source: mscorrc.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Security\Release\net8.0-windows\System.Net.Security.pdb source: System.Net.Security.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Expressions\Release\net8.0\System.Linq.Expressions.pdbSHA256 source: System.Linq.Expressions.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.CodePages\Release\net8.0-windows\System.Text.Encoding.CodePages.pdb source: System.Text.Encoding.CodePages.dll.0.dr
Source:	Binary string: System.IO.Compression.ni.pdb source: System.IO.Compression.dll.0.dr
Source:	Binary string: System.Security.Cryptography.ni.pdb source: System.Security.Cryptography.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Data.Common\Release\net8.0\System.Data.Common.pdb source: System.Data.Common.dll.0.dr
Source:	Binary string: System.Net.Requests.ni.pdb source: System.Net.Requests.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets.Client\Release\net8.0\System.Net.WebSockets.Client.pdb source: System.Net.WebSockets.Client.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Formats.Asn1\Release\net8.0\System.Formats.Asn1.pdbSHA256 source: System.Formats.Asn1.dll.0.dr
Source:	Binary string: System.Runtime.InteropServices.ni.pdb source: System.Runtime.InteropServices.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\gc\clrgc.pdb source: clrgc.dll.0.dr
Source:	Binary string: System.Formats.Asn1.ni.pdb source: System.Formats.Asn1.dll.0.dr
Source:	Binary string: System.Text.Encoding.CodePages.ni.pdb source: System.Text.Encoding.CodePages.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encodings.Web\Release\net8.0\System.Text.Encodings.Web.pdb source: System.Text.Encodings.Web.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Http\Release\net8.0-windows\System.Net.Http.pdb source: System.Net.Http.dll.0.dr
Source:	Binary string: System.Net.WebSockets.ni.pdb source: System.Net.WebSockets.dll.0.dr
Source:	Binary string: System.Security.AccessControl.ni.pdb source: System.Security.AccessControl.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\jit\clrjit.pdb source: clrjit.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml.Linq\Release\net8.0\System.Private.Xml.Linq.pdbSHA256 source: System.Private.Xml.Linq.dll.0.dr
Source:	Binary string: System.Console.ni.pdb source: System.Console.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Sockets\Release\net8.0-windows\System.Net.Sockets.pdb source: System.Net.Sockets.dll.0.dr
Source:	Binary string: System.Net.Http.ni.pdb source: System.Net.Http.dll.0.dr
Source:	Binary string: System.IO.FileSystem.AccessControl.ni.pdb source: System.IO.FileSystem.AccessControl.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml.Linq\Release\net8.0\System.Private.Xml.Linq.pdb source: System.Private.Xml.Linq.dll.0.dr
Source:	Binary string: System.Data.Common.ni.pdb source: System.Data.Common.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.RegularExpressions\Release\net8.0\System.Text.RegularExpressions.pdb source: System.Text.RegularExpressions.dll.0.dr
Source:	Binary string: System.Net.Primitives.ni.pdb source: System.Net.Primitives.dll.0.dr

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Code function: 0_2_004062A3 FindFirstFileA,FindClose,	0_2_004062A3
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Code function: 0_2_00405768 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_00405768
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Code function: 0_2_004026FE FindFirstFileA,	0_2_004026FE

Source: Photoshop_x64_en-us.exe	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: Photoshop_x64_en-us.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: System.Runtime.Serialization.Formatters.dll.0.dr	String found in binary or memory: https://aka.ms/binaryformatter
Source: System.Security.Cryptography.dll.0.dr, Microsoft.VisualBasic.Core.dll.0.dr, System.Net.WebClient.dll.0.dr, System.Net.Primitives.dll.0.dr, System.Runtime.Serialization.Formatters.dll.0.dr, System.Data.Common.dll.0.dr, System.Linq.Expressions.dll.0.dr, System.Net.Http.dll.0.dr, System.Formats.Asn1.dll.0.dr, System.Collections.Specialized.dll.0.dr	String found in binary or memory: https://aka.ms/dotnet-warnings/
Source: System.Reflection.Metadata.dll.0.dr, System.Data.Common.dll.0.dr	String found in binary or memory: https://aka.ms/serializationformat-binary-obsolete
Source: System.Text.RegularExpressions.dll.0.dr	String found in binary or memory: https://github.com/dotnet/linker/issues/2715.
Source: System.Threading.Tasks.Parallel.dll.0.dr, System.Text.Encodings.Web.dll.0.dr, System.Runtime.InteropServices.dll.0.dr, System.Diagnostics.DiagnosticSource.dll.0.dr, System.Net.WebSockets.dll.0.dr, Microsoft.Win32.Registry.dll.0.dr, Microsoft.CSharp.dll.0.dr, System.Private.Uri.dll.0.dr, System.Security.AccessControl.dll.0.dr, System.Net.WebSockets.Client.dll.0.dr, System.Net.Requests.dll.0.dr, System.Net.Sockets.dll.0.dr, System.Diagnostics.TraceSource.dll.0.dr, System.Net.Mail.dll.0.dr, System.Reflection.Metadata.dll.0.dr, System.Private.Xml.Linq.dll.0.dr, System.Collections.Immutable.dll.0.dr, System.Linq.Parallel.dll.0.dr, System.Text.Json.dll.0.dr, System.Net.NetworkInformation.dll.0.dr, System.Text.Encoding.CodePages.dll.0.dr	String found in binary or memory: https://github.com/dotnet/runtime
Source: System.Data.Common.dll.0.dr	String found in binary or memory: https://github.com/mono/linker/issues/1187
Source: Microsoft.CSharp.dll.0.dr	String found in binary or memory: https://github.com/mono/linker/issues/1416.
Source: Microsoft.VisualBasic.Core.dll.0.dr	String found in binary or memory: https://github.com/mono/linker/issues/1731
Source: Microsoft.CSharp.dll.0.dr	String found in binary or memory: https://github.com/mono/linker/issues/1906.
Source: System.Data.Common.dll.0.dr	String found in binary or memory: https://github.com/mono/linker/issues/1981
Source: Microsoft.VisualBasic.Core.dll.0.dr	String found in binary or memory: https://github.com/mono/linker/issues/378
Source: System.Linq.Expressions.dll.0.dr	String found in binary or memory: https://github.com/mono/linker/pull/2125.

