Windows
Analysis Report
Sally Ockerman.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
- System is w10x64_ra
Acrobat.exe (PID: 6308 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\S ally Ocker man.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) AcroCEF.exe (PID: 6596 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) AcroCEF.exe (PID: 6780 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 64 --field -trial-han dle=1568,i ,150050671 6001331766 7,17218411 6660421917 97,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.47.168.24 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
162.159.61.3 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
23.211.8.250 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
54.227.187.23 | unknown | United States | 14618 | AMAZON-AESUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1446152 |
Start date and time: | 2024-05-22 23:40:30 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | Sally Ockerman.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@17/17@0/19 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Excluded IPs from analysis (whitelisted): 2.16.101.81, 2.16.101.112, 2.16.100.66, 2.16.100.129, 2.16.101.114, 2.16.100.49, 2.16.100.41, 2.16.100.131, 2.16.101.90, 23.211.8.250
- Excluded domains from analysis (whitelisted): www.bing.com, e4578.dscg.akamaiedge.net, e86303.dscx.akamaiedge.net, www.bing.com.edgekey.net, ssl-delivery.adobe.com.edgekey.net, wwwprod.www-bing-com.akadns.net, geo2.adobe.com
- VT rate limit hit for: Sally Ockerman.pdf
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d03618e3-3812-41a8-9a30-60c47187c146.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240522214138Z-174.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.883272369640769 |
Encrypted: | false |
SSDEEP: | |
MD5: | EDDEF39E0A96B3DB0A82DFD1295FC224 |
SHA1: | 878F231005FADB23F26617236D7C14A7F1F54591 |
SHA-256: | 33DA4A3AC8D9682F7E7DE0D6D60CD1E0FCBFDAC4DEB4074539C1BEF933526865 |
SHA-512: | FD0899C3633BE6A63477CFBE0E2D420777E5DBBEABDE3D4BD0F0E048EA35F0D1A4E63B09777E9572A8F590701444105837F2AB668B9E4CCFB7032419AD90406E |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.291927920232006 |
Encrypted: | false |
SSDEEP: | |
MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16928 |
Entropy (8bit): | 1.2150898473474074 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6A9A2AA4B5B75E821A447CB0CEF99E56 |
SHA1: | FE191297970B9F3CDFD16FD0672B1A0A7223F30F |
SHA-256: | 9F16E1E16FF8AC2A9C9A9B25453B56745EA43A89B35D3DC6D63CEF87CB80B4ED |
SHA-512: | 6E0D2AC0FEFD148C760B3AF2F5849B81767C3F629D91B7364311070661198BA7B300DC11085A226C4D6C14F47B8B6AF13F64CD68B70E4FE6C869CC2A176E461A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.318429547879992 |
Encrypted: | false |
SSDEEP: | |
MD5: | EEFEABD8452965D68D26ED4CD3AF66FD |
SHA1: | 56B16F7561F2520EBECF904B722D2CC2496AD1C4 |
SHA-256: | 9EAA9E76D44DD76453450C82190E3EEC992EC5845618AD4ACEF359B778F714CF |
SHA-512: | 557D9A0C70BB143E3F409896BB47DE8AF65B03B2E8F19217C8611D775134D1DE712A0076E8D85CF9C42E7D970F63E446010EB5E306CA1897354D0D0FF3D78DA9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.74229681602376 |
Encrypted: | false |
SSDEEP: | |
MD5: | B4E0F30737BDFC3D823B0773790DF8DF |
SHA1: | B0A81158A8A031963E5CC03FC5DCF87A88C64985 |
SHA-256: | 1B10401428D89758E0B3F5B8835B29790A530808B13F85E62949024997A89358 |
SHA-512: | 886D5C33D940C7E92C8DFF323D334263E0981E8670C1B389570064B69FD4241380CBD37CA9A01823B7AA631BFB0B2843D5E09338ED07EF70E34E0FE12283527E |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.777699713075058 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3468DD19AA31A83B5745CD731A891946 |
SHA1: | EB4C5B11582E0A8413BADBBD23E54194A4934C62 |
SHA-256: | 9CED24E89D8E00461D193E7DC8600700CDDC3D979AEB31EB41159EEF7A716ABA |
SHA-512: | 9333ACB06DF6A26F24758A78406D048B6282D1EE14EBF0D3E24CAF1B714CE5CB2C0E0D1EF51AB362C07900B9B4B6DC9AB09E71D221CE415AB557BC20102CE17C |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.369474650399361 |
Encrypted: | false |
SSDEEP: | |
MD5: | 41D244DA09066C0C3B1E96D09896B3ED |
SHA1: | BB5CCDB3818CBF4CF37401189CE75BF10F7E78AA |
SHA-256: | E44412AAB5EA310AA24E47F8115C0B7BDBC23BD33D765FDF63D4E07585AE66B0 |
SHA-512: | 300CBE3AD11E6F0FEE13477AED4A789CAD891A9F76B0BC18D55439A65413EEDEF38D7DAF8A9E0D1651B3EFD4DF914E844972CBB1BFA1F89E9B7B3397BC0C354D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.138653966726782 |
Encrypted: | false |
SSDEEP: | |
MD5: | B93C7BF3A99F401F56431E6EE91DBF76 |
SHA1: | 9613584F46745A92B4EEEC3D9333A3767FF00407 |
SHA-256: | F8580925730D35A671D9AB6E5BFE57FD219A2C76BD1D85EF1CB14BA07CBCAD3D |
SHA-512: | 5529A53F2D599A3C73E8436EBFB0E9745850923816E5ADD8F17E4E6EF431240286FFE7FF7FE70B4FD0F1C85B494BB9E4F5C215FAD0967739DE323570D7C64F0C |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9869814058920451 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5DD173FC7B9B330C1F4BA7D1B54678BB |
SHA1: | A20594377BA3A184F05444022309649EB6A4DDB2 |
SHA-256: | 4B0099B15605D09A172FAC17629B31850A690894C0D6BFFC72905D868A7BCB98 |
SHA-512: | 94DB19E9264E3C54BE85B89A283270FFECB58E31A76E6BCF890EF69EBE4AC339D66FF67FA6548DB593CA0B8C58E52C11DC03B5855AE452F1B07446DDCB0C00D5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.342391643590252 |
Encrypted: | false |
SSDEEP: | |
MD5: | AF7DB06F1641E73E52FC80AF5F728369 |
SHA1: | 3272F234B70D01CDC717493049774C45F7195720 |
SHA-256: | 1669A246954607B4600CEE6D1DB2096605E900A896F4842A629DA8829772D210 |
SHA-512: | 9FFD087FAA3986AE5C1277B387EA10691D7C60937FCBFC8556B373BE628F4C86EDC8324E2C2BF4943908605DEB1F72A0272464F18AA1BE48790CA73F18A5B50F |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5004142083842487 |
Encrypted: | false |
SSDEEP: | |
MD5: | 014768B498327BB662475A75D0BA6E8F |
SHA1: | 52D99C32FA1F10EC0D952835FB9388D05D83DC52 |
SHA-256: | 78BF916BA53D9E42D674D2CF942FED9A6219002FE23BB2F723F60A10FC07D1A2 |
SHA-512: | 6BB38C0A9E0C3D34A9E63B381306AB19354A146B09705AC11648239BA87B7BC5156AEAB0F5E4FE735BF8E7AC71096463AFA37357D8AC8A142B8D9443F79AE0A3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-22 17-41-36-643.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.353642815103214 |
Encrypted: | false |
SSDEEP: | |
MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.421083537211712 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0B06846337B5F9BA44AC54B807C115E5 |
SHA1: | 69BC7B2868BDDA797358C8F01211549E7DEFCF5F |
SHA-256: | 2C7793A543B2728E562931A893E6DE20B92D6EC3EF0B1E625B14797998A9D5D8 |
SHA-512: | 79D7A6812C79DC329A4CB4AC11A4D54DB1C646271BA67AB10DFBE459024541D15D42F24BB52068D2D4FAC018F76A2E9591A267BCBC938A59A2D0B88531BAD106 |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 7.814529987763102 |
TrID: |
|
File name: | Sally Ockerman.pdf |
File size: | 218'989 bytes |
MD5: | ff939fc40739d69864a2f372306b62cd |
SHA1: | 6680d3cc38be32d882d7d259fd68bcc593779552 |
SHA256: | 7ec473c3ece1f2cb3ce021f77853a2a02a68024524596af5b8a6a908d3844e7e |
SHA512: | 10062f22a2c5ae80706e6e8d3be99ca97700a274e6d280a32cf29d1c3374f0269af1eeaeadcd1ec84ec12a1efac6a83a12f73f92e76b5855e2a58031d36f613b |
SSDEEP: | 3072:GWixxVd/FQtUR3Vd319xM+DT4rQW0cc3c/Rus8H/7CqQG3drs1GS0dMm:e9/1Xl9e0TEQWK3e18H/7CQrsd6 |
TLSH: | F6241203897CECBAC55F80B09CFC2FC3498BA5B21BDA2141D5F817DDAC89F54B464AA1 |
File Content Preview: | %PDF-1.7..4 0 obj.<<./BitsPerComponent 8./ColorSpace /DeviceGray./Filter /FlateDecode./Height 2208./Length 71125./Subtype /Image./Type /XObject./Width 1728.>>.stream.x....V.:.E....f..m,..iK.....\...d..iJ.................................................... |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.814530 |
Total Bytes: | 218989 |
Stream Entropy: | 7.810959 |
Stream Bytes: | 216358 |
Entropy outside Streams: | 5.054758 |
Bytes outside Streams: | 2631 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 19 |
endobj | 19 |
stream | 8 |
endstream | 8 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 4 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
4 | 0c0f2f37333b1f07 | 126358ea4508c3ffaf02f5666315b4cd | |
8 | 161f1f2f2b3a2000 | 1f0af8e28b68947d91cc301ba23ba94e | |
12 | dd0f23333f333800 | 245d1fe747894d402bb673019e1918a6 | |
16 | 0000000000000000 | 1aaf43817668ed103bd3db50f7c8e65d |