Windows
Analysis Report
Scan_Petitgas_ Cedric_20240419-150426_1960_001.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
Analysis Advice
No malicious behavior found, analyze the document also on other version of Office / Acrobat |
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis |
- System is w10x64_ra
- Acrobat.exe (PID: 6988 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\S can_Petitg as_ Cedric _20240419- 150426_196 0_001.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 1792 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6292 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 48 --field -trial-han dle=1340,i ,103034522 5596680513 0,62925225 6258138017 9,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
162.159.61.3 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
52.5.13.197 | unknown | United States | 14618 | AMAZON-AESUS | false | |
184.31.60.185 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
23.54.200.159 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428824 |
Start date and time: | 2024-04-19 17:06:51 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | Scan_Petitgas_ Cedric_20240419-150426_1960_001.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@17/23@0/31 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.31.60.185
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, fs.microsoft.com, ssl-delivery.adobe.com.edgekey.net, ctldl.windowsupdate.com, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Scan_Petitgas_ Cedric_20240419-150426_1960_001.pdf
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.230967888939438 |
Encrypted: | false |
SSDEEP: | |
MD5: | E9B5D5F8080F53F228BB1A7C9AC22C95 |
SHA1: | F43E054C88E40FCE892A7A154D85A32DC1E5E7E3 |
SHA-256: | 2AD7D45CFA46E587AFAD83EC679496B50DA6A234D35CB642397E68D14BA68D4C |
SHA-512: | 9DE770E5B8CD5E8C85387F91596C114C9C3B40D178AC8D1066374C721234A4AB4B7788B757E7FD96EC0117289429AB072254809FAD17C43580130B6182BBEC3B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 331 |
Entropy (8bit): | 5.160545608689389 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9F887D021537A5BCC497C60E92A802FF |
SHA1: | E1548BA914F73D36ED8E49369298398070EF3EFD |
SHA-256: | 4F1B11BC4221782630A881A9300A9D623264DD8B45F777B3F018A6A32D529A55 |
SHA-512: | E5DD0AF197655E39A0C57881109300BA902588072B5A2715D96B19EE9B5F455F5C296A829405C6571BB55686F057A66FE089E0633CA781FB93B653B65FA743FF |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\251c704a-30bc-43f2-a905-828c7511917b.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.994754424509668 |
Encrypted: | false |
SSDEEP: | |
MD5: | DC35134B2184BA4549F3C928F3AED476 |
SHA1: | 5ACAB7A85A4C1B70F98F5E7F44BEAD61515F231A |
SHA-256: | 00A3CB88D191CD8B1513D83F4552DF32340A2EF43FBCA6CB1E421708B93A9906 |
SHA-512: | 243F8E36309157AFC1BAC1D47E524D9FE08405D6A32DD85E5817D5699688D391F0D821206383EA49D52227873D7ADEB616CCEA3FC4397AF15AF5D49FC8828BF1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\7a218518-907f-4526-8594-c290c7442c9b.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF517dd1.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4099 |
Entropy (8bit): | 5.232230358274702 |
Encrypted: | false |
SSDEEP: | |
MD5: | 49A3E6ED2C3BA1AF467D82B9A41D5DE7 |
SHA1: | 82BFF3DA9EE9712B5276EC64DBAAEBFB3D5D6B20 |
SHA-256: | 796ACCA78D2184BDB0AF2538BC3AC8303F22C33DABFEE76F71EC2C5D26B92117 |