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

Code function: 0_2_00405205 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_00405205

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

Code function: 0_2_0040320C EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

Detected potential crypto function

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Code function: 0_2_00404A44	0_2_00404A44
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Code function: 0_2_00406F54	0_2_00406F54
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Code function: 0_2_0040677D	0_2_0040677D

PE file does not import any functions

Source: System.Private.Xml.Linq.dll.0.dr	Static PE information: No import functions for PE file found
Source: System.Private.Xml.dll.0.dr	Static PE information: No import functions for PE file found
Source: System.Runtime.InteropServices.dll.0.dr	Static PE information: No import functions for PE file found
Source: System.Runtime.Numerics.dll.0.dr	Static PE information: No import functions for PE file found
Source: System.Reflection.Metadata.dll.0.dr	Static PE information: No import functions for PE file found
Source: System.Reflection.Emit.dll.0.dr	Static PE information: No import functions for PE file found
Source: System.Private.Uri.dll.0.dr	Static PE information: No import functions for PE file found

Source: Photoshop_x64_en-us.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: clean4.winEXE@1/74@0/0

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

Code function: 0_2_004044D1 GetDlgItem,SetWindowTextA,SHAutoComplete,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_004044D1

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

Code function: 0_2_004020D1 CoCreateInstance,MultiByteToWideChar,

0_2_004020D1

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

File created: C:\Users\user\AppData\Local\Release_1.7.5.2

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

File created: C:\Users\user\AppData\Local\Temp\nswCFF4.tmp

Source: Photoshop_x64_en-us.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

File read: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: textshaping.dll	Jump to behavior

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Binary contains a suspicious time stamp

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Photoshop_x64_en-us.exe

Static file information: File size 24276144 > 1048576

Source: Photoshop_x64_en-us.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: System.Net.Sockets.ni.pdb source: System.Net.Sockets.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Json\Release\net8.0\System.Text.Json.pdb source: System.Text.Json.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml\Release\net8.0-windows\System.Private.Xml.pdb source: System.Private.Xml.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Parallel\Release\net8.0\System.Threading.Tasks.Parallel.pdbSHA2560 source: System.Threading.Tasks.Parallel.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\hostpolicy\standalone\hostpolicy.pdb\|\|\|GCTL source: hostpolicy.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Metadata\Release\net8.0\System.Reflection.Metadata.pdb source: System.Reflection.Metadata.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdbSHA256 source: System.Diagnostics.DiagnosticSource.dll.0.dr
Source:	Binary string: Microsoft.Win32.Registry.ni.pdb source: Microsoft.Win32.Registry.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Cryptography\Release\net8.0-windows\System.Security.Cryptography.pdb source: System.Security.Cryptography.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Immutable\Release\net8.0\System.Collections.Immutable.pdb source: System.Collections.Immutable.dll.0.dr
Source:	Binary string: System.Net.Security.ni.pdb source: System.Net.Security.dll.0.dr
Source:	Binary string: System.Reflection.Metadata.ni.pdb source: System.Reflection.Metadata.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscoree\coreclr\coreclr.pdb source: coreclr.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Concurrent\Release\net8.0\System.Collections.Concurrent.pdb source: System.Collections.Concurrent.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.NameResolution\Release\net8.0-windows\System.Net.NameResolution.pdb source: System.Net.NameResolution.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Formatters\Release\net8.0\System.Runtime.Serialization.Formatters.pdbSHA256 source: System.Runtime.Serialization.Formatters.dll.0.dr
Source:	Binary string: System.Private.Xml.Linq.ni.pdb source: System.Private.Xml.Linq.dll.0.dr
Source:	Binary string: System.Text.Json.ni.pdb source: System.Text.Json.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Http\Release\net8.0-windows\System.Net.Http.pdbSHA256 source: System.Net.Http.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Uri\Release\net8.0\System.Private.Uri.pdb source: System.Private.Uri.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Primitives\Release\net8.0-windows\System.Net.Primitives.pdb source: System.Net.Primitives.dll.0.dr
Source:	Binary string: System.Private.Xml.ni.pdb source: System.Private.Xml.dll.0.dr
Source:	Binary string: System.Net.WebSockets.Client.ni.pdb source: System.Net.WebSockets.Client.dll.0.dr
Source:	Binary string: System.Collections.Specialized.ni.pdb source: System.Collections.Specialized.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.CSharp\Release\net8.0-windows\Microsoft.CSharp.pdb source: Microsoft.CSharp.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.FileSystem.AccessControl\Release\net8.0-windows\System.IO.FileSystem.AccessControl.pdb source: System.IO.FileSystem.AccessControl.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets\Release\net8.0-windows\System.Net.WebSockets.pdb source: System.Net.WebSockets.dll.0.dr
Source:	Binary string: System.Net.Mail.ni.pdb source: System.Net.Mail.dll.0.dr
Source:	Binary string: System.Text.RegularExpressions.ni.pdb source: System.Text.RegularExpressions.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebClient\Release\net8.0\System.Net.WebClient.pdb source: System.Net.WebClient.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdbSHA256@ source: System.Net.Requests.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Parallel\Release\net8.0\System.Linq.Parallel.pdb source: System.Linq.Parallel.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.TraceSource\Release\net8.0\System.Diagnostics.TraceSource.pdb source: System.Diagnostics.TraceSource.dll.0.dr
Source:	Binary string: System.Collections.Immutable.ni.pdb source: System.Collections.Immutable.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\hostpolicy\standalone\hostpolicy.pdb source: hostpolicy.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Formatters\Release\net8.0\System.Runtime.Serialization.Formatters.pdb source: System.Runtime.Serialization.Formatters.dll.0.dr
Source:	Binary string: System.Net.NameResolution.ni.pdb source: System.Net.NameResolution.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\clretwrc\clretwrc.pdb source: clretwrc.dll.0.dr
Source:	Binary string: System.Diagnostics.DiagnosticSource.ni.pdb source: System.Diagnostics.DiagnosticSource.dll.0.dr
Source:	Binary string: System.Threading.Tasks.Parallel.ni.pdb source: System.Threading.Tasks.Parallel.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Expressions\Release\net8.0\System.Linq.Expressions.pdb source: System.Linq.Expressions.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdb source: System.Net.Requests.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.InteropServices\Release\net8.0\System.Runtime.InteropServices.pdb source: System.Runtime.InteropServices.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Specialized\Release\net8.0\System.Collections.Specialized.pdb source: System.Collections.Specialized.dll.0.dr
Source:	Binary string: System.Net.NetworkInformation.ni.pdb source: System.Net.NetworkInformation.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Mail\Release\net8.0-windows\System.Net.Mail.pdb source: System.Net.Mail.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Parallel\Release\net8.0\System.Threading.Tasks.Parallel.pdb source: System.Threading.Tasks.Parallel.dll.0.dr
Source:	Binary string: System.Reflection.Emit.ni.pdb source: System.Reflection.Emit.dll.0.dr
Source:	Binary string: Microsoft.CSharp.ni.pdb source: Microsoft.CSharp.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\gc\clrgc.pdbMMMGCTL source: clrgc.dll.0.dr
Source:	Binary string: System.Text.Encodings.Web.ni.pdb source: System.Text.Encodings.Web.dll.0.dr
Source:	Binary string: System.Net.WebClient.ni.pdb source: System.Net.WebClient.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression\Release\net8.0-windows\System.IO.Compression.pdb source: System.IO.Compression.dll.0.dr
Source:	Binary string: System.Diagnostics.TraceSource.ni.pdb source: System.Diagnostics.TraceSource.dll.0.dr
Source:	Binary string: System.Collections.Concurrent.ni.pdb source: System.Collections.Concurrent.dll.0.dr
Source:	Binary string: C:\__w\1\s\artifacts\bin\windows\x64_Release_schannel\msquic.pdbbb6bUGP source: msquic.dll.0.dr
Source:	Binary string: System.Linq.Parallel.ni.pdb source: System.Linq.Parallel.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Mail\Release\net8.0-windows\System.Net.Mail.pdbSHA256 source: System.Net.Mail.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.NetworkInformation\Release\net8.0-windows\System.Net.NetworkInformation.pdb source: System.Net.NetworkInformation.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit\Release\net8.0\System.Reflection.Emit.pdb source: System.Reflection.Emit.dll.0.dr
Source:	Binary string: System.Private.Uri.ni.pdb source: System.Private.Uri.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.AccessControl\Release\net8.0-windows\System.Security.AccessControl.pdb source: System.Security.AccessControl.dll.0.dr
Source:	Binary string: System.Runtime.Serialization.Formatters.ni.pdb source: System.Runtime.Serialization.Formatters.dll.0.dr
Source:	Binary string: Microsoft.VisualBasic.Core.ni.pdb source: Microsoft.VisualBasic.Core.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.VisualBasic.Core\Release\net8.0-windows\Microsoft.VisualBasic.Core.pdb source: Microsoft.VisualBasic.Core.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Console\Release\net8.0-windows\System.Console.pdb source: System.Console.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscordac\mscordaccore.pdb source: mscordaccore.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Formats.Asn1\Release\net8.0\System.Formats.Asn1.pdb source: System.Formats.Asn1.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Registry\Release\net8.0-windows\Microsoft.Win32.Registry.pdb source: Microsoft.Win32.Registry.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Security\Release\net8.0-windows\System.Net.Security.pdbSHA256 source: System.Net.Security.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdb source: System.Diagnostics.DiagnosticSource.dll.0.dr
Source:	Binary string: System.Linq.Expressions.ni.pdb source: System.Linq.Expressions.dll.0.dr
Source:	Binary string: C:\__w\1\s\artifacts\bin\windows\x64_Release_schannel\msquic.pdb source: msquic.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscorrc\mscorrc.pdb source: mscorrc.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Security\Release\net8.0-windows\System.Net.Security.pdb source: System.Net.Security.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Expressions\Release\net8.0\System.Linq.Expressions.pdbSHA256 source: System.Linq.Expressions.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.CodePages\Release\net8.0-windows\System.Text.Encoding.CodePages.pdb source: System.Text.Encoding.CodePages.dll.0.dr
Source:	Binary string: System.IO.Compression.ni.pdb source: System.IO.Compression.dll.0.dr
Source:	Binary string: System.Security.Cryptography.ni.pdb source: System.Security.Cryptography.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Data.Common\Release\net8.0\System.Data.Common.pdb source: System.Data.Common.dll.0.dr
Source:	Binary string: System.Net.Requests.ni.pdb source: System.Net.Requests.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets.Client\Release\net8.0\System.Net.WebSockets.Client.pdb source: System.Net.WebSockets.Client.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Formats.Asn1\Release\net8.0\System.Formats.Asn1.pdbSHA256 source: System.Formats.Asn1.dll.0.dr
Source:	Binary string: System.Runtime.InteropServices.ni.pdb source: System.Runtime.InteropServices.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\gc\clrgc.pdb source: clrgc.dll.0.dr
Source:	Binary string: System.Formats.Asn1.ni.pdb source: System.Formats.Asn1.dll.0.dr
Source:	Binary string: System.Text.Encoding.CodePages.ni.pdb source: System.Text.Encoding.CodePages.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encodings.Web\Release\net8.0\System.Text.Encodings.Web.pdb source: System.Text.Encodings.Web.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Http\Release\net8.0-windows\System.Net.Http.pdb source: System.Net.Http.dll.0.dr
Source:	Binary string: System.Net.WebSockets.ni.pdb source: System.Net.WebSockets.dll.0.dr
Source:	Binary string: System.Security.AccessControl.ni.pdb source: System.Security.AccessControl.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\jit\clrjit.pdb source: clrjit.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml.Linq\Release\net8.0\System.Private.Xml.Linq.pdbSHA256 source: System.Private.Xml.Linq.dll.0.dr
Source:	Binary string: System.Console.ni.pdb source: System.Console.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Sockets\Release\net8.0-windows\System.Net.Sockets.pdb source: System.Net.Sockets.dll.0.dr
Source:	Binary string: System.Net.Http.ni.pdb source: System.Net.Http.dll.0.dr
Source:	Binary string: System.IO.FileSystem.AccessControl.ni.pdb source: System.IO.FileSystem.AccessControl.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml.Linq\Release\net8.0\System.Private.Xml.Linq.pdb source: System.Private.Xml.Linq.dll.0.dr
Source:	Binary string: System.Data.Common.ni.pdb source: System.Data.Common.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.RegularExpressions\Release\net8.0\System.Text.RegularExpressions.pdb source: System.Text.RegularExpressions.dll.0.dr
Source:	Binary string: System.Net.Primitives.ni.pdb source: System.Net.Primitives.dll.0.dr

Source: System.Private.Uri.dll.0.dr

Static PE information: 0xAB53918A [Mon Jan 31 07:04:42 2061 UTC]

Drops PE files

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\Microsoft.Win32.Registry.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Ping.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Private.Xml.Linq.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Http.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.IO.Compression.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Text.Encoding.CodePages.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\Microsoft.CSharp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Transactions.Local.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\msquic.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Reflection.Emit.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Security.Cryptography.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\clrgc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Data.Common.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.IO.FileSystem.AccessControl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Private.Xml.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\Microsoft.VisualBasic.Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\host\fxr\8.0.8\hostfxr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Threading.Tasks.Dataflow.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Linq.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.HttpListener.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\mscordaccore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Formats.Tar.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Runtime.InteropServices.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.ComponentModel.Annotations.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.WebClient.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Primitives.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Private.Uri.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\clrjit.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.IO.Pipes.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Memory.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Security.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\coreclr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Text.Json.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\Microsoft.DiaSymReader.Native.amd64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Console.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Requests.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Security.Principal.Windows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\mscorrc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Mail.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\hostpolicy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Http.Json.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Quic.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.Immutable.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Threading.Channels.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\mscordaccore_amd64_amd64_8.0.824.36612.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Security.Claims.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Formats.Asn1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\mscordbi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Reflection.Metadata.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\clretwrc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Security.AccessControl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Drawing.Primitives.dll	Jump to dropped file

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

File created: C:\Users\user\AppData\Local\Release_1.7.5.2\LICENSE.txt

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

Process information set: NOOPENFILEERRORBOX

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Ping.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\Microsoft.Win32.Registry.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Private.Xml.Linq.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Http.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.IO.Compression.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Text.Encoding.CodePages.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\Microsoft.CSharp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Transactions.Local.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\msquic.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Reflection.Emit.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Security.Cryptography.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\clrgc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Data.Common.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.IO.FileSystem.AccessControl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Private.Xml.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\Microsoft.VisualBasic.Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\host\fxr\8.0.8\hostfxr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Threading.Tasks.Dataflow.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Linq.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.HttpListener.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\mscordaccore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Formats.Tar.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Runtime.InteropServices.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.WebClient.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.ComponentModel.Annotations.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Primitives.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\clrjit.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Private.Uri.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.IO.Pipes.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Memory.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Security.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\coreclr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Text.Json.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\Microsoft.DiaSymReader.Native.amd64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Console.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Requests.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Security.Principal.Windows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\mscorrc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Mail.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Quic.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Http.Json.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\hostpolicy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.Immutable.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\mscordaccore_amd64_amd64_8.0.824.36612.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Threading.Channels.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Security.Claims.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\mscordbi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Formats.Asn1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Reflection.Metadata.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\clretwrc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Security.AccessControl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Drawing.Primitives.dll	Jump to dropped file

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File Volume queried: C:\Users\user\AppData\Local FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File Volume queried: C:\Users\user\AppData\Local FullSizeInformation			Jump to behavior

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Code function: 0_2_004062A3 FindFirstFileA,FindClose,	0_2_004062A3
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Code function: 0_2_00405768 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_00405768
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Code function: 0_2_004026FE FindFirstFileA,	0_2_004026FE

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Source: Photoshop_x64_en-us.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

File created: C:\Users\user\AppData\Local\Release_1.7.5.2\LICENSE.txt

Contains functionality for read data from the clipboard

Source: Photoshop_x64_en-us.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: System.Net.Sockets.ni.pdb source: System.Net.Sockets.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Json\Release\net8.0\System.Text.Json.pdb source: System.Text.Json.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml\Release\net8.0-windows\System.Private.Xml.pdb source: System.Private.Xml.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Parallel\Release\net8.0\System.Threading.Tasks.Parallel.pdbSHA2560 source: System.Threading.Tasks.Parallel.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\hostpolicy\standalone\hostpolicy.pdb\|\|\|GCTL source: hostpolicy.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Metadata\Release\net8.0\System.Reflection.Metadata.pdb source: System.Reflection.Metadata.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdbSHA256 source: System.Diagnostics.DiagnosticSource.dll.0.dr
Source:	Binary string: Microsoft.Win32.Registry.ni.pdb source: Microsoft.Win32.Registry.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Cryptography\Release\net8.0-windows\System.Security.Cryptography.pdb source: System.Security.Cryptography.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Immutable\Release\net8.0\System.Collections.Immutable.pdb source: System.Collections.Immutable.dll.0.dr
Source:	Binary string: System.Net.Security.ni.pdb source: System.Net.Security.dll.0.dr
Source:	Binary string: System.Reflection.Metadata.ni.pdb source: System.Reflection.Metadata.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscoree\coreclr\coreclr.pdb source: coreclr.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Concurrent\Release\net8.0\System.Collections.Concurrent.pdb source: System.Collections.Concurrent.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.NameResolution\Release\net8.0-windows\System.Net.NameResolution.pdb source: System.Net.NameResolution.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Formatters\Release\net8.0\System.Runtime.Serialization.Formatters.pdbSHA256 source: System.Runtime.Serialization.Formatters.dll.0.dr
Source:	Binary string: System.Private.Xml.Linq.ni.pdb source: System.Private.Xml.Linq.dll.0.dr
Source:	Binary string: System.Text.Json.ni.pdb source: System.Text.Json.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Http\Release\net8.0-windows\System.Net.Http.pdbSHA256 source: System.Net.Http.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Uri\Release\net8.0\System.Private.Uri.pdb source: System.Private.Uri.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Primitives\Release\net8.0-windows\System.Net.Primitives.pdb source: System.Net.Primitives.dll.0.dr
Source:	Binary string: System.Private.Xml.ni.pdb source: System.Private.Xml.dll.0.dr
Source:	Binary string: System.Net.WebSockets.Client.ni.pdb source: System.Net.WebSockets.Client.dll.0.dr
Source:	Binary string: System.Collections.Specialized.ni.pdb source: System.Collections.Specialized.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.CSharp\Release\net8.0-windows\Microsoft.CSharp.pdb source: Microsoft.CSharp.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.FileSystem.AccessControl\Release\net8.0-windows\System.IO.FileSystem.AccessControl.pdb source: System.IO.FileSystem.AccessControl.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets\Release\net8.0-windows\System.Net.WebSockets.pdb source: System.Net.WebSockets.dll.0.dr
Source:	Binary string: System.Net.Mail.ni.pdb source: System.Net.Mail.dll.0.dr
Source:	Binary string: System.Text.RegularExpressions.ni.pdb source: System.Text.RegularExpressions.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebClient\Release\net8.0\System.Net.WebClient.pdb source: System.Net.WebClient.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdbSHA256@ source: System.Net.Requests.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Parallel\Release\net8.0\System.Linq.Parallel.pdb source: System.Linq.Parallel.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.TraceSource\Release\net8.0\System.Diagnostics.TraceSource.pdb source: System.Diagnostics.TraceSource.dll.0.dr
Source:	Binary string: System.Collections.Immutable.ni.pdb source: System.Collections.Immutable.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\hostpolicy\standalone\hostpolicy.pdb source: hostpolicy.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Formatters\Release\net8.0\System.Runtime.Serialization.Formatters.pdb source: System.Runtime.Serialization.Formatters.dll.0.dr
Source:	Binary string: System.Net.NameResolution.ni.pdb source: System.Net.NameResolution.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\clretwrc\clretwrc.pdb source: clretwrc.dll.0.dr
Source:	Binary string: System.Diagnostics.DiagnosticSource.ni.pdb source: System.Diagnostics.DiagnosticSource.dll.0.dr
Source:	Binary string: System.Threading.Tasks.Parallel.ni.pdb source: System.Threading.Tasks.Parallel.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Expressions\Release\net8.0\System.Linq.Expressions.pdb source: System.Linq.Expressions.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdb source: System.Net.Requests.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.InteropServices\Release\net8.0\System.Runtime.InteropServices.pdb source: System.Runtime.InteropServices.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Specialized\Release\net8.0\System.Collections.Specialized.pdb source: System.Collections.Specialized.dll.0.dr
Source:	Binary string: System.Net.NetworkInformation.ni.pdb source: System.Net.NetworkInformation.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Mail\Release\net8.0-windows\System.Net.Mail.pdb source: System.Net.Mail.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Parallel\Release\net8.0\System.Threading.Tasks.Parallel.pdb source: System.Threading.Tasks.Parallel.dll.0.dr
Source:	Binary string: System.Reflection.Emit.ni.pdb source: System.Reflection.Emit.dll.0.dr
Source:	Binary string: Microsoft.CSharp.ni.pdb source: Microsoft.CSharp.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\gc\clrgc.pdbMMMGCTL source: clrgc.dll.0.dr
Source:	Binary string: System.Text.Encodings.Web.ni.pdb source: System.Text.Encodings.Web.dll.0.dr
Source:	Binary string: System.Net.WebClient.ni.pdb source: System.Net.WebClient.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression\Release\net8.0-windows\System.IO.Compression.pdb source: System.IO.Compression.dll.0.dr
Source:	Binary string: System.Diagnostics.TraceSource.ni.pdb source: System.Diagnostics.TraceSource.dll.0.dr
Source:	Binary string: System.Collections.Concurrent.ni.pdb source: System.Collections.Concurrent.dll.0.dr
Source:	Binary string: C:\__w\1\s\artifacts\bin\windows\x64_Release_schannel\msquic.pdbbb6bUGP source: msquic.dll.0.dr
Source:	Binary string: System.Linq.Parallel.ni.pdb source: System.Linq.Parallel.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Mail\Release\net8.0-windows\System.Net.Mail.pdbSHA256 source: System.Net.Mail.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.NetworkInformation\Release\net8.0-windows\System.Net.NetworkInformation.pdb source: System.Net.NetworkInformation.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit\Release\net8.0\System.Reflection.Emit.pdb source: System.Reflection.Emit.dll.0.dr
Source:	Binary string: System.Private.Uri.ni.pdb source: System.Private.Uri.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.AccessControl\Release\net8.0-windows\System.Security.AccessControl.pdb source: System.Security.AccessControl.dll.0.dr
Source:	Binary string: System.Runtime.Serialization.Formatters.ni.pdb source: System.Runtime.Serialization.Formatters.dll.0.dr
Source:	Binary string: Microsoft.VisualBasic.Core.ni.pdb source: Microsoft.VisualBasic.Core.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.VisualBasic.Core\Release\net8.0-windows\Microsoft.VisualBasic.Core.pdb source: Microsoft.VisualBasic.Core.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Console\Release\net8.0-windows\System.Console.pdb source: System.Console.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscordac\mscordaccore.pdb source: mscordaccore.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Formats.Asn1\Release\net8.0\System.Formats.Asn1.pdb source: System.Formats.Asn1.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Registry\Release\net8.0-windows\Microsoft.Win32.Registry.pdb source: Microsoft.Win32.Registry.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Security\Release\net8.0-windows\System.Net.Security.pdbSHA256 source: System.Net.Security.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdb source: System.Diagnostics.DiagnosticSource.dll.0.dr
Source:	Binary string: System.Linq.Expressions.ni.pdb source: System.Linq.Expressions.dll.0.dr
Source:	Binary string: C:\__w\1\s\artifacts\bin\windows\x64_Release_schannel\msquic.pdb source: msquic.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscorrc\mscorrc.pdb source: mscorrc.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Security\Release\net8.0-windows\System.Net.Security.pdb source: System.Net.Security.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Expressions\Release\net8.0\System.Linq.Expressions.pdbSHA256 source: System.Linq.Expressions.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.CodePages\Release\net8.0-windows\System.Text.Encoding.CodePages.pdb source: System.Text.Encoding.CodePages.dll.0.dr
Source:	Binary string: System.IO.Compression.ni.pdb source: System.IO.Compression.dll.0.dr
Source:	Binary string: System.Security.Cryptography.ni.pdb source: System.Security.Cryptography.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Data.Common\Release\net8.0\System.Data.Common.pdb source: System.Data.Common.dll.0.dr
Source:	Binary string: System.Net.Requests.ni.pdb source: System.Net.Requests.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets.Client\Release\net8.0\System.Net.WebSockets.Client.pdb source: System.Net.WebSockets.Client.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Formats.Asn1\Release\net8.0\System.Formats.Asn1.pdbSHA256 source: System.Formats.Asn1.dll.0.dr
Source:	Binary string: System.Runtime.InteropServices.ni.pdb source: System.Runtime.InteropServices.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\gc\clrgc.pdb source: clrgc.dll.0.dr
Source:	Binary string: System.Formats.Asn1.ni.pdb source: System.Formats.Asn1.dll.0.dr
Source:	Binary string: System.Text.Encoding.CodePages.ni.pdb source: System.Text.Encoding.CodePages.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encodings.Web\Release\net8.0\System.Text.Encodings.Web.pdb source: System.Text.Encodings.Web.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Http\Release\net8.0-windows\System.Net.Http.pdb source: System.Net.Http.dll.0.dr
Source:	Binary string: System.Net.WebSockets.ni.pdb source: System.Net.WebSockets.dll.0.dr
Source:	Binary string: System.Security.AccessControl.ni.pdb source: System.Security.AccessControl.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\jit\clrjit.pdb source: clrjit.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml.Linq\Release\net8.0\System.Private.Xml.Linq.pdbSHA256 source: System.Private.Xml.Linq.dll.0.dr
Source:	Binary string: System.Console.ni.pdb source: System.Console.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Sockets\Release\net8.0-windows\System.Net.Sockets.pdb source: System.Net.Sockets.dll.0.dr
Source:	Binary string: System.Net.Http.ni.pdb source: System.Net.Http.dll.0.dr
Source:	Binary string: System.IO.FileSystem.AccessControl.ni.pdb source: System.IO.FileSystem.AccessControl.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml.Linq\Release\net8.0\System.Private.Xml.Linq.pdb source: System.Private.Xml.Linq.dll.0.dr
Source:	Binary string: System.Data.Common.ni.pdb source: System.Data.Common.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.RegularExpressions\Release\net8.0\System.Text.RegularExpressions.pdb source: System.Text.RegularExpressions.dll.0.dr
Source:	Binary string: System.Net.Primitives.ni.pdb source: System.Net.Primitives.dll.0.dr

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Code function: 0_2_004062A3 FindFirstFileA,FindClose,	0_2_004062A3
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Code function: 0_2_00405768 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_00405768
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Code function: 0_2_004026FE FindFirstFileA,	0_2_004026FE

Source: Photoshop_x64_en-us.exe	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: Photoshop_x64_en-us.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: System.Runtime.Serialization.Formatters.dll.0.dr	String found in binary or memory: https://aka.ms/binaryformatter
Source: System.Security.Cryptography.dll.0.dr, Microsoft.VisualBasic.Core.dll.0.dr, System.Net.WebClient.dll.0.dr, System.Net.Primitives.dll.0.dr, System.Runtime.Serialization.Formatters.dll.0.dr, System.Data.Common.dll.0.dr, System.Linq.Expressions.dll.0.dr, System.Net.Http.dll.0.dr, System.Formats.Asn1.dll.0.dr, System.Collections.Specialized.dll.0.dr	String found in binary or memory: https://aka.ms/dotnet-warnings/
Source: System.Reflection.Metadata.dll.0.dr, System.Data.Common.dll.0.dr	String found in binary or memory: https://aka.ms/serializationformat-binary-obsolete
Source: System.Text.RegularExpressions.dll.0.dr	String found in binary or memory: https://github.com/dotnet/linker/issues/2715.
Source: System.Threading.Tasks.Parallel.dll.0.dr, System.Text.Encodings.Web.dll.0.dr, System.Runtime.InteropServices.dll.0.dr, System.Diagnostics.DiagnosticSource.dll.0.dr, System.Net.WebSockets.dll.0.dr, Microsoft.Win32.Registry.dll.0.dr, Microsoft.CSharp.dll.0.dr, System.Private.Uri.dll.0.dr, System.Security.AccessControl.dll.0.dr, System.Net.WebSockets.Client.dll.0.dr, System.Net.Requests.dll.0.dr, System.Net.Sockets.dll.0.dr, System.Diagnostics.TraceSource.dll.0.dr, System.Net.Mail.dll.0.dr, System.Reflection.Metadata.dll.0.dr, System.Private.Xml.Linq.dll.0.dr, System.Collections.Immutable.dll.0.dr, System.Linq.Parallel.dll.0.dr, System.Text.Json.dll.0.dr, System.Net.NetworkInformation.dll.0.dr, System.Text.Encoding.CodePages.dll.0.dr	String found in binary or memory: https://github.com/dotnet/runtime
Source: System.Data.Common.dll.0.dr	String found in binary or memory: https://github.com/mono/linker/issues/1187
Source: Microsoft.CSharp.dll.0.dr	String found in binary or memory: https://github.com/mono/linker/issues/1416.
Source: Microsoft.VisualBasic.Core.dll.0.dr	String found in binary or memory: https://github.com/mono/linker/issues/1731
Source: Microsoft.CSharp.dll.0.dr	String found in binary or memory: https://github.com/mono/linker/issues/1906.
Source: System.Data.Common.dll.0.dr	String found in binary or memory: https://github.com/mono/linker/issues/1981
Source: Microsoft.VisualBasic.Core.dll.0.dr	String found in binary or memory: https://github.com/mono/linker/issues/378
Source: System.Linq.Expressions.dll.0.dr	String found in binary or memory: https://github.com/mono/linker/pull/2125.

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

0_2_00405205

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

Detected potential crypto function

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Code function: 0_2_00404A44	0_2_00404A44
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Code function: 0_2_00406F54	0_2_00406F54
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Code function: 0_2_0040677D	0_2_0040677D

PE file does not import any functions

Source: System.Private.Xml.Linq.dll.0.dr	Static PE information: No import functions for PE file found
Source: System.Private.Xml.dll.0.dr	Static PE information: No import functions for PE file found
Source: System.Runtime.InteropServices.dll.0.dr	Static PE information: No import functions for PE file found
Source: System.Runtime.Numerics.dll.0.dr	Static PE information: No import functions for PE file found
Source: System.Reflection.Metadata.dll.0.dr	Static PE information: No import functions for PE file found
Source: System.Reflection.Emit.dll.0.dr	Static PE information: No import functions for PE file found
Source: System.Private.Uri.dll.0.dr	Static PE information: No import functions for PE file found

Source: Photoshop_x64_en-us.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: clean4.winEXE@1/74@0/0

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

Code function: 0_2_004044D1 GetDlgItem,SetWindowTextA,SHAutoComplete,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_004044D1

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

Code function: 0_2_004020D1 CoCreateInstance,MultiByteToWideChar,

0_2_004020D1

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

File created: C:\Users\user\AppData\Local\Release_1.7.5.2

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

File created: C:\Users\user\AppData\Local\Temp\nswCFF4.tmp

Source: Photoshop_x64_en-us.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

File read: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Section loaded: textshaping.dll	Jump to behavior

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Binary contains a suspicious time stamp

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Photoshop_x64_en-us.exe

Static file information: File size 24276144 > 1048576

Source: Photoshop_x64_en-us.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: System.Net.Sockets.ni.pdb source: System.Net.Sockets.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Json\Release\net8.0\System.Text.Json.pdb source: System.Text.Json.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml\Release\net8.0-windows\System.Private.Xml.pdb source: System.Private.Xml.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Parallel\Release\net8.0\System.Threading.Tasks.Parallel.pdbSHA2560 source: System.Threading.Tasks.Parallel.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\hostpolicy\standalone\hostpolicy.pdb\|\|\|GCTL source: hostpolicy.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Metadata\Release\net8.0\System.Reflection.Metadata.pdb source: System.Reflection.Metadata.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdbSHA256 source: System.Diagnostics.DiagnosticSource.dll.0.dr
Source:	Binary string: Microsoft.Win32.Registry.ni.pdb source: Microsoft.Win32.Registry.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Cryptography\Release\net8.0-windows\System.Security.Cryptography.pdb source: System.Security.Cryptography.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Immutable\Release\net8.0\System.Collections.Immutable.pdb source: System.Collections.Immutable.dll.0.dr
Source:	Binary string: System.Net.Security.ni.pdb source: System.Net.Security.dll.0.dr
Source:	Binary string: System.Reflection.Metadata.ni.pdb source: System.Reflection.Metadata.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscoree\coreclr\coreclr.pdb source: coreclr.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Concurrent\Release\net8.0\System.Collections.Concurrent.pdb source: System.Collections.Concurrent.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.NameResolution\Release\net8.0-windows\System.Net.NameResolution.pdb source: System.Net.NameResolution.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Formatters\Release\net8.0\System.Runtime.Serialization.Formatters.pdbSHA256 source: System.Runtime.Serialization.Formatters.dll.0.dr
Source:	Binary string: System.Private.Xml.Linq.ni.pdb source: System.Private.Xml.Linq.dll.0.dr
Source:	Binary string: System.Text.Json.ni.pdb source: System.Text.Json.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Http\Release\net8.0-windows\System.Net.Http.pdbSHA256 source: System.Net.Http.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Uri\Release\net8.0\System.Private.Uri.pdb source: System.Private.Uri.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Primitives\Release\net8.0-windows\System.Net.Primitives.pdb source: System.Net.Primitives.dll.0.dr
Source:	Binary string: System.Private.Xml.ni.pdb source: System.Private.Xml.dll.0.dr
Source:	Binary string: System.Net.WebSockets.Client.ni.pdb source: System.Net.WebSockets.Client.dll.0.dr
Source:	Binary string: System.Collections.Specialized.ni.pdb source: System.Collections.Specialized.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.CSharp\Release\net8.0-windows\Microsoft.CSharp.pdb source: Microsoft.CSharp.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.FileSystem.AccessControl\Release\net8.0-windows\System.IO.FileSystem.AccessControl.pdb source: System.IO.FileSystem.AccessControl.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets\Release\net8.0-windows\System.Net.WebSockets.pdb source: System.Net.WebSockets.dll.0.dr
Source:	Binary string: System.Net.Mail.ni.pdb source: System.Net.Mail.dll.0.dr
Source:	Binary string: System.Text.RegularExpressions.ni.pdb source: System.Text.RegularExpressions.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebClient\Release\net8.0\System.Net.WebClient.pdb source: System.Net.WebClient.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdbSHA256@ source: System.Net.Requests.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Parallel\Release\net8.0\System.Linq.Parallel.pdb source: System.Linq.Parallel.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.TraceSource\Release\net8.0\System.Diagnostics.TraceSource.pdb source: System.Diagnostics.TraceSource.dll.0.dr
Source:	Binary string: System.Collections.Immutable.ni.pdb source: System.Collections.Immutable.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\hostpolicy\standalone\hostpolicy.pdb source: hostpolicy.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Formatters\Release\net8.0\System.Runtime.Serialization.Formatters.pdb source: System.Runtime.Serialization.Formatters.dll.0.dr
Source:	Binary string: System.Net.NameResolution.ni.pdb source: System.Net.NameResolution.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\clretwrc\clretwrc.pdb source: clretwrc.dll.0.dr
Source:	Binary string: System.Diagnostics.DiagnosticSource.ni.pdb source: System.Diagnostics.DiagnosticSource.dll.0.dr
Source:	Binary string: System.Threading.Tasks.Parallel.ni.pdb source: System.Threading.Tasks.Parallel.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Expressions\Release\net8.0\System.Linq.Expressions.pdb source: System.Linq.Expressions.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdb source: System.Net.Requests.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.InteropServices\Release\net8.0\System.Runtime.InteropServices.pdb source: System.Runtime.InteropServices.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Specialized\Release\net8.0\System.Collections.Specialized.pdb source: System.Collections.Specialized.dll.0.dr
Source:	Binary string: System.Net.NetworkInformation.ni.pdb source: System.Net.NetworkInformation.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Mail\Release\net8.0-windows\System.Net.Mail.pdb source: System.Net.Mail.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Parallel\Release\net8.0\System.Threading.Tasks.Parallel.pdb source: System.Threading.Tasks.Parallel.dll.0.dr
Source:	Binary string: System.Reflection.Emit.ni.pdb source: System.Reflection.Emit.dll.0.dr
Source:	Binary string: Microsoft.CSharp.ni.pdb source: Microsoft.CSharp.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\gc\clrgc.pdbMMMGCTL source: clrgc.dll.0.dr
Source:	Binary string: System.Text.Encodings.Web.ni.pdb source: System.Text.Encodings.Web.dll.0.dr
Source:	Binary string: System.Net.WebClient.ni.pdb source: System.Net.WebClient.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression\Release\net8.0-windows\System.IO.Compression.pdb source: System.IO.Compression.dll.0.dr
Source:	Binary string: System.Diagnostics.TraceSource.ni.pdb source: System.Diagnostics.TraceSource.dll.0.dr
Source:	Binary string: System.Collections.Concurrent.ni.pdb source: System.Collections.Concurrent.dll.0.dr
Source:	Binary string: C:\__w\1\s\artifacts\bin\windows\x64_Release_schannel\msquic.pdbbb6bUGP source: msquic.dll.0.dr
Source:	Binary string: System.Linq.Parallel.ni.pdb source: System.Linq.Parallel.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Mail\Release\net8.0-windows\System.Net.Mail.pdbSHA256 source: System.Net.Mail.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.NetworkInformation\Release\net8.0-windows\System.Net.NetworkInformation.pdb source: System.Net.NetworkInformation.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit\Release\net8.0\System.Reflection.Emit.pdb source: System.Reflection.Emit.dll.0.dr
Source:	Binary string: System.Private.Uri.ni.pdb source: System.Private.Uri.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.AccessControl\Release\net8.0-windows\System.Security.AccessControl.pdb source: System.Security.AccessControl.dll.0.dr
Source:	Binary string: System.Runtime.Serialization.Formatters.ni.pdb source: System.Runtime.Serialization.Formatters.dll.0.dr
Source:	Binary string: Microsoft.VisualBasic.Core.ni.pdb source: Microsoft.VisualBasic.Core.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.VisualBasic.Core\Release\net8.0-windows\Microsoft.VisualBasic.Core.pdb source: Microsoft.VisualBasic.Core.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Console\Release\net8.0-windows\System.Console.pdb source: System.Console.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscordac\mscordaccore.pdb source: mscordaccore.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Formats.Asn1\Release\net8.0\System.Formats.Asn1.pdb source: System.Formats.Asn1.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Registry\Release\net8.0-windows\Microsoft.Win32.Registry.pdb source: Microsoft.Win32.Registry.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Security\Release\net8.0-windows\System.Net.Security.pdbSHA256 source: System.Net.Security.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdb source: System.Diagnostics.DiagnosticSource.dll.0.dr
Source:	Binary string: System.Linq.Expressions.ni.pdb source: System.Linq.Expressions.dll.0.dr
Source:	Binary string: C:\__w\1\s\artifacts\bin\windows\x64_Release_schannel\msquic.pdb source: msquic.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscorrc\mscorrc.pdb source: mscorrc.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Security\Release\net8.0-windows\System.Net.Security.pdb source: System.Net.Security.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Expressions\Release\net8.0\System.Linq.Expressions.pdbSHA256 source: System.Linq.Expressions.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.CodePages\Release\net8.0-windows\System.Text.Encoding.CodePages.pdb source: System.Text.Encoding.CodePages.dll.0.dr
Source:	Binary string: System.IO.Compression.ni.pdb source: System.IO.Compression.dll.0.dr
Source:	Binary string: System.Security.Cryptography.ni.pdb source: System.Security.Cryptography.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Data.Common\Release\net8.0\System.Data.Common.pdb source: System.Data.Common.dll.0.dr
Source:	Binary string: System.Net.Requests.ni.pdb source: System.Net.Requests.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets.Client\Release\net8.0\System.Net.WebSockets.Client.pdb source: System.Net.WebSockets.Client.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Formats.Asn1\Release\net8.0\System.Formats.Asn1.pdbSHA256 source: System.Formats.Asn1.dll.0.dr
Source:	Binary string: System.Runtime.InteropServices.ni.pdb source: System.Runtime.InteropServices.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\gc\clrgc.pdb source: clrgc.dll.0.dr
Source:	Binary string: System.Formats.Asn1.ni.pdb source: System.Formats.Asn1.dll.0.dr
Source:	Binary string: System.Text.Encoding.CodePages.ni.pdb source: System.Text.Encoding.CodePages.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encodings.Web\Release\net8.0\System.Text.Encodings.Web.pdb source: System.Text.Encodings.Web.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Http\Release\net8.0-windows\System.Net.Http.pdb source: System.Net.Http.dll.0.dr
Source:	Binary string: System.Net.WebSockets.ni.pdb source: System.Net.WebSockets.dll.0.dr
Source:	Binary string: System.Security.AccessControl.ni.pdb source: System.Security.AccessControl.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\jit\clrjit.pdb source: clrjit.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml.Linq\Release\net8.0\System.Private.Xml.Linq.pdbSHA256 source: System.Private.Xml.Linq.dll.0.dr
Source:	Binary string: System.Console.ni.pdb source: System.Console.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Sockets\Release\net8.0-windows\System.Net.Sockets.pdb source: System.Net.Sockets.dll.0.dr
Source:	Binary string: System.Net.Http.ni.pdb source: System.Net.Http.dll.0.dr
Source:	Binary string: System.IO.FileSystem.AccessControl.ni.pdb source: System.IO.FileSystem.AccessControl.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml.Linq\Release\net8.0\System.Private.Xml.Linq.pdb source: System.Private.Xml.Linq.dll.0.dr
Source:	Binary string: System.Data.Common.ni.pdb source: System.Data.Common.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.RegularExpressions\Release\net8.0\System.Text.RegularExpressions.pdb source: System.Text.RegularExpressions.dll.0.dr
Source:	Binary string: System.Net.Primitives.ni.pdb source: System.Net.Primitives.dll.0.dr

Source: System.Private.Uri.dll.0.dr

Static PE information: 0xAB53918A [Mon Jan 31 07:04:42 2061 UTC]

Drops PE files

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\Microsoft.Win32.Registry.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Ping.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Private.Xml.Linq.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Http.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.IO.Compression.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Text.Encoding.CodePages.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\Microsoft.CSharp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Transactions.Local.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\msquic.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Reflection.Emit.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Security.Cryptography.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\clrgc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Data.Common.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.IO.FileSystem.AccessControl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Private.Xml.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\Microsoft.VisualBasic.Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\host\fxr\8.0.8\hostfxr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Threading.Tasks.Dataflow.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Linq.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.HttpListener.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\mscordaccore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Formats.Tar.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Runtime.InteropServices.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.ComponentModel.Annotations.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.WebClient.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Primitives.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Private.Uri.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\clrjit.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.IO.Pipes.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Memory.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Security.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\coreclr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Text.Json.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\Microsoft.DiaSymReader.Native.amd64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Console.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Requests.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Security.Principal.Windows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\mscorrc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Mail.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\hostpolicy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Http.Json.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Quic.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.Immutable.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Threading.Channels.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\mscordaccore_amd64_amd64_8.0.824.36612.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Security.Claims.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Formats.Asn1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\mscordbi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Reflection.Metadata.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\clretwrc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Security.AccessControl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File created: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Drawing.Primitives.dll	Jump to dropped file

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

File created: C:\Users\user\AppData\Local\Release_1.7.5.2\LICENSE.txt

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe

Process information set: NOOPENFILEERRORBOX

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Ping.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\Microsoft.Win32.Registry.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Private.Xml.Linq.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Http.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.IO.Compression.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Text.Encoding.CodePages.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\Microsoft.CSharp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Transactions.Local.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\msquic.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Reflection.Emit.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Security.Cryptography.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\clrgc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Data.Common.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.IO.FileSystem.AccessControl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Private.Xml.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\Microsoft.VisualBasic.Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\host\fxr\8.0.8\hostfxr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Threading.Tasks.Dataflow.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Linq.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.HttpListener.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\mscordaccore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Formats.Tar.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Runtime.InteropServices.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.WebClient.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.ComponentModel.Annotations.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Primitives.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\clrjit.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Private.Uri.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.IO.Pipes.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Memory.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Security.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\coreclr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Text.Json.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\Microsoft.DiaSymReader.Native.amd64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Console.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Requests.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Security.Principal.Windows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\mscorrc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Mail.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Quic.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Http.Json.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\hostpolicy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.Immutable.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\mscordaccore_amd64_amd64_8.0.824.36612.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Threading.Channels.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Security.Claims.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\mscordbi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Formats.Asn1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Reflection.Metadata.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\clretwrc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Security.AccessControl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Drawing.Primitives.dll	Jump to dropped file

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File Volume queried: C:\Users\user\AppData\Local FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	File Volume queried: C:\Users\user\AppData\Local FullSizeInformation			Jump to behavior

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Code function: 0_2_004062A3 FindFirstFileA,FindClose,	0_2_004062A3
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Code function: 0_2_00405768 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_00405768
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	Code function: 0_2_004026FE FindFirstFileA,	0_2_004026FE

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\Photoshop_x64_en-us.exe