Windows Analysis Report
SR_AD40BM0.1-A01N_A24-ENG.pdf

ID:	1419164
Product:	CloudBasic
Start time:	08:35:04
Start date:	03.04.2024
Sample:	SR_AD40BM0.1-A01N_A24-ENG.pdf
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	aa8ff96636214fb017ed4d31f3e81540
SHA1:	945ba0fc78217bd64a2c5f97f74a20708592c0d0
SHA256:	3198b142e34be6ef581d4b9a8681960c41f57c27812132de08e06de750316e20
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG	ASCII text	E83DFEE4C809EDB6F7FAF3C3C28B84EA	E51AA42B246E139DCB90B833E54AC4D3F1FD32F8	68A36D4C4CEBBD0C607BD5DE45736CD08751679664964E3F879D20E90E776009
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG	ASCII text	36942C6F5E008B497F52A3DFAA5B5C24	899BCCA4FAAA7CD1B90DAC3E728A14129A08EB52	01DD170B48C8D4DAB67DA90D2A9A8444B6434CCF0316B48357A258D86BF7B770
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\17aeaf4d-b999-4107-b68d-66ff83fa22c3.tmp	JSON data	E5E97A920F1A1CAAEDBB707715B7B2B4	400FE4ECF9F4C0A0A4208D7C89B7340A6AE16C2B	4B9DF5CD16AEB256236E28CBDEDEAE338F3B3E0824898BDEAC5474A7E7FC3AB2
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\962cc3d5-e632-41ae-894a-d11439f45ba1.tmp	JSON data	4C313FE514B5F4E7E89329630909F8DC	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)	JSON data	4C313FE514B5F4E7E89329630909F8DC	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF67f0c3.TMP (copy)	JSON data	4C313FE514B5F4E7E89329630909F8DC	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log	data	A97A07300AA4A07C34E848EDBEE5C5A7	DFACEAD3737B4EA0C17E84250542F783AEC91469	A372F45E9E168152AA5847E661500D161544F9790C45B53AC288D540076D71AF
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG	ASCII text	0C63303B575B09873406AFC5A126F96A	A4FCA957C5777F29CBA23302328D9017764758CD	5D485E680469F4B1BC3F4FB3E08D86115FFFCF433446327EF0A1DF7387FCF847
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240403063539Z-230.bmp	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54	7BF7EEDC7F45DAC3E109745A6DF3FE77	05D03B563ABCCD899ADDCF34B478C0BD5CD36ADA	DF6FCE7C4C9055A6CE692D76A381F8F91CFCBAFEE4C5A84D94CA20BAE7756A5E
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2	A4D5FECEFE05F21D6F81ACF4D9A788CF	1A9AC236C80F2A2809F7DE374072E2FCCA5A775C	83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	SQLite Rollback Journal	D4FF5FB2136BC7FDAE455299848362CC	00304B872FE3098DFA17A2A1940A97B3927FAF6F	0D2D2C47C88F794645CC32F4F8D9147BB3574E2DEDDF4C78248120F36C4D590B
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID	JSON data	93329C09AABDCE87D4BB89052DF4A80D	CF61B668E5D6057946F7B7B9B057CC1ABD9C6609	20F60109D1E91A6264F7C9E75B4C121E017D96F66B3D9A13C3CE6CBE9BC184C8
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface	JSON data	34279108F356BEBC72140D82E47EE20B	FDDBA280B1141BEE9B7C23A916C2994B3BE98A9B	214AAB515EE2CACD384EC988BE47500FFA73AC14EF83C3EB1FD3DE5A0278F4ED
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface	JSON data	706A80C0D68EA8F8B0BE5750C0E03B6F	D15BBBEF334CFA8D1A09640C33E50A4372D631B7	C7D2B26E9D66BCA891264C9484B4A959C56478D9AD026F084BDE659C8CAB0B5D
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD	JSON data	0EA14C1D8DB6776BD4FE936B64519C45	93FA15F4524530949D13714D80E8FD7A7882532D	EA5A25AB3070E201DEA14F870AC6AA60346F86C83C70631F2166DE7FF934FCE7
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner	JSON data	E473B0B4083681F3DABAF88A9C66E515	58D843543D75B00C45ADC2A08F5EE89CB8E89E45	BF0A7308E274832C2E0AF5EA363F72D8079380B12859CAE1D0896F6DDAC76875
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner	JSON data	B4A5A927A5E2B61C78CAE5A7BE69D9C7	964C2A4EF8C11EE5518043B6E19E07FAE788D11C	3C505B7D380FD56C2AFBF130F882FC8056E7BF45CC595501B67F138E94589DC7
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention	JSON data	9D1E067E5D639E2DEB80CFF4FFCA8338	DC728B542DC0D63C88F5504F150B98DA66EEFA37	1D0D427DF082FC780AC2026CBD306B030BAB21277FCCD6DA2925FE36E7C5998E
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner	JSON data	02D2E0BAC9EC1D4CCA9B9B265154C957	83696CBA015DC23275CF2F77C65A06EC47DE8CE5	D8C504C24C327E3519B967EAD120C2D1CBB1195FD4890F1F85B59CB8887EFB6D
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner	JSON data	FC6EDFEBD8E5BCA3BDF0126737002E3A	3EC5C18143374FEF711DC248BA2BA36FC6CEAEC5	09059574136CD94219B070BA5B0E5FAE6EA41F9215B7B7327EADD3A05A65751A
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner	JSON data	05B9DE7FB60FBA8DA610FAFD955F6DF5	9A5EC78E28A76736E9239281EFB203990D360ABC	2FC27CF2E6ACA29E19F1678DD4DF39250A513E2FB6E8A765C728BCDBFF04BB0D
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner	JSON data	47AD3C6DCA31EA398EF3B84A47C141EF	0FE2D72C890B492FDB51493E8E322BB299E127C9	4FCF95437979AFE7244394815CAA81A7A69BB5B06383906491939FF00B2447E2
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner	JSON data	734FC20D08DFA08732F54D7082A531CD	712CA82149CFC730C138311EF735F7FAA23B1B1B	DEDFD390CDE3E8400A8973B293C58E83050A8D351261CEECFA7467EB91901596
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention	JSON data	90C92F9F7A2B4B48E5B2F996F03E8E58	C1C51DD4E58849C8AFDC82A231410DDE61646459	F3A597B265E52D9E6FB01EC085DB9494CCAE7D2A637C883836F9C9ADC56F7C32
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner	JSON data	41439F8210A72375AC0E9EF67712D9E6	7EC72A56118507BE614E914B94AFC4BE94F1B4EE	D249CD03E7265B36A98C8E68E277D6CE8EF3539B4FE87DF0A28E308C63108F06
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards	JSON data	66F77AE5488B6E268C32A98745D90CBF	6F568BFA7191AE6A0E4A15C31D8BFB95BD8372DC	FBF28B0813660159A78E27E881FE114E41EB120C7D6B3421CE933FC4C6E92D1D
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020	JSON data	2E44D20EBF32E182C8CA7E76798E597D	AFDD87D8D099436C835AB95C5973CE408D81B2A5	358DE31ADDB9161653AA83555CD3372609422D2EA7658BE416E26F18D7B4B791
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING	data	DC84B0D741E5BEAE8070013ADDCC8C28	802F4A6A20CBF157AAF6C4E07E4301578D5936A2	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json	JSON data	2C824E7070AFFAB8F4F7DCF09B8E0205	CB0192250FB749593B9B205B99D34F3D2AD08D31	F8F240333833DE0621A26B75BF24118EC4A7A55ECD163122BEAE6BB767E6DFCB
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19	D46B97CEAB6767833187708D9D8E3EF8	31F3CA0189DCC7C94FDB1BB24398D787F4CAC194	1050F1D37D0C518AEE8C9D81DE44A09F6E46BA5D46390FECF63FBC59D2032E54
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal	SQLite Rollback Journal	4B20B784873CA04CB46D4C117AB51FA6	2757A3AC903B40ACFF282DF262C4820C8781F1B4	3CCBCB938B961ABAFB919B5A18FE07A6D05DD20AB019E87FBDE46E07A92BAAEC
C:\Users\user\AppData\Local\Temp\MSI6e82d.LOG	Unicode text, UTF-16, little-endian text, with CRLF line terminators	6F2F65ED326FE33FEABFBB66E851EAAA	734418543D90E647379F469A4B4614DFD819B90B	F88D51F9216EC37A98ED7CB6F5603F96BC8C06FD5B14EB01FD379866F4CCB2EB
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-03 08-35-37-986.log	ASCII text, with very long lines (393)	91F06491552FC977E9E8AF47786EE7C1	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt	ASCII text, with CRLF line terminators	2F828A3A3C5EDBA53F754FA1B5DA5F24	F17A96FEF30F87A240EC98B3C69A00E8B6BD545E	74F81B9146F8DC57AE1CD689ED3B1DF2271E867710F4CD4B468F67894C4238CB
C:\Users\user\AppData\Local\Temp\acrocef_low\492ed157-413a-4ee3-b501-37a035f4c6e0.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081	8B9FA2EC5118087D19CFDB20DA7C4C26	E32D6A1829B18717EF1455B73E88D36E0410EF93	4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
C:\Users\user\AppData\Local\Temp\acrocef_low\632c6907-a28e-472e-b716-81f1f99b8a8a.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022	5C48B0AD2FEF800949466AE872E1F1E2	337D617AE142815EDDACB48484628C1F16692A2F	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
C:\Users\user\AppData\Local\Temp\acrocef_low\cefa1696-13ff-4d16-b4f5-7cfed40ab00e.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142	FFA982D6F2F9B46A1DECDD28BF3EF0E1	B1D05ED9BD6A80BD0E3377E9F62B47EF83FCC0C8	93D954FA4BBEDCDFBC7BF14FA1BB3986056261F4A5035C3CFF229FF16D12B78B
C:\Users\user\AppData\Local\Temp\acrocef_low\df71efca-8896-4f9e-95ba-9bbacfa62d43.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538	3A49135134665364308390AC398006F1	28EF4CE5690BF8A9E048AF7D30688120DAC6F126	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
C:\Windows\Installer\MSIE59D.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	02BF4F9572D87DB0A85662B792E0D3FE	A7E2CF47C9EC8A812457055DE5CBB92E230AC14B	0D94E8ED592846BA7B7D035F08D753BB89514D230AD0B494E50D86DD5220AB34
C:\Windows\Installer\MSIE67B.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	063D4491FF8D8146B167EE4B24E304FC	D7178B029828DB23A115D224DCA3130B7ED9537B	0A100DC7F447CC980491199F5D0583FA7D44D8FE7A1632482567C617F10FE54D
C:\Windows\Installer\MSIE71C.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	4F89DA665E512350058C520174611135	0A4720B834E50D7DBB850F112E322D6FC64334B1	EC2FF4D9ABD96A9E42E01DD98BDEFF390C05729FAC3FEE50AEB6D88398B1E653
C:\Windows\Installer\MSIE73C.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	0FB71A79C1269E2BA50FB92EB92866D6	7292A917707D174F7F98BBCD7E248000EBCFE9E0	E9E4ADFA160CE9BBEDA6A083C42562FDB33A8C9261F85EDC682528333813B7B6
C:\Windows\Installer\MSIE78C.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	1566E699EE42EAA571700F3AD30B2DBA	D2B11F53310AD7118B6893C46EA815F9C7BF9CE2	4BC5FC5CD0AE661B4FFE6AD9E12E55B233F471BA84F40CBA7BEB0CEA8822E831
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	3E28AFC7E618592DAE47E86D06A61EA5	6D88103FCEB01A6C5D1B12F852529D3CDC5CF5FF	AC789B15F2AE1D624D81F66D5CE74341478D1BCD47EE4150845D009526057D73

Spreading

Source: C:\Windows\System32\msiexec.exe	File opened: z:
Source: C:\Windows\System32\msiexec.exe	File opened: x:
Source: C:\Windows\System32\msiexec.exe	File opened: v:
Source: C:\Windows\System32\msiexec.exe	File opened: t:
Source: C:\Windows\System32\msiexec.exe	File opened: r:
Source: C:\Windows\System32\msiexec.exe	File opened: p:
Source: C:\Windows\System32\msiexec.exe	File opened: n:
Source: C:\Windows\System32\msiexec.exe	File opened: l:
Source: C:\Windows\System32\msiexec.exe	File opened: j:
Source: C:\Windows\System32\msiexec.exe	File opened: h:
Source: C:\Windows\System32\msiexec.exe	File opened: f:
Source: C:\Windows\System32\msiexec.exe	File opened: b:
Source: C:\Windows\System32\msiexec.exe	File opened: y:
Source: C:\Windows\System32\msiexec.exe	File opened: w:
Source: C:\Windows\System32\msiexec.exe	File opened: u:
Source: C:\Windows\System32\msiexec.exe	File opened: s:
Source: C:\Windows\System32\msiexec.exe	File opened: q:
Source: C:\Windows\System32\msiexec.exe	File opened: o:
Source: C:\Windows\System32\msiexec.exe	File opened: m:
Source: C:\Windows\System32\msiexec.exe	File opened: k:
Source: C:\Windows\System32\msiexec.exe	File opened: i:
Source: C:\Windows\System32\msiexec.exe	File opened: g:
Source: C:\Windows\System32\msiexec.exe	File opened: e:
Source: C:\Windows\System32\msiexec.exe	File opened: a:

Software Vulnerabilities

Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443

Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global traffic	TCP traffic: 23.196.176.131:443 -> 192.168.2.16:49714
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global traffic	TCP traffic: 23.196.176.131:443 -> 192.168.2.16:49714
Source: global traffic	TCP traffic: 23.196.176.131:443 -> 192.168.2.16:49714
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global traffic	TCP traffic: 23.196.176.131:443 -> 192.168.2.16:49714
Source: global traffic	TCP traffic: 23.196.176.131:443 -> 192.168.2.16:49714
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global traffic	TCP traffic: 23.196.176.131:443 -> 192.168.2.16:49714
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global traffic	TCP traffic: 23.196.176.131:443 -> 192.168.2.16:49714
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global traffic	TCP traffic: 23.196.176.131:443 -> 192.168.2.16:49714
Source: global traffic	TCP traffic: 23.196.176.131:443 -> 192.168.2.16:49714
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global traffic	TCP traffic: 23.196.176.131:443 -> 192.168.2.16:49714

Networking

Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.176.131

Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714

System Summary

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE59D.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE5FB.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE62B.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE64C.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE67B.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE69C.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE6BC.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE6EC.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE71C.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE73C.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE76C.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE78C.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE79D.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE7CD.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\Elevation.tmp

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSIE59D.tmp

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: winhttp.dll

Source: classification engine

Classification label: clean5.winPDF@19/42@0/33

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-03 08-35-37-986.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\SR_AD40BM0.1-A01N_A24-ENG.pdf"
Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\SR_AD40BM0.1-A01N_A24-ENG.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1552 --field-trial-handle=1588,i,3979237204365230565,69821222064031274,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 06011184B17684BE71E822C1A4E57BDE
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1552 --field-trial-handle=1588,i,3979237204365230565,69821222064031274,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 06011184B17684BE71E822C1A4E57BDE

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: SR_AD40BM0.1-A01N_A24-ENG.pdf	Initial sample: PDF keyword /JS count = 0
Source: SR_AD40BM0.1-A01N_A24-ENG.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: SR_AD40BM0.1-A01N_A24-ENG.pdf

Initial sample: PDF keyword /Encrypt count = 2

Source: SR_AD40BM0.1-A01N_A24-ENG.pdf

Initial sample: PDF keyword stream count = 81

Source: SR_AD40BM0.1-A01N_A24-ENG.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: SR_AD40BM0.1-A01N_A24-ENG.pdf

Initial sample: PDF keyword /ObjStm count = 14

Source: SR_AD40BM0.1-A01N_A24-ENG.pdf

Initial sample: PDF keyword obj count = 86

Data Obfuscation

Source: SR_AD40BM0.1-A01N_A24-ENG.pdf

Initial sample: PDF keyword /Encrypt

Persistence and Installation Behavior

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE59D.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE67B.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE73C.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE78C.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE71C.tmp			Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE59D.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE67B.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE73C.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE78C.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE71C.tmp			Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIE59D.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIE67B.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIE73C.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIE78C.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIE71C.tmp			Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Language, Device and Operating System Detection

Source: C:\Windows\System32\msiexec.exe

Queries volume information: C:\ VolumeInformation