SHA-512: | B3CC97B3FF4201857238F5603105145CD5321932A424BE8BE1743719836485EB153DEBBD2C6F6D2650DBF169DFD41BC11AAC3208A329CCD4C2563033B39DC6C8 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 319 |
Entropy (8bit): | 5.179770694396819 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0836EEA837CB2CD3FCE3753724CFC6AA |
SHA1: | 5173644456187B14F07B15F2F1717E15362F1BB8 |
SHA-256: | CF9EFF7959DD6DFE2173021E765A9D828666298E3AC7DB0026295A9E62293E81 |
SHA-512: | 31BECD1B0DB542259DD07A8A600EEB6E4C67FB695C177A992870658E39A7D0299883F3F4BF147808DF57EB7A41DD3A50D1D92A3462B30848D27F83C7FAAEF7AA |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240419150732Z-163.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 2.358807951416821 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6AF98B11E97DB33468436E6DD5204424 |
SHA1: | 933B78597A8AB429F4900C81FB7BBD59F7DCC8EC |
SHA-256: | E70F19E6797C1D1AE9DCA524AF68F5054304C3B31FA3BBAEF2F6812A13F6F52D |
SHA-512: | E4BB1852FF2C5674CBC103269D586FE97D8D9746AE12DBA432A931A2E91A1F5ADC782127DA7198DFA747D95B1EAF6DC5D94E7CED34A106B73F817BE61D358185 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.291927920232006 |
Encrypted: | false |
SSDEEP: | |
MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16928 |
Entropy (8bit): | 1.2142068961815333 |
Encrypted: | false |
SSDEEP: | |
MD5: | 527AA07B7A3BF45F6B4C7B5170C07BD4 |
SHA1: | 5C4D5677D0F60248B9B65E4D746E60F0C5EEB8CD |
SHA-256: | 97CA835D81F86ED619AD60D3EBF9278D6D035774D89BC234A06C793D6FE55A06 |
SHA-512: | 90115AF9A4078B566AA47D2DE985D5EAC40422DB8F88C74CD71DB0D6E346ED88004E3ECDB5321487EFCDE400599F6A49CCC17DF0967937826CA8AD71A80D9CE4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.3738820560132 |
Encrypted: | false |
SSDEEP: | |
MD5: | A462C30AAC61AFFF35BEBFBD7B674F5C |
SHA1: | A238DBFF297A4AFCB0E67BC394CC97F43B4D7D3D |
SHA-256: | 621A900DEE53014E88A6D3BF3ECDEB7E30F446808C6FE7BDE89209B6E1E1A8F4 |
SHA-512: | D2CFC861517BE83200F636537B113F9F5CAC7DFEBF6A476E388D838419D807F376BDA29AD95113FA60B889EFD623B9752747456C68261657DB0CEBC5E47C07D4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.314952574169304 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6243EE5E8FC5157AAB03BC843358EF85 |
SHA1: | FB536DF65540F693A69DB41CCEF0D0D3734074BD |
SHA-256: | 4AFAC5F6A7E4FAEA065E581D90C6C713CBBDEF2D34C8446E3BD1A2441E46D59F |
SHA-512: | 65F81DF93210D8189D9CAF935CFB814F4207F1E4F68A4003F96252AB5FCDC3B4BC23F0F639E9EF6376F945ECC0C06B606B9F80514A3C23165BE0AC338FE4F657 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.132605354127394 |
Encrypted: | false |
SSDEEP: | |
MD5: | B47D998534EF9FF472E0630741C1874C |
SHA1: | B3F9E173BAC2D2554E35132E282609057B6E0428 |
SHA-256: | 7B467E1CD265EE76F7BCB908097F87F947DA12F603D9AC220E59A456373BDA5C |
SHA-512: | 7ACE979344B2C420C44BC14EC38A64F4431D7595C0F992891FB9828EE24CBB36EBD15B61FE3E644023164E7CC1434618E53B719047388492D5775D35D21D3D43 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.988324507749236 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8A68CBF8095C505FE38C6DFF1935E616 |
SHA1: | 3E205643DB4D2016B1B40D2F762C097CDBA7FC82 |
SHA-256: | D19F24FD94B2458B1A85838A9F8A21749524F4F3C0FA3EDAE89BEBC3EE6C10DB |
SHA-512: | 795EABF4A9B623AAE2858E317CAA1E5DC749BC514ACA31BB11441A6EB6BE3C0241C362571D40D4AD4B1A5F4277F70B6D54B49F2BFE7459F01676C57FA771F0B9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3439768097511713 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3A9DE246FEF106962508A25B172D2381 |
SHA1: | 3D1571F1C2FAF274B3430E07A1131445923D0BDD |
SHA-256: | 42D5B308D25448BE59CB33C507BB6A63E37A83C6BA14510E04767FFDB1FE11D2 |
SHA-512: | EF12AA5434B9D67067BE7DC521E1A527C7FE5262A5E3A97267986F4099B334D8E5A631B3B783A48D918DDCA7118B648993490AE28B2166C1A05B656F9325D590 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5329345335875004 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2A08BDBBA7D0172AE40CD8190FAA338B |
SHA1: | 56CC071D9DFD799D2724B04770E90BE995D35A89 |
SHA-256: | 2068189E29FCDC529AD6DA36B2AE8C795BF11AC880B4FCC071C2910CD1265043 |
SHA-512: | 20A3B874C2BC29729A0611F2C6AAB22CF7E90AB8BB19EC1053DF278D57FDB60053A4423DA903ACEC067AFEB9D31DCD89D9F08C580DF6136B8136E62F23C9152F |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 17-07-30-827.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.353642815103214 |
Encrypted: | false |
SSDEEP: | |
MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.421728474002276 |
Encrypted: | false |
SSDEEP: | |
MD5: | 920083584666EAE813576E1960489E50 |
SHA1: | 8D9AB3A6C08996A2DFD6B31135385D44F00F7763 |
SHA-256: | 3325522B802D21BCDF1C4A1F8301B44E023F9521A39A4C6DB6A22BE47CEB8314 |
SHA-512: | 60A907B3056667F08FE2D557F3AA886347C3FAA75D15A5038C31581CE6BA7AD9741DEDA3380C730DDA0EC0D1433DDF5B4E352FF6E232F9477B154282A40F6C5A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | |
MD5: | 22B260CB8C51C0D68C6550E4B061E25A |
SHA1: | DF9A5999C58A8D5ADBB3F8D1111EAB9E4778637E |
SHA-256: | DAB1231CC22DAB591EBB91C853E3EE41C10D3DA85D2EFAB67E9A52CCB3A3A5A0 |
SHA-512: | 503218D83C511A7F7CEA8BC171921D1435664B964F01A8C77DC0F4D0196DD2815D9444DA98278E1369552D004E9B091DD9B89663209F0C52ACB97FCE6AFFE7A9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | |
MD5: | AAAAB43627E96B02BC54A78F0EE8E32C |
SHA1: | 03808205C51BA031BF69F0DF07C9C80835098104 |
SHA-256: | B9ED5860C1528CAE5717E553381762D9C4ED093E546F7500F55B6B18B5C20CEA |
SHA-512: | A476038C2BC9573AFA12D831678C0D2A6EFF0C1E065F7D214A0D5684E79AA7F02710DF30524DE0E6EC90CB660E581531DFA57F038EE1BC285B9BC3DAE17D133D |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 7.857129057848094 |
TrID: |
|
File name: | Scan_Petitgas_ Cedric_20240419-150426_1960_001.pdf |
File size: | 63'515 bytes |
MD5: | f822e1eabebf3298c74a09e4364f83e8 |
SHA1: | cc7052d8f56d831283b9b3aee050a3711ea58606 |
SHA256: | cbaad6f2eb60317c35354884d864da1e2a44061230bfcb3c6bfff103e46544c5 |
SHA512: | 4ffe63092371480262f4dd0b0f3b5dd69af9531250037b861b7744dfcf5949df078fc9ee7ddee7d298fec36f8b15e18e8675751c92daaeff7b9213ce006a3fe3 |
SSDEEP: | 768:nNfbD6LRc+Va48VD0Yp72VnyS71J9bz6ickm191sQonCeFfuYmBALBCWrWAsRGJo:NfA/8VD0E2hySOkSPs1nCef1hYdYIV |
TLSH: | 0553F091C0968C88EE95CA007AB83B6E0FED3E6069DD71D611B4F6216434D39F46B7CB |
File Content Preview: | %PDF-1.4.%......1 0 obj.<< ./Creator (Canon iR-ADV C3525 III PDF)./CreationDate (D:20240419151434+02'00')./Producer (\376\377\000A\000d\000o\000b\000e\000 \000P\000S\000L\000 \0001\000.\000\.3\000e\000 \000f\000o\000r\000 \000C\000a\000n\000o\000n\000\00 |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.857129 |
Total Bytes: | 63515 |
Stream Entropy: | 7.874558 |
Stream Bytes: | 58995 |
Entropy outside Streams: | 5.125487 |
Bytes outside Streams: | 4520 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 22 |
endobj | 22 |
stream | 17 |
endstream | 17 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |