Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
phish_alert_iocp_v1.4.48 (15).eml

Overview

General Information

Sample name:phish_alert_iocp_v1.4.48 (15).eml
Analysis ID:1526117
MD5:309f769231ed959f0b81b126b6a0f695
SHA1:c45d17358d2f1c5377263972b1f9fa4cc63aeac4
SHA256:8869a1f4341b483df37f9611580d623637302b623a1fcfae0fe6c4579fa72893
Infos:

Detection

Score:21
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

AI detected landing page (webpage, office document or email)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6876 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_iocp_v1.4.48 (15).eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6804 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "B7CDE7B3-845A-4E0C-BB80-07F62ECEA222" "E47BA0D5-FE25-49C8-A398-27B3C8E6C9EF" "6876" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 1360 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://clicktime.cloud.postoffice.net/clicktime.php?U=https://federalreservebanks.na2.adobesign.com/public/esign%3Ftsid%3DCBFCIBAACBSCTBABDUAAABACAABAAGt69JyuRA5Fss-Bvn1ZI0QQj7cuwfxPKCE_0BucD_stmG5iRWIim3LC1BPGRd37iZ06HQXx7LRM8mkjBtzBiwYjqBa7FfiDLuI1MlO8or6b_ajUHTj3rQd-RWKb4dC9R%26&E=jherron%40firstfedweb.com&X=XID208CJDqWo6587Xd1&T=FF1001&HV=U,E,X,T&H=af11579e943013f5cf298f6c57ae8197f64d22a9 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 6348 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1780,i,15805172005331515189,14764177718803670132,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6876, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: https://clicktime.cloud.postoffice.net/clicktime.php?U=https://federalreservebanks.na2.adobesign.com/public/esign%3Ftsid%3DCBFCIBAACBSCTBABDUAAABACAABAAGt69JyuRA5Fss-Bvn1ZI0QQj7cuwfxPKCE_0BucD_stmG5iRWIim3LC1BPGRd37iZ06HQXx7LRM8mkjBtzBiwYjqBa7FfiDLuI1MlO8or6b_ajUHTj3rQd-RWKb4dC9R%26&E=jherron%40firstfedweb.com&X=XID208CJDqWo6587Xd1&T=FF1001&HV=U,E,X,T&H=af11579e943013f5cf298f6c57ae8197f64d22a9HTTP Parser: No favicon
Source: https://federalreservebanks.na2.adobesign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAAGt69JyuRA5Fss-Bvn1ZI0QQj7cuwfxPKCE_0BucD_stmG5iRWIim3LC1BPGRd37iZ06HQXx7LRM8mkjBtzBiwYjqBa7FfiDLuI1MlO8or6b_ajUHTj3rQd-RWKb4dC9R&HTTP Parser: No <meta name="author".. found
Source: https://federalreservebanks.na2.adobesign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAAGt69JyuRA5Fss-Bvn1ZI0QQj7cuwfxPKCE_0BucD_stmG5iRWIim3LC1BPGRd37iZ06HQXx7LRM8mkjBtzBiwYjqBa7FfiDLuI1MlO8or6b_ajUHTj3rQd-RWKb4dC9R&HTTP Parser: No <meta name="copyright".. found
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: clicktime.cloud.postoffice.net
Source: global trafficDNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: cloud.postoffice.net
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: federalreservebanks.na2.adobesign.com
Source: global trafficDNS traffic detected: DNS query: secure.na2.echocdn.com
Source: global trafficDNS traffic detected: DNS query: use.typekit.net
Source: global trafficDNS traffic detected: DNS query: p.typekit.net
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: classification engineClassification label: sus21.winEML@18/38@34/115
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241004T1323460631-6876.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_iocp_v1.4.48 (15).eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "B7CDE7B3-845A-4E0C-BB80-07F62ECEA222" "E47BA0D5-FE25-49C8-A398-27B3C8E6C9EF" "6876" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "B7CDE7B3-845A-4E0C-BB80-07F62ECEA222" "E47BA0D5-FE25-49C8-A398-27B3C8E6C9EF" "6876" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://clicktime.cloud.postoffice.net/clicktime.php?U=https://federalreservebanks.na2.adobesign.com/public/esign%3Ftsid%3DCBFCIBAACBSCTBABDUAAABACAABAAGt69JyuRA5Fss-Bvn1ZI0QQj7cuwfxPKCE_0BucD_stmG5iRWIim3LC1BPGRd37iZ06HQXx7LRM8mkjBtzBiwYjqBa7FfiDLuI1MlO8or6b_ajUHTj3rQd-RWKb4dC9R%26&E=jherron%40firstfedweb.com&X=XID208CJDqWo6587Xd1&T=FF1001&HV=U,E,X,T&H=af11579e943013f5cf298f6c57ae8197f64d22a9
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1780,i,15805172005331515189,14764177718803670132,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://clicktime.cloud.postoffice.net/clicktime.php?U=https://federalreservebanks.na2.adobesign.com/public/esign%3Ftsid%3DCBFCIBAACBSCTBABDUAAABACAABAAGt69JyuRA5Fss-Bvn1ZI0QQj7cuwfxPKCE_0BucD_stmG5iRWIim3LC1BPGRd37iZ06HQXx7LRM8mkjBtzBiwYjqBa7FfiDLuI1MlO8or6b_ajUHTj3rQd-RWKb4dC9R%26&E=jherron%40firstfedweb.com&X=XID208CJDqWo6587Xd1&T=FF1001&HV=U,E,X,T&H=af11579e943013f5cf298f6c57ae8197f64d22a9
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1780,i,15805172005331515189,14764177718803670132,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Persistence and Installation Behavior

barindex
AI detected landing page (webpage, office document or email)
Source: EmailLLM: Page contains button: 'Click here to review and sign Security and Resiliency Assurance Program materials for FIRST FEDERAL SAVINGS & LOAN (OR): 323270313.' Source: 'Email'
Source: EmailLLM: Email contains prominent button: 'click here to review and sign security and resiliency assurance program materials for first federal savings & loan (or): 323270313.'
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		LSASS Memory12
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
cloud.postoffice.net
165.212.65.209
truefalse
    		unknown
    cdnjs.cloudflare.com
    		104.17.24.14
    		truefalse
      		unknown
      clicktime.cloud.postoffice.net
      		165.212.65.140
      		truefalse
        		unknown
        maxcdn.bootstrapcdn.com
        		104.18.10.207
        		truefalse
          		unknown
          secure.na2dc2.echosign.com
          		44.234.124.143
          		truefalse
            		unknown
            www.google.com
            		142.250.185.164
            		truefalse
              		unknown
              federalreservebanks.na2.adobesign.com
              		44.234.124.143
              		truefalse
                		unknown
                use.typekit.net
                		unknown
                		unknownfalse
                  		unknown
                  p.typekit.net
                  		unknown
                  		unknownfalse
                    		unknown
                    secure.na2.echocdn.com
                    		unknown
                    		unknownfalse
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      52.113.194.132
                      		unknownUnited States
                      		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      104.17.24.14
                      		cdnjs.cloudflare.comUnited States
                      		13335CLOUDFLARENETUSfalse
                      165.212.65.209
                      		cloud.postoffice.netUnited States
                      		14454PERIMETER-ESECURITYUSfalse
                      2.16.168.10
                      		unknownEuropean Union
                      		20940AKAMAI-ASN1EUfalse
                      104.18.10.207
                      		maxcdn.bootstrapcdn.comUnited States
                      		13335CLOUDFLARENETUSfalse
                      172.217.16.206
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      142.250.186.163
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      52.182.143.213
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      2.19.126.206
                      		unknownEuropean Union
                      		16625AKAMAI-ASUSfalse
                      165.212.65.140
                      		clicktime.cloud.postoffice.netUnited States
                      		14454PERIMETER-ESECURITYUSfalse
                      64.233.167.84
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      2.19.126.198
                      		unknownEuropean Union
                      		16625AKAMAI-ASUSfalse
                      2.19.126.151
                      		unknownEuropean Union
                      		16625AKAMAI-ASUSfalse
                      239.255.255.250
                      		unknownReserved
                      		unknownunknownfalse
                      142.250.185.164
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse
                      44.234.124.143
                      		secure.na2dc2.echosign.comUnited States
                      		16509AMAZON-02USfalse
                      44.234.124.145
                      		unknownUnited States
                      		16509AMAZON-02USfalse
                      52.109.76.243
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      142.250.184.234
                      		unknownUnited States
                      		15169GOOGLEUSfalse

                      Private

                      IP
                      192.168.2.16

                      General Information

                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1526117
                      Start date and time:2024-10-04 19:23:13 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:17
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • EGA enabled
                      Analysis Mode:stream
                      Analysis stop reason:Timeout
                      Sample name:phish_alert_iocp_v1.4.48 (15).eml
                      Detection:SUS
                      Classification:sus21.winEML@18/38@34/115
                      Cookbook Comments:
                      • Found application associated with file extension: .eml

                      Warnings

                      • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 52.113.194.132, 52.109.76.243, 2.19.126.151, 2.19.126.160
                      • Excluded domains from analysis (whitelisted): ecs.office.com, omex.cdn.office.net, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, eur.roaming1.live.com.akadns.net, neu-azsc-000.roaming.officeapps.live.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, s-0005.s-msedge.net, osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, a1864.dscd.akamai.net
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                      • VT rate limit hit for: phish_alert_iocp_v1.4.48 (15).eml

                      LLM Input / Output

                      InputOutput
                      URL: Email Model: jbxai
                      {
"brand":["Adobe Acrobat Sign Logo"],
"contains_trigger_text":true,
"trigger_text":"Click here to review and sign Security and Resiliency Assurance Program materials for FIRST FEDERAL SAVINGS & LOAN (OR): 323270313.",
"prominent_button_name":"Click here to review and sign Security and Resiliency Assurance Program materials for FIRST FEDERAL SAVINGS & LOAN (OR): 323270313.",
"text_input_field_labels":["If you have questions,
 call the Customer Contact Center (CCC) at (888) 333-7010."],
"pdf_icon_visible":true,
"has_visible_captcha":false,
"has_urgent_text":true,
"has_visible_qrcode":false}
                      URL: https://clicktime.cloud.postoffice.net/clicktime.php?U=https://federalreservebanks.na2.adobesign.com/public/esign%3Ftsid%3DCBFCIBAACBSCTBABDUAAABACAABAAGt69JyuRA5Fss-Bvn1ZI0QQj7cuwfxPKCE_0BucD_stmG5iRWIim3LC1BPGRd37iZ06HQXx7LRM8mkjBtzBiwYjqBa7FfiDLuI1MlO8 Model: jbxai
                      {
"brand":["SILVERSKY"],
"contains_trigger_text":true,
"trigger_text":"Scanning URL for Threats...",
"prominent_button_name":"Cancel",
"text_input_field_labels":["Static Analysis",
"Dynamic Analysis",
"In-Depth Analysis"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":true,
"has_visible_qrcode":false}
                      URL: https://federalreservebanks.na2.adobesign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAAGt69JyuRA5Fss-Bvn1ZI0QQj7cuwfxPKCE_0BucD_stmG5iRWIim3LC1BPGRd37iZ06HQXx7LRM8mkjBtzBiwYjqBa7FfiDLuI1MlO8or6b_ajUHTj3rQd-RWKb4dC9R& Model: jbxai
                      {
"brand":[],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                      URL: https://federalreservebanks.na2.adobesign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAAGt69JyuRA5Fss-Bvn1ZI0QQj7cuwfxPKCE_0BucD_stmG5iRWIim3LC1BPGRd37iZ06HQXx7LRM8mkjBtzBiwYjqBa7FfiDLuI1MlO8or6b_ajUHTj3rQd-RWKb4dC9R& Model: jbxai
                      {
"brand":["THE FEDERAL RESERVE",
"Adobe Acrobat Sign"],
"contains_trigger_text":true,
"trigger_text":"View message from Assurance Program",
"prominent_button_name":"Next required field",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):231348
                      Entropy (8bit):4.387940684715609
                      Encrypted:false
                      SSDEEP:
                      MD5:60EA81D435236ED4905940AFD809CDC0
                      SHA1:08864EE759578D7D8F704F7496FD0D8667922A6B
                      SHA-256:F13506EBD06E0AC4B7C0D580EC1C4BC85FAD248C1F1C19886398ED2F7E5F8326
                      SHA-512:F93D2840CA1C3C57DF300FDB2202DC2DD85E9EFE7ED59DA7176185C8875D4A7CBE5A31B3C62721F0200B9D09FE4DF837197B01267FEC666EFC7397CF3FE4CF28
                      Malicious:false
                      Reputation:unknown
                      Preview:TH02...... . .U ........SM01X...,...P.G ............IPM.Activity...........h...............h............H..h...........6...h........ .,.H..h\cal ...pDat...h.H..0..........h;.m_..+........h........_`Pk...h..m_@...I.lw...h....H...8.Uk...0....T...............d.........2h...............k..............!h.............. hW.............#h....8.........$h .,.....8....."h..............'h..............1h;.m_<.........0h....4....Uk../h....h.....UkH..h..+.p.........-h .......D.....+h..m_................ ...... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:ASCII text, with very long lines (65536), with no line terminators
                      Category:dropped
                      Size (bytes):322260
                      Entropy (8bit):4.000299760592446
                      Encrypted:false
                      SSDEEP:
                      MD5:CC90D669144261B198DEAD45AA266572
                      SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                      SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                      SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                      Malicious:false
                      Reputation:unknown
                      Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:ASCII text, with no line terminators
                      Category:modified
                      Size (bytes):10
                      Entropy (8bit):2.6464393446710153
                      Encrypted:false
                      SSDEEP:
                      MD5:B0722498C457FE02F4D08AD1BD7178A0
                      SHA1:26D9F2518449F60C912B0785F4876CDE76135C11
                      SHA-256:01BC6D40C30A3207304093035B55910FF8ACB812404404081FDEB313287F0885
                      SHA-512:92EFFB1DB1E66CF52D1B73A2894CFA886FE5EBCD7754F3DFF6DD6D979CD9EF6303320A807C3600C0683AD18D3AB8242484C833C23FF5EF8F486FBCA7D73185A9
                      Malicious:false
                      Reputation:unknown
                      Preview:1728062629

                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):4616
                      Entropy (8bit):0.1384465837476566
                      Encrypted:false
                      SSDEEP:
                      MD5:FC2E4F2C928EB0711DC04F6D52443FDF
                      SHA1:FCAA7D63A33217657BF2E0B81B09F4C8BF009656
                      SHA-256:9C758620A849877586833BC5C1686D841EBAC1782E131B96FF4F6DBA8A11B077
                      SHA-512:43B99C97742DC83A08219955EE69F8C40D80F89C8E673BF34DE2891D5709FE472FC8DDEE5384101CDEDC1FE42FBDE7833EC7217708A90D30E322ED36B7B6D15F
                      Malicious:false
                      Reputation:unknown
                      Preview:.... .c.....h......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):30
                      Entropy (8bit):1.2389205950315936
                      Encrypted:false
                      SSDEEP:
                      MD5:C4356201FDDEA4F4FACD9154863F71A2
                      SHA1:1FE0971B5CC341862C4501E8962BF6761F0B1820
                      SHA-256:C3C0E72D14E6E8B089E8E4D93E8319CE0B30ED312775008E5A02E774326088E5
                      SHA-512:5DBE8873EF1CE0955586D5B6E04448FEE5FA27E121053F47D222D680CDF9E00D73DF555F6740C03CF149DD8B164DE7EA0D41EAFC4A39D4FFD51BF022EF667E1F
                      Malicious:false
                      Reputation:unknown
                      Preview:..............................

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 16:25:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2673
                      Entropy (8bit):3.9819435647171773
                      Encrypted:false
                      SSDEEP:
                      MD5:7679C44F65FD3C2F14F6C9408556E42C
                      SHA1:439E0402ED7F3265A25603E7075B2BA026A11283
                      SHA-256:2FE1F42F7808D95DEC4F95EBCA972AC92D35108886C0B1A0AE6D509651D7D7E6
                      SHA-512:460599C211C5B1387A95B6CDB8438A38A33629BE9ED3E00DFF23BC59C4AFBE5A13CF111A5BF8334E616ADD913CF8276D6E0AD2372BEA57C070510555D5A7D1DB
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,....~H._....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IDY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY&.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY&.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY&............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDY'............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............C.N.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 16:25:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2675
                      Entropy (8bit):4.001981726931417
                      Encrypted:false
                      SSDEEP:
                      MD5:1785AB560BEB2C4B6C664117683CC725
                      SHA1:DC473EBC5B97688816895F709E1DD26295C36A61
                      SHA-256:D5E839B4632286A1DBC177AD7DCC4208C38F6B56DB60ECBE8B30D29897E28575
                      SHA-512:685B97D279B8F527899009D2C21B23D45675855534AF647FFD3CAE50F57B327003C84ED4DEEF0E2673EBA337AC765E1DC62D5EE97369D3E999A3353E369DFFEE
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.......^....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IDY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY&.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY&.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY&............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDY'............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............C.N.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2689
                      Entropy (8bit):4.00853407931448
                      Encrypted:false
                      SSDEEP:
                      MD5:8F6F3562893D0F6E61E2FE389149EC2E
                      SHA1:80D8E3D05DE34B0A4F881300DA5300479804E356
                      SHA-256:17FEBDCA59C548D40A486BA51935AED4BA3CF7816FDB6F19C1F23EB03ACC253E
                      SHA-512:CFB44220F1D5D15FE7E0619FADF3176579E87DD889DC943E78BF757C8EB18ED45249D7543F204818E04C0B9C82FCF8CF2E0DDEA1763FEB5E50E6121317BF3FD9
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IDY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY&.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY&.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY&............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............C.N.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 16:25:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2677
                      Entropy (8bit):4.000608998465001
                      Encrypted:false
                      SSDEEP:
                      MD5:8CF952508148280CD5EFEBE9E57E8DB3
                      SHA1:C2259605A78E2C03EA150D757ADAE41FF341AD7F
                      SHA-256:0D98563596077207F4BF2F9DFB0801E3E19500E4D96CA31480087D64EC445EF8
                      SHA-512:E460048F1FA9BB76FAECD572C2B55D35BEA39505FF3650569A94579F862AA8805E483A035304ED3095769B46346CDEEECFAE59CA6E5BC39B80A2CC7827603D4F
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,....K..^....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IDY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY&.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY&.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY&............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDY'............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............C.N.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 16:25:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2677
                      Entropy (8bit):3.9868078107537857
                      Encrypted:false
                      SSDEEP:
                      MD5:9629091FC86A890B2535C3437AC81F8A
                      SHA1:4DAF3705705D0E075C44FFA12FF1E3C2A20E9DC5
                      SHA-256:054A6C69EF2DB7A325321CABA64F8970DC09E4A847E0F1E9C1A0B1C2A020CFF0
                      SHA-512:9FE4C3035E80ED4A91D5F8A86623CE90C812461A3810A59754A2754BFFE1AC8CD9AC8F9828AD1FD6D5D6D0945F92C98C3197F0035F706A77CB2E6C5F3F972287
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,....J.._....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IDY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY&.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY&.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY&............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDY'............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............C.N.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 16:25:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2679
                      Entropy (8bit):3.9971827691518986
                      Encrypted:false
                      SSDEEP:
                      MD5:94C1A55539B5A03A1A73D9BDF023E568
                      SHA1:3B906AA22EEBBAEDD47CD573C03B8A15F8134F10
                      SHA-256:40FAC33781078CCD37156F5D8E03C7D4CEAAC882F4545664B18C14539E7BE6A6
                      SHA-512:B00E7A3A03BF7F6A355BBA65893270A9BCA36B8D08B95BE2453A654F8AE1379FFEB0C4DF7946E50CF3066CAE786F4AF816F40A42DAF31AB6C03AB99D56DA3AFF
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....`.^....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IDY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY&.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY&.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY&............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDY'............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............C.N.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      Chrome Cache Entry: 100

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (5632)
                      Category:downloaded
                      Size (bytes):5633
                      Entropy (8bit):5.321851327578031
                      Encrypted:false
                      SSDEEP:
                      MD5:47ABD389245817A0D1CCCDFD635987DA
                      SHA1:66B03EEDC907A2FE86222E8350CF32AF0B236F0D
                      SHA-256:44A61F3D32524D8EA20D06249621C69673F76FBD13D6201F6F4A107923FDE580
                      SHA-512:800F125614E63EFA04A0421B4FE161B4B998B7A2563A192C9578D7E6EB7F21C3FDAA97EBB18D5DF65529820CD1126637CE7D4179146D99D5DC2AAF19EE942035
                      Malicious:false
                      Reputation:unknown
                      URL:https://secure.na2.echocdn.com/resource/1730650309/bundles/toast-message.css
                      Preview:#toast-container{display:flex;position:fixed;right:0;z-index:100050;-ms-flex-direction:column;flex-direction:column;-ms-flex-align:center;align-items:flex-end;}#toast-main-view{display:none;-webkit-animation:fadein 0.3s, fadeout 1s 6.5s;animation:fadein 0.5s, fadeout 1s 6.5s;}.toast{box-sizing:border-box;line-height:1.5;display:inline-flex;-ms-flex-direction:row;flex-direction:row;-ms-flex-align:stretch;align-items:stretch;border-radius:4px;padding:8px 8px 8px 16px;font-size:14px;font-weight:700;-webkit-font-smoothing:antialiased;margin:8px;}.toast--success{background-color:rgb(18, 128, 92);color:rgb(18, 128, 92);}.toast--error{background-color:rgb(232, 9, 28);color:rgb(232, 9, 28);}.toast--info{background-color:rgb(9, 90, 186);color:rgb(9, 90, 186);max-width:415px;}.toast--top-right{right:0;}.toast--top-middle{right:40% !important;top:66px;}.toast--button-secondary{border-color:white !important;}.toast--button-primary{}.toast--button-secondary-center{border-color:white !important;floa

                      Chrome Cache Entry: 104

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (26548)
                      Category:downloaded
                      Size (bytes):26711
                      Entropy (8bit):4.753681219070429
                      Encrypted:false
                      SSDEEP:
                      MD5:0831CBA6A670E405168B84AA20798347
                      SHA1:05EA25BC9B3AC48993E1FEE322D3BC94B49A6E22
                      SHA-256:936FFCCDC35BC55221E669D0E76034AF76BA8C080C1B1149144DBBD3B5311829
                      SHA-512:655F4A6B01B62DE824C29DE7025C4B21516E7536AE5AE0690B5D2E11A7CC1D82F449AAEBCF903B1BBF645E1E7EE7EC28C50E47339E7D5D7D94663309DFA5A996
                      Malicious:false
                      Reputation:unknown
                      URL:https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css
                      Preview:/*!. * Font Awesome 4.4.0 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot?v=4.4.0');src:url('../fonts/fontawesome-webfont.eot?#iefix&v=4.4.0') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff2?v=4.4.0') format('woff2'),url('../fonts/fontawesome-webfont.woff?v=4.4.0') format('woff'),url('../fonts/fontawesome-webfont.ttf?v=4.4.0') format('truetype'),url('../fonts/fontawesome-webfont.svg?v=4.4.0#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.

                      Chrome Cache Entry: 105

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (1215)
                      Category:downloaded
                      Size (bytes):162116
                      Entropy (8bit):4.992534661953849
                      Encrypted:false
                      SSDEEP:
                      MD5:55B3DE8C965B36683CCAF792FDB6F2EC
                      SHA1:FEB8F996B75D12552BE4D622C01E0AABAC868ABF
                      SHA-256:EBEFA0049242869709CA78F3769F0D017EF7978792E74A041E319A477AEE5318
                      SHA-512:9D9D3D3DA1815235E6452B73F53CDC30CD4C9E72F2458CC00CAE468FD9A0E1241DF88EAD446CDE4E9CCDBA159529B76B67885D1CB17FC7A4E6FCDC6C1D1BF164
                      Malicious:false
                      Reputation:unknown
                      URL:https://secure.na2.echocdn.com/resource/N764981603/bundles/dcSignPanel.css
                      Preview:/*!. * ADOBE CONFIDENTIAL. * ___________________. * . * Copyright 2017 Adobe Systems Incorporated. * All Rights Reserved.. * . * NOTICE: All information contained herein is, and remains. * the property of Adobe Systems Incorporated and its suppliers,. * if any. The intellectual and technical concepts contained. * herein are proprietary to Adobe Systems Incorporated and its. * suppliers and are protected by all applicable intellectual property. * laws, including trade secret and copyright laws.. * Dissemination of this information or reproduction of this material. * is strictly forbidden unless prior written permission is obtained. * from Adobe Systems Incorporated.. */./*!. * */ /**. * _________________________________. * < DO NOT UPDATE THIS FILE DIRECTLY. >. * ---------------------------------. * \ ^__^. * \ (oo)\_______. * (__)\ )\/\. * ||----w |. * || ||. * . * . * INSTEAD USE https://git.corp.adob

                      Chrome Cache Entry: 106

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text
                      Category:downloaded
                      Size (bytes):2186
                      Entropy (8bit):4.757782388872235
                      Encrypted:false
                      SSDEEP:
                      MD5:07A6DC5AC593B15AAF16A70BE15F6D24
                      SHA1:7C3E38C817281206726470330229D1B7E2A4790B
                      SHA-256:5E56EAB72979F3A0AA28B53CD2DB8395B9BB8AC4433DDDC94B221DAA25A5B73A
                      SHA-512:44D8CA93015B9D1410515B2762808B2C52B6C4302B5D6B5804E0BC6A3435E7F93859669172D7207719EDC8A59A70FD9DADE50C10BBF6D5FF867AFA9B7776F62B
                      Malicious:false
                      Reputation:unknown
                      URL:https://clicktime.cloud.postoffice.net/css/styles.css
                      Preview:body {. background-color: #eee;. color: #444;. font-family:"Open Sans","Helvetica Neue", Helvetica, Arial, sans-serif;. font-size: 14px;.}.h1 {. font-size: 24pt;. font-weight: normal .}.table {. width: 60%;.}..analysis h3 {. display: inline;.}..content {. visibility: visible;. z-index: 1;.}.#watermark-text-black {. color:black;. opacity: 0.2;. font-size:120px;. transform:rotate(330deg);. -webkit-transform:rotate(330deg);. position:absolute;. margin: 100px auto;. padding: 2px 2px;. visibility: hidden;.}.#watermark-text-white {. color:white;. opacity: 0.2;. font-size:120px;. transform:rotate(330deg);. -webkit-transform:rotate(330deg);. position:absolute;. margin: 100px auto;. visibility: hidden;.}.button {. width: 100%;. text-align: left;. padding: 0px 15px;. font-size: 12pt;. color: #fff;. background-color: #555;. border: 5px solid #555;.}.button:hover {. background-color: #333;.}.a

                      Chrome Cache Entry: 107

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PNG image data, 353 x 60, 8-bit/color RGB, non-interlaced
                      Category:downloaded
                      Size (bytes):8743
                      Entropy (8bit):7.962543779903042
                      Encrypted:false
                      SSDEEP:
                      MD5:C3D70E8CF5CEB848EA34F4FE8B9F3DD1
                      SHA1:11F107956EAFE83A8934DEF95034ACACB9D779B8
                      SHA-256:35A6C4887D87BF27F4C039A2A4C6D9698CF07B98971B87D73A6F780BFE7EBBD3
                      SHA-512:469F1FC48902FB13956323ECA01B8A8D24F44CC5586D24AE4A225ADD37090E91FF3A24DC1E5B7929170133247C701D5E4623DE36E693F91A3BA3FE55842D0E77
                      Malicious:false
                      Reputation:unknown
                      URL:https://federalreservebanks.na2.adobesign.com/cobrand_logo/CBNCJCAABACAABAAIsYNylc1VMpZzuLjGRQZWAXraphs1c3fo5CcW7nGq4ImY7BITyk99pGf-cympqoUKaXFEB9xNtCY1CIrz_iIbcz_SYM8O7SyiTM2QA82-_bodJ1TOm2Ck3mQr055ZyTGWdrS1eDwS7s1qlG5j2bv9C1XkgGE7tVJocN92DNzih5ZFsaFPr6gMFwFXY-xoY4-YqBqQU75FgXwrwxh6ITVGO1EmbPKyCXemwTcSwH77O8N9KBa6pQ3V1NK87SG8VJZpvphaUQyom2ijPu9VsvhXLlMyn1YnqUTJQi2qdTOw9Q5hCGfZ_428ZKym5J2ziAI
                      Preview:.PNG........IHDR...a...<.....8.....!.IDATx^.].X.G./n.o.....Dc4..jv.9....Y.h..{......D...+...@..0.}.D......x%..@9g.......m......_}|U.^U...~.^uU..<x....@\...<x........Q.sU\)._.<G..u.....=.....s..^../.!"<.+............ged.W. ......?88.\....p..."s....#x.:..#V.\...o..3f.q".(//..q.q..U..\....... s....#x.:..#F..Ml.....\......#.%....R.4.>@.9.G.C.9..7....gOcc#<.!occc4..*11Q"..s...t......T*.....,H'.....V...7.={.e..].baa!.UWW.?~......p...............O.1...KT..9..W_..,_......0Z........7..d2.7.%.9.G.......D...LLL.m......]].....$.o............5..............K.M.d2s.+..BG..a.y-..+/.."..@.. ...h.........r.}.n.....!. t.o....G...........C,...Ol5//....2k.))).L`` (........&.s....8t..../^..|.(......2NNN........;v.. ...^.7.|3o.<.7.cC.Q.].P/.F..8.O|....F..=..'...(++KKK..D.D.....W.......@ ......T..8w..( ..{.'.|...9.)..9s&......c.....#6.x..w!..Bt ?j.(.' ..$E...t:.A. .A.......z.x...U..F...r....*D.... \.v-....Kt.....n........~..r.|.a...5....&....`.K.,..........

                      Chrome Cache Entry: 109

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (32038)
                      Category:downloaded
                      Size (bytes):95992
                      Entropy (8bit):5.391333957965341
                      Encrypted:false
                      SSDEEP:
                      MD5:F03E5A3BF534F4A738BC350631FD05BD
                      SHA1:37B1DB88B57438F1072A8EBC7559C909C9D3A682
                      SHA-256:AEC3D419D50F05781A96F223E18289AEB52598B5DB39BE82A7B71DC67D6A7947
                      SHA-512:8EEEAEFB86CF5F9D09426814F7B60E1805E644CAC3F5AB382C4D393DD0B7AB272C1909A31A57E6D38D5ACF207555F097A64A6DD62F60A97093E97BB184126D2A
                      Malicious:false
                      Reputation:unknown
                      URL:https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
                      Preview:/*! jQuery v1.11.3 | (c) 2005, 2015 jQuery Foundation, Inc. | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l="1.11.3",m=function(a,b){return new m.fn.init(a,b)},n=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,o=/^-ms-/,p=/-([\da-z])/gi,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,constructor:m,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map(this,function(b,c){ret

                      Chrome Cache Entry: 110

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PNG image data, 250 x 92, 8-bit/color RGBA, non-interlaced
                      Category:downloaded
                      Size (bytes):9335
                      Entropy (8bit):7.971742760307023
                      Encrypted:false
                      SSDEEP:
                      MD5:1C83FE8B9201CAC3D9E92DAB3E5383C4
                      SHA1:2CEDC7C3D1CAA57FC400DB2D3EE689626847CF84
                      SHA-256:0B6F376E22180D732CDF015BE9DE295BCC8E0BDB10A61536DDFD39C0026918AF
                      SHA-512:EF46559B15ED8A2FCD42275C5414D82147EF5F754CD4990103EFE174751008F2A621D9A9D70CF59A825035F5AB112B03D9C58685E3B46AF079A6C98EAA7C7987
                      Malicious:false
                      Reputation:unknown
                      URL:https://cloud.postoffice.net/dynamic_logo/tag/FF1001
                      Preview:.PNG........IHDR.......\.....G.......sRGB.........gAMA......a.....pHYs...#...#.x.?v..$.IDATx^..|.e..wf.K..@0...(.....)..."E.r....:XNi..I1..)......T...b....$..$3...f...%...l....<....w..}..m.H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".HNi..P......W.........Wk.....77.\kU"9..PEWU...7..k..%--...e...'4}%.@...h...YYY...S....#..8.Z.HN:'\..-u..z......:.Z.H"...Z*....Z+...&MRKK..,.}[$...d.*.z...24o.2EQ...U.$b8..EJ{.....J.'##.L]7.n.J$..ITtb<..z/.Vj5....k..Z.H"....P..a8s..Z.j%.OV_<KOkU".8N..)..s.f-...Z....3.V%..$R,......k.p.....U.$"..EWNs..tk.....t5.c..*.D,...+......c.F<....p.Y.....I..Q.`......V#....GQ<..V%..&.....yaa1b..&##.".P.[..I..Q.n1$##.zk9.X.p.SU.l.J.k.D..D..3.UU%...G.;w....W..$..A$Ztr^aa...!++.,E1..V%.Z.IW.|}....Z.\...OnGk5".u......_..f-J$..IU...|}..JZ.l.....k...(Z.t..x.........g.....{[*.$b.I.<.O..s_hb.....g.p..O...5==.(**.Sv...[2&>....4...Z.'.|.....N./]..\.tI..s..9...*...!)z\\.....&MZX......`.gR...y.f...0JJJ.)...O<.L.Y..I....B'.Z5...W^y.\

                      Chrome Cache Entry: 111

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
                      Category:downloaded
                      Size (bytes):370415
                      Entropy (8bit):5.443656762458118
                      Encrypted:false
                      SSDEEP:
                      MD5:B11EC90A4DE52987D268B1CD9FD11311
                      SHA1:FBA165EA5737DBA22B8C71E7AA0FE013B4851BBC
                      SHA-256:F826430E91AB162A5E66F077188267A982DDE9925EE0B56DB36604B8429FFC03
                      SHA-512:D71B730656AD4AB78989A967CB90BACE00B8906D8D82113270BA97359F3F3FB47B450B072DDCCD428B24D4B3423554446AF39D2F4437E33BF5B0B346D27537F4
                      Malicious:false
                      Reputation:unknown
                      URL:https://secure.na2.echocdn.com/resource/N1154224597/bundles/app-theme.css
                      Preview:.slider{display:inline-block;vertical-align:middle;position:relative;}.slider.slider-horizontal{width:210px;height:20px;}.slider.slider-horizontal .slider-track{height:10px;width:100%;margin-top:-5px;top:50%;left:0;}.slider.slider-horizontal .slider-selection{height:100%;top:0;bottom:0;}.slider.slider-horizontal .slider-handle{margin-left:-10px;margin-top:-5px;}.slider.slider-horizontal .slider-handle.triangle{border-width:0 10px 10px 10px;width:0;height:0;border-bottom-color:#0480be;margin-top:0;}.slider.slider-vertical{height:210px;width:20px;}.slider.slider-vertical .slider-track{width:10px;height:100%;margin-left:-5px;left:50%;top:0;}.slider.slider-vertical .slider-selection{width:100%;left:0;top:0;bottom:0;}.slider.slider-vertical .slider-handle{margin-left:-5px;margin-top:-10px;}.slider.slider-vertical .slider-handle.triangle{border-width:10px 0 10px 10px;width:1px;height:1px;border-left-color:#0480be;margin-left:0;}.slider input{display:none;}.slider .tooltip-inner{white-space:n

                      Chrome Cache Entry: 112

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:Unicode text, UTF-8 text, with very long lines (2258)
                      Category:downloaded
                      Size (bytes):17476
                      Entropy (8bit):5.5562021281521154
                      Encrypted:false
                      SSDEEP:
                      MD5:80AA1425E8422CAEF6A4DEFFDA2F5A38
                      SHA1:BCADA77A87D8F10F1CA4ADE8D393B2AD9988AD13
                      SHA-256:1B3329DED46F847B991CE76CBD6252FC0322BED2ADA2535143B58543109E271D
                      SHA-512:9DD29547A084858ACD7ADA9E451185983F8BD1B5C1D35DDA15A6BB52CA7D3B65DD8A604BDAE580B000748481DC71A224A0EAE7006C576F50F5EE8087C3B1DF2D
                      Malicious:false
                      Reputation:unknown
                      URL:https://use.typekit.net/fqg8osp.js
                      Preview:/*. * The Typekit service used to deliver this font or fonts for use on websites. * is provided by Adobe and is subject to these Terms of Use. * http://www.adobe.com/products/eulas/tou_typekit. For font license. * information, see the list below.. *. * adobe-clean:. * - http://typekit.com/eulas/000000000000000000017701. * - http://typekit.com/eulas/000000000000000000017703. * - http://typekit.com/eulas/0000000000000000000176ff. * adobe-hand-b:. * - http://typekit.com/eulas/0000000000000000000149e7. *. * . 2009-2024 Adobe Systems Incorporated. All Rights Reserved.. */.if(!window.Typekit)window.Typekit={};window.Typekit.config={"a":"717200","c":[".tk-adobe-clean","\"adobe-clean\",sans-serif",".tk-adobe-hand-b","\"adobe-hand-b\",sans-serif"],"fi":[7180,7182,7184,22766],"fc":[{"id":7180,"family":"adobe-clean","src":"https://use.typekit.net/af/cb695f/000000000000000000017701/27/{format}{?primer,subset_id,fvd,v}","descriptors":{"weight":"400","style":"normal","stretch":"normal","dis

                      Chrome Cache Entry: 113

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PNG image data, 21 x 21, 4-bit colormap, non-interlaced
                      Category:downloaded
                      Size (bytes):464
                      Entropy (8bit):6.527515766093433
                      Encrypted:false
                      SSDEEP:
                      MD5:1D52501B76AB47E1F5CC292B7BE5A180
                      SHA1:09344A38FC2D1F62D1EE7183D92BCAF94255E522
                      SHA-256:FC327614AC13390740045897584DF4D985C35B1478884F94336A65E0CF79AC47
                      SHA-512:5F42BB987DA011F51DE7198652470371F6161ABBC2935F21528B37CC49E306F489B0F7EEDD1585A02EC52324A5F08D40F9314BB601BB8A11F998F9700D520D7E
                      Malicious:false
                      Reputation:unknown
                      URL:https://secure.na2.echocdn.com/images/doc-cloud/A12_help.png
                      Preview:.PNG........IHDR.............[9......sBIT.....O....0PLTE...fffffffffffffffffffffffffffffffffffffffffffff.l......tRNS.."3DUfw........v.......pHYs...........~.....tEXtCreation Time.1/29/15.......tEXtSoftware.Adobe Fireworks CS6......IDAT..c```............./.....5....O@... R.............<...3Z...~20._`.................@.. .......@..O``.?........;......`...<P=.A ;~.C...U..........`......l?.....&.........N..."Y...V....l... x.5Ml...@....Ew.FS.....IEND.B`.

                      Chrome Cache Entry: 114

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:Web Open Font Format (Version 2), CFF, length 29924, version 1.0
                      Category:downloaded
                      Size (bytes):29924
                      Entropy (8bit):7.990737514218301
                      Encrypted:true
                      SSDEEP:
                      MD5:FCFE600FE9BF0239A8C3CD48738EC2DA
                      SHA1:C735EDEB5AC056F41E063A46B2F508057C9DBDAB
                      SHA-256:62517736E6872FB13CE951C67D689DEF5F6AC4AC222299BFE1E37AC5F05C37AD
                      SHA-512:2829D0BE5E38771D56D92371DD9A4131ECDEC577C50481043914A525DE1F0EB9197C731E549F67625EB954EE611377C771126A2A764F0E68B5928476DE05543A
                      Malicious:false
                      Reputation:unknown
                      URL:https://use.typekit.net/af/cb695f/000000000000000000017701/27/l?subset_id=2&fvd=n4&v=3
                      Preview:wOF2OTTO..t........(..t..........................F...s?DYNA.i?GDYN.y..r.`..N...6.$..H...... .)...H........Q..aDA.........U...~..?../.....?B...w..{....:`v...9?/y'I..9@I...@..3V@....%WX{'...T@...`./Q...V.Tz....g( .... .....sFO...2..j.n..R....HBI.!.r[n.VR ...JhM.Aj.HI.~....o.&...q..\Gr..8T7..I!(1.0.t..B...Mq....)c....7..Mk)!..]....1k;.d....6..y..N4z...L.B).....'.*.T...Q..?......N>.|...+...V....K..e...I.#..b.j.................BN....B.#.T.._|.....V.:...E.\v./y...$.h....H.Y...;.L*..h..Y.}I.C..U!tR%.pS...i......STU|..).y...P.Y..4`...c.].w..E.>.[.u.R.._..2 )....}.R......... ..Cc!S......)*.$....4#hC...5O....``....0......O....&W..`....d..."...a(....4CP..d..(|.wY.n.I......a*..x....0..xO...~..}.._E.i.3....0k..i@....p.F. ...a....0..a._....w...Z.s...c..&.3.h.wY.W../_~.6.J...H...+......k...D.NKi_..}....K(q^;o}.v..&.>.+...b...m......x..R....B.....|I)Mn1..'.R/..t..Yb4..~.M.C.L.+.....[.......W.A..jc.n...........T3.qyow*..1....+7..K.p.v.^.LU'Z.|....

                      Chrome Cache Entry: 117

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:Unicode text, UTF-8 text, with very long lines (39221)
                      Category:dropped
                      Size (bytes):1239437
                      Entropy (8bit):5.434932283225132
                      Encrypted:false
                      SSDEEP:
                      MD5:08A20B08D9C8887F9B901AC2212ACA27
                      SHA1:B01A69A0AC74CF2621D39D9A42FD7EA938E278D2
                      SHA-256:D9D115A5011B877DB817DBA782F3E719A04B7BDF0C121124D35FC2DE6002B506
                      SHA-512:DE2B52EDD2596FCF27963DF2AE5BAC7D3FCBBFA2F016020D2C98CA698148A7E2A7A11485D8229E5CFE452E508F7DF46DA52536DE73A339B112CA2D7DD6137FF9
                      Malicious:false
                      Reputation:unknown
                      Preview:/*!. backgrid. http://github.com/wyuenho/backgrid.. Copyright (c) 2014 Jimmy Yuen Ho Wong and contributors <wyuenho@gmail.com>. Licensed under the MIT license..*/.(function(a){if(typeof exports=="object"){module.exports=a(module.exports,require("underscore"),require("backbone"))}else{a(this,this._,this.Backbone)}}(function(v,Q,E){var P="\x09\x0A\x0B\x0C\x0D\x20\xA0\u1680\u180E\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200A\u202F\u205F\u3000\u2028\u2029\uFEFF";if(!String.prototype.trim||P.trim()){P="["+P+"]";var x=new RegExp("^"+P+P+"*"),p=new RegExp(P+P+"*$");String.prototype.trim=function a(){if(this===undefined||this===null){throw new TypeError("can't convert "+this+" to object")}return String(this).replace(x,"").replace(p,"")}}function F(X,U,T){var W=U-(X+"").length;W=W<0?0:W;var V="";for(var S=0;S<W;S++){V=V+T}return V+X}var C=E.$;var R=v.Backgrid={Extension:{},resolveNameToClass:function(T,V){if(Q.isString(T)){var U=Q.map(T.split("-"),function(W){return W.sl

                      Chrome Cache Entry: 119

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):22416
                      Entropy (8bit):4.386827911790251
                      Encrypted:false
                      SSDEEP:
                      MD5:74138F80B622EAC1E27CD928B8CF57DF
                      SHA1:EDB14CB1CBA354395901E6CD6F9A55DBFDDE4F93
                      SHA-256:C2717BA631484FD7F5A7848B2338A1A225EFF09914FA41D6DFB6EFC45BF0B95B
                      SHA-512:3A6D90F24D68C168861D33A5CBA6C7FB7DD6BBABE5AB5F697C8B0A7A5DBD520C02BE8346FE32122390DB2C3ADE95EF626228A5BAA533A2F27D08F6E462527D2B
                      Malicious:false
                      Reputation:unknown
                      Preview:// In case the browser doesn't have Date.now (IE8 and earlier).if (!Date.now) {. Date.now = function() {. return new Date().getTime();. }.}..// For IE9.//(function(){ window.console = window.console || { log: function(){} } }());..// Polling status code mapped with display string.POLLING_STATUS_DISPLAY_MAPPING = {. 0: { // Pending. 'icon': '',. 'text': '<h3>&lt; Pending &gt;</h3>'. }, // In Progress. 1: {. 'icon': '<img class="polling-status-icon" src="images/loading.gif">',. 'text': '<h3>&lt; In Progress &gt;</h3>'. }, // Unknown verdict. 2: {. 'icon': '<img class="polling-status-icon" src="images/tick.png">',. 'text': '<h3 style="color:#7FF337;">Nothing Found</h3>'. }, // Suspect verdict. 3: {. 'icon': '<img class="polling-status-icon" src="images/alert.svg">',. 'text': '<h3 style="color:#ffcc33;">Suspicious</h3>'. }, // Suspect in Progress. 4: {. 'icon': '<im

                      Chrome Cache Entry: 81

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):43
                      Entropy (8bit):4.405932127238674
                      Encrypted:false
                      SSDEEP:
                      MD5:0630D655067301D0B261A38A7B779AE0
                      SHA1:0734E2E2EF6F66DC584D10C76CA450D003E4B4E9
                      SHA-256:53F74B9FA920F466CBE3545DC4C19DE83F315EFE04818024DA46FA4C1437380F
                      SHA-512:20E0223B0B74550BD7BBFAD3A297AE1FFBEA16C6479D43DE4AACD377C215861C82D8B8FB800270FB31B571AF421E9D9FC987F622330428DDC3C5888380E47926
                      Malicious:false
                      Reputation:unknown
                      Preview:Array.(. [lastmodtime] => 1728062720.)..

                      Chrome Cache Entry: 82

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PNG image data, 600 x 600, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):14484
                      Entropy (8bit):7.827577013675343
                      Encrypted:false
                      SSDEEP:
                      MD5:D37A2535E82DBE99F18768BF661506BA
                      SHA1:C2B5D3E11CCA2A91EFA55C31B759FE8A999B2DF3
                      SHA-256:F460E7D8D47F47F0FA005C4638F4D24D4780AADE38F894C27F928EAFC62DD274
                      SHA-512:ACB7D4A46F987BE78F8C8C3652D8678B96AC6DA3CCB93842FE6170EE128B3D1F81730CA78EA445398DCFE3C0D9784D6FDF1058C8A4B42ED91B591D0875B9646A
                      Malicious:false
                      Reputation:unknown
                      Preview:.PNG........IHDR...X...X......f......bKGD............ .IDATx...g.^U...3.$......i...t..7A..3b.D.t.6...PA..*"(..J.&.#U...!.PRH/....Hy........q.#.a."..z.^.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.j./:..b.............%..................b.......?O.&..v.:.....L.&.c.....1s.:......@.,I.3.X.X.X.Xm..H*Q..Q.^.^$..g...S..].......J..K....6.N...j......<.<....k...0%...&.`I."0...X.9.j..P..A*^.........AzT)..,XR.........o.E..f...w.J....00+0....`I...l.5...!.T........].X...X...,.l.l.l.l...M..z.....p.p+054..>.`I.>ifjg..j..G.7.7.W.v;J..Kj...]....H...n.I.Z...I.\..%5..K.....i.jo..>iA&.f.....<..G..Y....]..=H.vJ.1.....k....$..`I....^. `K`@l...e..."R.z-6..N.,.^... .*....&...... ..(..,XR.V.....6.....5.2.....q..../Uc9R.. ..O..&.J.Y...D.b.,.............#..3..._.w.g..a..znm.#.ax..r..+.....,R.,XR..#=...>.T........6..D..,X..Lz...0<8..._......H.26....&.O...#.B<.t....p.K.c..H..]....N.d.w...,R#Y.$....iG...,

                      Chrome Cache Entry: 83

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:SVG Scalable Vector Graphics image
                      Category:dropped
                      Size (bytes):12155
                      Entropy (8bit):4.605846476683318
                      Encrypted:false
                      SSDEEP:
                      MD5:D0489EB5346EA1250203C8F4F24167C9
                      SHA1:D441CED10523BB7F37D996ADE2D858C18A108C0D
                      SHA-256:FA2631ACD9C9234C357BBF0FEA1C8E707D2DBA7A6C8D769C48725A63CFC57F65
                      SHA-512:F472C61878266D0D63C36B01AC207232C44BE4C92E7D20A32D31A866BD7520867D78B1DDB63BF04A69A682EAA5D781B264BC65DE2D728687546B7D41D90FF614
                      Malicious:false
                      Reputation:unknown
                      Preview:<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="4080px" height="68px"... viewBox="0 0 4080 68" style="enable-background:new 0 0 4080 68;">..<style type="text/css">....st0{fill-opacity:0;stroke:#000000;stroke-width:4;stroke-opacity:0.1;}....st1{fill-opacity:0;stroke:#1473E6;stroke-width:4;}..</style>..<path class="st0" d="M34,4c16.6,0,30,13.4,30,30S50.6,64,34,64S4,50.6,4,34S17.4,4,34,4z"/>..<path class="st1" d="M34,4L34,4c16.6,0,30,13.4,30,30"/>..<path class="st0" d="M102,4c16.6,0,30,13.4,30,30s-13.4,30-30,30S72,50.6,72,34S85.4,4,102,4z"/>..<path class="st1" d="M102.8,4C119,4.4,132,17.7,132,34c0,3.4-0.6,6.7-1.6,9.8"/>..<path class="st0" d="M170,4c16.6,0,30,13.4,30,30s-13.4,30-30,30s-30-13.4-30-30S153.4,4,170,4z"/>..<path class="st1" d="M171.6,4C187.4,4.9,200,18,200,34c0,6.8-2.3,13.1-6.1,18.2"/>..<path class="st0" d="M238,4c16.6,0,30,13.4,30,30s-13.4,30-30,30s-30-13.4-30-30S221.4,4,238,4z"/>..<path class="st1" d="M24

                      Chrome Cache Entry: 84

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (9476)
                      Category:downloaded
                      Size (bytes):9477
                      Entropy (8bit):5.083820993965513
                      Encrypted:false
                      SSDEEP:
                      MD5:2EAD379C1E73686AB18ABD0E9DE02AED
                      SHA1:42073C7248BACBE4F794FFDE16CF8705999F28C9
                      SHA-256:9C5CAC9B09D5F0C3FE3D1D5A811223F1EA089177E78AAFFB9FDC04ED00E7A5A3
                      SHA-512:2484FA306CB82772995FDCFFC787052619FD869B4E0B716956324BFCFC7A61FBC73C7998AB3ED2F08C413CEFDA73C3A14F0265C371D918CCADF827312D4EC5A4
                      Malicious:false
                      Reputation:unknown
                      URL:https://cdnjs.cloudflare.com/ajax/libs/mustache.js/2.1.3/mustache.min.js
                      Preview:(function defineMustache(global,factory){if(typeof exports==="object"&&exports&&typeof exports.nodeName!=="string"){factory(exports)}else if(typeof define==="function"&&define.amd){define(["exports"],factory)}else{global.Mustache={};factory(Mustache)}})(this,function mustacheFactory(mustache){var objectToString=Object.prototype.toString;var isArray=Array.isArray||function isArrayPolyfill(object){return objectToString.call(object)==="[object Array]"};function isFunction(object){return typeof object==="function"}function typeStr(obj){return isArray(obj)?"array":typeof obj}function escapeRegExp(string){return string.replace(/[\-\[\]{}()*+?.,\\\^$|#\s]/g,"\\$&")}function hasProperty(obj,propName){return obj!=null&&typeof obj==="object"&&propName in obj}var regExpTest=RegExp.prototype.test;function testRegExp(re,string){return regExpTest.call(re,string)}var nonSpaceRe=/\S/;function isWhitespace(string){return!testRegExp(nonSpaceRe,string)}var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"'

                      Chrome Cache Entry: 85

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:JSON data
                      Category:downloaded
                      Size (bytes):121
                      Entropy (8bit):4.296888559995328
                      Encrypted:false
                      SSDEEP:
                      MD5:FF432631185D59BE11E35CC63F024573
                      SHA1:B8F12A85F14EB09570748DF8CEEA6FAEE085F31D
                      SHA-256:9DFE22BCD68B6362D5687D096DCA761218F356A37FC889E83DCD87ABC7DEEAB0
                      SHA-512:C929ACE6655CB5F6DA0FADE89F026A7EECCAFE6821CD56BA598E029B4ABC6DAF9A35CEABD236B3BCBF4BE33C74435E964FA983F8B5B1577D0BD369B9BC5DAE7C
                      Malicious:false
                      Reputation:unknown
                      URL:"https://clicktime.cloud.postoffice.net/rest/FF1001/v3/urlstatus?U=https://federalreservebanks.na2.adobesign.com/public/esign%3Ftsid%3DCBFCIBAACBSCTBABDUAAABACAABAAGt69JyuRA5Fss-Bvn1ZI0QQj7cuwfxPKCE_0BucD_stmG5iRWIim3LC1BPGRd37iZ06HQXx7LRM8mkjBtzBiwYjqBa7FfiDLuI1MlO8or6b_ajUHTj3rQd-RWKb4dC9R%26&E=jherron%40firstfedweb.com&X=XID208CJDqWo6587Xd1&T=FF1001&HV=U,E,X,T&H=af11579e943013f5cf298f6c57ae8197f64d22a9&CK=CKCJDRZN14911249408c&resubmit=N&_=1728062715048"
                      Preview:{"status":"unknown","threatname":"","reprocess":true,"reason":"","polling_status":{"dynamic":1,"static":2,"in_depth":0}}.

                      Chrome Cache Entry: 88

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):226
                      Entropy (8bit):3.746633314569379
                      Encrypted:false
                      SSDEEP:
                      MD5:9A0074EC225494DF55A7226B2808B01B
                      SHA1:8ED0FBB6850F69AEBF05C4854166AA25504E361D
                      SHA-256:C3B833253377D17874682D092046115BE3CF3F41F3D1E29230330F094B195408
                      SHA-512:5025446F05388A4C536BEFBBF40CD8DC3096B2BA73E0C75686906765C8536748338FA14ECD07B9DDF3B380A12F401524450E473B4409842E19CD50835CE37CDE
                      Malicious:false
                      Reputation:unknown
                      Preview:Array.(. [status] => unknown. [threatname] => . [reprocess] => 1. [reason] => . [polling_status] => Array. (. [dynamic] => 1. [static] => 2. [in_depth] => 0. )..)..

                      Chrome Cache Entry: 89

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (65536), with no line terminators
                      Category:downloaded
                      Size (bytes):135965
                      Entropy (8bit):5.05194951038613
                      Encrypted:false
                      SSDEEP:
                      MD5:DD46F90EEB5C95118967A23A814DFB6A
                      SHA1:0BBAF01C810AAE6E4B5708C9251050CDB0AA34B6
                      SHA-256:77991A2F72E7B3DDFDD547DBCF48CCFF086426A0DDA37922F3EE14148AB6F5C2
                      SHA-512:A9FDF4D8B6075DD8D96DBD4F0B5EC342DED1BEBA7C8C9AF63C5EAA5E0CE461C8D7E2A94EE305268B05356595C4F4A91FCFC76F14EE622D6861CC49F61B46CAF8
                      Malicious:false
                      Reputation:unknown
                      URL:https://secure.na2.echocdn.com/resource/819013074/bundles/esignJS.css
                      Preview:.disabled-opacity{opacity:0.5;-ms-filter:"progid:DXImageTransform.Microsoft.Alpha(Opacity=50)";}.no-box-shadow{box-shadow:none;-webkit-box-shadow:none;}.wrapLongText{white-space:pre;white-space:pre-wrap;white-space:pre-line;white-space:-pre-wrap;white-space:-o-pre-wrap;white-space:-moz-pre-wrap;white-space:-hp-pre-wrap;word-wrap:break-word;}.has-error-color{color:#D83742;}.has-error-border{border:1px solid #D83742;}.has-error-background{background-color:#ffffff;}.has-error-common{border:1px solid #D83742;color:#D83742;box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);-o-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);}.has-error-font{font-size:16px;font-weight:normal;}.has-error-token-background{background-color:#ffffff;}.has-error-token-background:hover{background-color:#fae3e0;}.has-error-token-background:active, .has-error-token-background:focus{background-color:#fccdc7;}.disab

                      Chrome Cache Entry: 90

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:HTML document, ASCII text
                      Category:downloaded
                      Size (bytes):209
                      Entropy (8bit):5.143049113812332
                      Encrypted:false
                      SSDEEP:
                      MD5:18FFB59B61525F781CF9251045BE575D
                      SHA1:BD7318B00B15B7A1C8A48524419FA2E5C27A5B6D
                      SHA-256:B6682CAB65D3243B5B75EFB7279DBF49491957484780F2BA0A87632CC0E25642
                      SHA-512:A032F853ABD9492232E1183D1CB1D14110B623F2E9DEC56B7B64DD576A0317DDA8D51125763E11D6642433C5364B2BD10A994EE4F1514629A4950BBAB3ABA499
                      Malicious:false
                      Reputation:unknown
                      URL:https://clicktime.cloud.postoffice.net/favicon.ico
                      Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /favicon.ico was not found on this server.</p>.</body></html>.

                      Chrome Cache Entry: 91

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (4938)
                      Category:downloaded
                      Size (bytes):77691
                      Entropy (8bit):5.780601235637022
                      Encrypted:false
                      SSDEEP:
                      MD5:57FF2B84FCED138B9A3D0E32922DAA61
                      SHA1:1A3380633B6072CD6782172CDE87AAB036B4DCB6
                      SHA-256:595ECE59C30E09C12140F42223257E320A8A388541B7A7CF92EEC1E0DA4CDA41
                      SHA-512:278551ACF313D200267CFBA13C829CDF31E144F6F20B2121E17EB5F0416C15EA67FD9E2F1E77D41DF11424FAD0F98AF28FCD87CF2FE2D618DFA8DD50669A4C58
                      Malicious:false
                      Reputation:unknown
                      URL:https://secure.na2.echocdn.com/resource/N9117456/bundles/esignResponsive.css
                      Preview:.disabled-opacity {. opacity: 0.5;. -ms-filter: "progid:DXImageTransform.Microsoft.Alpha(Opacity=50)";.}..no-box-shadow {. box-shadow: none;. -webkit-box-shadow: none;.}./****** MODALS *******/.html.mobile #contentSubHeader .agreement-header .dark-mode {. background: #2d2d2d !important;.}.html.mobile #contentSubHeader .agreement-header .dark-mode .agreement-container {. align-items: center;. display: flex;. height: 56px;.}.html.mobile #contentSubHeader .agreement-header .dark-mode .agreement-container .lastsave .lastsave-info-icon {. margin: -11px 0 0 0;.}.html.mobile #contentSubHeader .agreement-header .dark-mode.agreement-band.navbar {. height: 56px;. border: 0;.}.html.mobile #contentSubHeader .agreement-header .dark-mode.agreement-band.navbar .agreement-req-info {. padding-top: 8px;. padding-left: 0;.}.html.mobile #contentSubHeader .agreement-header .dark-mode.agreement-band.navbar .agreement-req-info .completed-info {. margin-top: -6px;. float: right;. margin-right:

                      Chrome Cache Entry: 92

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:Web Open Font Format (Version 2), CFF, length 41556, version 1.0
                      Category:downloaded
                      Size (bytes):41556
                      Entropy (8bit):7.98872215025426
                      Encrypted:false
                      SSDEEP:
                      MD5:5C74846199D1B1DB5480B24370AE24A4
                      SHA1:24A0AECDB2964254F28E9B30BD3A05D2E3D333EF
                      SHA-256:0835AC845EA08E0E2E91347843377D229AC72184F6593DAC81D3EA2557F6567D
                      SHA-512:5BCACB0980EF39ACD34BC3C74EAA9F5919C0F56F37CD281188483DA3F76FB1F18C7E4DDC5C861D2E6B3B7928C6FB45CAE00C7EBA411D6252DBCBDA9C38E24F8C
                      Malicious:false
                      Reputation:unknown
                      URL:https://use.typekit.net/af/e301c6/0000000000000000000149e7/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
                      Preview:wOF2OTTO...T....................................:...c?DYNA..?GDYNa.R.`..2...6.$..D....{. ...5...~.8....<.....M.../....?......K.u2..}H.....o._.....-<.P.........q.=.l.T...L...@..>b.<....W...:..XT..7...L.....p..xF...1.....}y...J...IHH.......|.........^.Nb....A..?pITgTr..HF.OK....j.y.Nw..J..E..!..,...]..~a...e;vx..v.q..C..rf........8&.L.I.`.}..}..S..r..x...\.....Tb.:..-iWd..9$H.....|.N..N...hW...YDh]...X.E/.i...W.+.O1......(e...DL.hR}...N.v...QEK%..F...t......1..y......3}.r....`....`,..Y..$06k..xK...^.B.2........!...l.....!9 Z..P^..z..#.~...G...1..3.......W.%...._2@.m..zIH..F.......|0.V..UY.%Y.\...'..).(...J.D..E..T."....2.ZB.......:\.E.FZKAY-.U?!C.H"z. ..DQW.....PEY%....K.Z$....-.8.I.%,..........3.1U.$X..;._8.9?.ox~z~.6..8.y+.Y...;....K...J:.. eq...?.xFy...J..3.dn..y3.Uv......r..v.Ui5....h1.D.....K.....}.*.Zl([.6.-l.....#....n.;.%{.>.........h...L.ldX..`........6...`..~.8...J..........7n....).....Z.%o...B^..>...c.X>...........^...._..N..(u

                      Chrome Cache Entry: 93

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
                      Category:downloaded
                      Size (bytes):491346
                      Entropy (8bit):5.10220826481251
                      Encrypted:false
                      SSDEEP:
                      MD5:0D08C3B4A9BFE1CFE8C7E18D01C59D30
                      SHA1:54CE0E7E40474F6C87C6E941F71A489EA611CE53
                      SHA-256:0618F2CEB459DF1568722103C6A08A77D6179B301FE2AD6EE8E5623A71549296
                      SHA-512:53C3168EC96A873851C6D9F08A9084F250693AFFF6D304997A75FEA7194931C946388824A8EE45D3356BEE5DE1B7105875FC6A642DAEE84DC3902F5033BDB385
                      Malicious:false
                      Reputation:unknown
                      URL:https://secure.na2.echocdn.com/resource/1284397208.en_US/bundles/translations.js
                      Preview:(function(){function a(e,d){for(var c=0;c<d.length;c++){e=e.replace("{"+c+"}",d[c])}return e}function b(){var f=arguments[0];var e;if(f.indexOf("{0}")!=-1){e=function(){return a(f,arguments)}}else{e=function(){return f}}for(var c=1;c<arguments.length;c++){for(var d in arguments[c]){e[d]=arguments[c][d]}}return e}window.i18n=({country:{PS:b("Palestinian Territory"),PT:b("Portugal"),PY:b("Paraguay"),QA:b("Qatar"),AD:b("Andorra"),AE:b("United Arab Emirates"),AF:b("Afghanistan"),AG:b("Antigua and Barbuda"),AI:b("Anguilla"),AL:b("Albania"),AM:b("Armenia"),AN:b("Netherlands Antilles"),AO:b("Angola"),AQ:b("Antarctica"),AR:b("Argentina"),RE:b("R.union"),AT:b("Austria"),AU:b("Australia"),AW:b("Aruba"),AZ:b("Azerbaijan"),RO:b("Romania"),BA:b("Bosnia and Herzegovina"),BB:b("Barbados"),RS:b("Serbia"),BD:b("Bangladesh"),RU:b("Russia"),BE:b("Belgium"),BF:b("Burkina Faso"),RW:b("Rwanda"),BG:b("Bulgaria"),BH:b("Bahrain"),BI:b("Burundi"),BJ:b("Benin"),BM:b("Bermuda"),BN:b("Brunei"),BO:b("Bolivia"),SA:

                      Chrome Cache Entry: 94

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:Web Open Font Format (Version 2), CFF, length 29752, version 1.0
                      Category:downloaded
                      Size (bytes):29752
                      Entropy (8bit):7.991259791890674
                      Encrypted:true
                      SSDEEP:
                      MD5:B45F7B0B58EA5CD543323A5E4BA4724B
                      SHA1:03E815A2FA7461F31FC8ECC18A7063930FC87475
                      SHA-256:9ABA873D54C84D8D56CFE572AB802BB34322DE6FD945C286D278FABE29A9F3F0
                      SHA-512:0726643B1B961B3A2E67380A6CED69030E5E97E99C938EBA29830638CC0CA7CF0C42E22DFC6AC77553B21B4E71FF8E3C6BDB8004168449C182A88C9A380D3422
                      Malicious:false
                      Reputation:unknown
                      URL:https://use.typekit.net/af/40207f/0000000000000000000176ff/27/l?subset_id=2&fvd=n3&v=3
                      Preview:wOF2OTTO..t8..........s..........................F...]?DYNA.i?GDYN.y..r.`..N...6.$..H....7. ............y..h.0....UUU.&.w... .._..w..._..........s..;.L.xJ.%..4w....{I>le-.pU....[Y.B......_v.....a|.%8Jj"4...I..O.O..d}.A.8P......a.f..S.Oh[...{w....M"...[.,`.B2...`.K=Ql.S...&;....M.C...Z*)..P..S..[;........7.K....h...%..jIC....-.N...n....P....%9.Le.....pT..Z..vk..........:..hvP.Q..h;.....i^__.N.@9.O...G...d...i.D_.6...3..<c..Hw.=...m.. .i...:..m0.H....\......<........4... ..'"<qQ....C.S..A.J.,2.... .2_.....s......[......|.@.6);.O....w6.&[x..7.z.|....if..XDE..].Mp.).I.i.'..H....PW..[c..oUOe...5....^.sJB.(^b.... fL.[..>.J.4.y.....0{QN...4.....E..Qdf....5b....d,.3.^.Z.UD.!..y.....i77.$.S........F.2.8.:.h....az.........:....`x........S_. ..$.q{J..Z2..iWqG`[f.M...p&...3..w....{......:h.....i.qg.%...x...a(...0...2...>...^.w..\.w..e.....]..S;..b..d....+...ld..w....r.k.1QJ...y.a_..\+.g^Vp....v.3[r..+...B>$w....}....u...+8...x..U..6..1Ln!zS..w..h

                      Chrome Cache Entry: 95

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:Web Open Font Format (Version 2), CFF, length 29980, version 1.0
                      Category:downloaded
                      Size (bytes):29980
                      Entropy (8bit):7.991242817341188
                      Encrypted:true
                      SSDEEP:
                      MD5:864FC6D95444FD085441968A712F6C9F
                      SHA1:7E54F060DF28A16E146AB1EB15AB3A59D3D9BE06
                      SHA-256:371F06319FA71DE555AEBEFCFFBE3C1F755E5761D90AACD9BBA0C64C6CF40090
                      SHA-512:7CADDDDCD35910BC04D80EB10F0776BBF7C770AFCF960FBBDFCC8E8DB1BACD694883A3E9A1540552B544AE639FA42C9B79690ADB81F7D5210467B6494BA25880
                      Malicious:false
                      Reputation:unknown
                      URL:https://use.typekit.net/af/eaf09c/000000000000000000017703/27/l?subset_id=2&fvd=n7&v=3
                      Preview:wOF2OTTO..u........0..t..........................F...D?DYNA.i?GDYN.y..H.`..N...6.$..H...... .5...H..V.CDE....}........W.?@..................o.9.%r.xtl%V.H9I....{..;.3..._..Km...LL..5...$..d.-*0.b(...;I $..Vc3.d..|....9..=f..,....4../*......-..J..z...r...C.%....U.V,....T.l......q%...A..]I....E..$.......s...N...p.(4Is.K.r.C.v.L.a...(.e..{............m!...\&p.T2S.O..e...?....#...ylj..!....d....W..E...Q....y..z...!X..^QY..W_9..x...?...M.*..!.......,+`YV.e]........?V.{.jd..+krf.3K?.9...,.8....CREr...YLf..?.3.dqv..\...pU...H`!..*+...l}..)....J.....M.P.;.......;w.....Zw...(.....lM..zj....`X.:.CqL.L..?.....d./...l.y9..xy;. ...P.X .I.l....Y......5'.0S'..L../...p.....+.B.. ....eb..:3.ns..B..a........~L.....R.w..!E.9{.}..dB%.zxq.5.F. ..q0.f.|X..|.o.m..+w.....<&...k9{..&......+...s..."..d2.u.UC..q.K..8....VC'qr.....j[.qb2NZ!.N.O.:._...e..*.C.u..5.8....t.h+...:..!Lv>8......<J......R......A:B.Gg...:.6K.J.N... ......uIl.V.C....{....X..uS.2.)..=..s

                      Chrome Cache Entry: 99

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (60557)
                      Category:downloaded
                      Size (bytes):937938
                      Entropy (8bit):5.51889339083234
                      Encrypted:false
                      SSDEEP:
                      MD5:0D918CA1E1236B6DFCC7203881BD6BCA
                      SHA1:ECCBB383811CD4890F19211C6978B95847475FCA
                      SHA-256:C38EC85816E428ACD87E861AEEFA325D3B4B8E84BCE6EB8C74510B7992211D48
                      SHA-512:38F5909AD9CFB0CBE2AEF67E2285D688E7E3A97D37E2A6E2E1A9F538B2A8AFAA62207A2F2AD32CB06F2F467070360C31B831151210DABC81BB2C2EC355162AC5
                      Malicious:false
                      Reputation:unknown
                      URL:https://secure.na2.echocdn.com/resource/N399895326.en_US/bundles/app-main.js
                      Preview:/*!. * jQuery JavaScript Library v3.5.1. * https://jquery.com/. *. * Includes Sizzle.js. * https://sizzlejs.com/. *. * Copyright JS Foundation and other contributors. * Released under the MIT license. * https://jquery.org/license. *. * Date: 2020-05-04T22:49Z. */.(function(b,a){if(typeof module==="object"&&typeof module.exports==="object"){module.exports=b.document?a(b,true):function(c){if(!c.document){throw new Error("jQuery requires a window with a document")}return a(c)}}else{a(b)}})(typeof window!=="undefined"?window:this,function(a1,ay){var m=[];var aP=Object.getPrototypeOf;var aa=m.slice;var bV=m.flat?function(b1){return m.flat.call(b1)}:function(b1){return m.concat.apply([],b1)};var x=m.push;var bR=m.indexOf;var aj={};var z=aj.toString;var U=aj.hasOwnProperty;var aB=U.toString;var bk=aB.call(Object);var J={};var y=function y(b1){return typeof b1==="function"&&typeof b1.nodeType!=="number"};var aE=function aE(b1){return b1!=null&&b1===b1.window};var l=a1.document;var be={type:tru

                      Static File Info

                      General

                      File type:RFC 822 mail, ASCII text, with very long lines (347), with CRLF line terminators
                      Entropy (8bit):5.949536179641154
                      TrID:
                      • E-Mail message (Var. 5) (54515/1) 100.00%
                      File name:phish_alert_iocp_v1.4.48 (15).eml
                      File size:27'317 bytes
                      MD5:309f769231ed959f0b81b126b6a0f695
                      SHA1:c45d17358d2f1c5377263972b1f9fa4cc63aeac4
                      SHA256:8869a1f4341b483df37f9611580d623637302b623a1fcfae0fe6c4579fa72893
                      SHA512:95954963af9fe149bd92fa40454e121908b6f546aecc0a2a134fe695b4477d334f0eb1b19595a55d6f3c229d6b01ec68c27894e43341ff829548fc9e417d2c14
                      SSDEEP:384:XDV/Dx7hIMlfWkEEZuHFkx9jZBRNRwfz1ztqJA83rMNo1Vv6TsMJBJJHIfb11y0A:XJ/N7hIMtWBEZx9jZLNRwb10L6GY
                      TLSH:DBC25D934610182BEDB601DC97417D09E361394F9EF3D8E0B6D5600B5F8B96FA3297C9
                      File Content Preview:Received: from SA1PR22MB4415.namprd22.prod.outlook.com.. (2603:10b6:806:38a::14) by CH2PR22MB2022.namprd22.prod.outlook.com with.. HTTPS; Fri, 4 Oct 2024 16:48:26 +0000..ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass;.. b=bGKSy/

                      Static Mail

                      General

                      Subject:Reminder: Waiting for you to sign Security and Resiliency Assurance Program materials for FIRST FEDERAL SAVINGS & LOAN (OR): 323270313
                      From:Assurance Program via Adobe Acrobat Sign <adobesign@adobesign.com>
                      To:Jordan Herron <JHerron@FirstFedWeb.com>
                      Cc:
                      BCC:
                      Date:Fri, 04 Oct 2024 09:47:02 -0700
                      Communications:
                      • [EXTERNAL EMAIL: Take caution with links and attachments. ] <https://federalreservebanks.na2.adobesign.com/cobrand_logo/CBNCJCAABACAABAAVq-jF9CZvYh_trqdbADdeIoXDsJZdzV_qWK4iWTD7CLi8KVYW_eUIu7NA2kcsm0oVKkVKhpiwT85pCM02thW0Iw26PH2flXRPtzwxhFkCk_0M6rpLO_vDrTSVDAvxXIv43m4s9tiV4ZhYo7DJtBWaDPzEvjDcANsyZtlm474uAlPgQDziEDXcUOedIPikiZSIAE83W0aNiCxxlYlHPLvCcuRIBYUHsG0EHM77ehpLJiKQOuouWxqa-K22OvBfd78X6qjDsoZviWsaD-DYDE5jx3nKTXgfyiwj8_LP0ky188qWqa8VFBOpIdV2-SCMVZm> <https://federalreservebanks.na2.adobesign.com/track/CBFCIBAA3AAABLblqZhAhIt5J1LST9BCUKrFF4aWhd5PXxwKPE49U02Qeb1gn1mqO07AxHrsrwMmMmM9bVGo*/blank.gif> <https://federalreservebanks.na2.adobesign.com/document/ci/CBSCTBABDUAAABACAABAAhPJIRu82Qp4S_1vO49-zEZAcuRKDTN6A4JNm0xFBsgzer5-5uieUWqntkYenk8hpcdy5EbBdZNGc39Z12BAwLH57qbh_ABYsFM8NQvqmXdw*/small.png> <https://federalreservebanks.na2.adobesign.com/images/email-multipage-stack-right.gif> <https://federalreservebanks.na2.adobesign.com/images/email-multipage-stack-bottom.gif> Please sign Security and Resiliency Assurance Program materials for FIRST FEDERAL SAVINGS & LOAN (OR): 323270313 This is a friendly reminder that your organization's 2024 Assurance Program assessment and attestation is due by end of year; please ensure completion by the deadline. Click here to review and sign Security and Resiliency Assurance Program materials for FIRST FEDERAL SAVINGS & LOAN (OR): 323270313. <https://clicktime.cloud.postoffice.net/clicktime.php?U=https://federalreservebanks.na2.adobesign.com/public/esign%3Ftsid%3DCBFCIBAACBSCTBABDUAAABACAABAAGt69JyuRA5Fss-Bvn1ZI0QQj7cuwfxPKCE_0BucD_stmG5iRWIim3LC1BPGRd37iZ06HQXx7LRM8mkjBtzBiwYjqBa7FfiDLuI1MlO8or6b_ajUHTj3rQd-RWKb4dC9R%26&E=jherron%40firstfedweb.com&X=XID208CJDqWo6587Xd1&T=FF1001&HV=U,E,X,T&H=af11579e943013f5cf298f6c57ae8197f64d22a9> After you sign Security and Resiliency Assurance Program materials for FIRST FEDERAL SAVINGS & LOAN (OR): 323270313, all parties will receive a final PDF copy. Assurance Program has requested that this reminder be sent. This document is available for signing until December 31, 2024 and will expire thereafter. If you have questions, call the Customer Contact Center (CCC) at (888) 333-7010. FedLine is a registered service mark of the Federal Reserve Banks. A list of marks related to financial services products that are offered to financial institutions by the Federal Reserve Banks is available at FRBservices. org. To ensure that you continue receiving our emails, please add adobesign@adobesign.com to your address book or safe list.
                      Attachments:

                        Headers

                        Key Value
                        ReceivedFri, 4 Oct 2024 09:48:26 -0700
                        ARC-Seali=1; a=rsa-sha256; d=silversky.com; s=silversky-20150623192408; t=1728060500; cv=none; b=NVHom7UTtEQJ/hcbCTdBEbkKjaj60A3/3HHJRRjOUUtuITNli6KAtWrK+fCiilFeIdNF8begG3bLQOE5rNzagArhFpiiTYbj3YXo5+tg+ZThiTbweSVhheS+LTH0H4EaA/BBzTVWUJpDXsfX8GEPstn4WlObpJyslS8bnxFi4Ko=
                        ARC-Message-Signaturei=1; a=rsa-sha256; d=silversky.com; s=silversky-20150623192408; t=1728060500; c=relaxed/simple; bh=bitjUAg6NZhqMJHQW0sRp7N7nK7jLUjjBLCF8UEuTCY=; h=Date:From:Reply-To:To:Subject; b=Pjl9lVW4jgxu2slvBWgBnG3cNwK+wKOZfmOSeog/uMVNVA07n5LymEqM58sF/s/OltrXoEHf52SGTcKJsRAE26bopgP8w7RSBv8UG71DaifzcE7rwRBSZBjTFXSkfDkK6Jlf+nwCKuvQFF/Y/p78f14fKWS3Rh7oJUfBJpZ/hbo=
                        ARC-Authentication-Resultsi=1; gwsin.silversky.com; dmarc=pass policy.dmarc=none header.from=adobesign.com; dkim=pass header.d=adobesign.com; spf=pass smtp.mailfrom=mail.na2.adobesign.com; arc=none smtp.remote-ip=52.41.255.238
                        authentication-resultsspf=fail (sender IP is 165.212.64.87) smtp.mailfrom=mail.na2.adobesign.com; dkim=fail (body hash did not verify) header.d=adobesign.com;dmarc=fail action=oreject header.from=adobesign.com;compauth=none reason=451
                        received-spfFail (protection.outlook.com: domain of mail.na2.adobesign.com does not designate 165.212.64.87 as permitted sender) receiver=protection.outlook.com; client-ip=165.212.64.87; helo=postin03.mbox.net;
                        X-USANET-Receivedfrom emd1.mbox.net [165.212.64.8] by gws7.mbox.net via mtad (GIT.BUILD.5.0.3133) with ESMTP id 403CJDqWo1920Ms7; Fri, 04 Oct 2024 16:48:14 -0000
                        X-USANET-TAP-Score1
                        Authentication-Results-Originalgwsin.silversky.com; dmarc=pass policy.dmarc=none header.from=adobesign.com; dkim=pass header.d=adobesign.com; spf=pass smtp.mailfrom=mail.na2.adobesign.com; arc=none smtp.remote-ip=52.41.255.238
                        X-USANET-Routed100 IN-RELAY R:gwsin-int:625
                        X-USANET-GWS2-Servicegwsdin-tap preclick-never
                        X-USANET-GWS2-Tenantfirstfedweb.com
                        X-USANET-GWS2-TagidFF1001
                        X-USANET-GWS2-MailFromDnsResultDnsFound
                        X-USANET-GWS2-SecurityTLSv1.2;ECDHE-RSA-AES256-GCM-SHA384
                        X-USANET-Source52.41.255.238 IN bounces@mail.na2.adobesign.com relay.uswest2.utility.echosign.com TLS
                        X-USANET-MsgIdXID208CJDqWo6587Xd1
                        X-BAEAI-Trust-Score93
                        X-BAEAI-Trust-ReasonsSNDRAUTH; SNDRFRG,adobesign@adobesign.com,,sys.assurance.program@frb.org; DOMFRQ,adobesign.com; RCPTVIP;
                        dkim-signaturev=1; a=rsa-sha256; c=relaxed/simple; d=adobesign.com; s=mailv2; t=1728060493; bh=LkBknHmGzg92PTmlbTWzsl0hpKAGN4NQG0KMna7hFhY=; h=Date:From:Reply-To:To:Subject; b=QeA73chR7dvWacvYwctPfKcoPXWomJ0TSy2+tzNKnaPCnlK+8YN+L9NZJji5BIGK4 UmjbETgEgP3wdQPWzhi9rCp5mSKCNlXVeXvqEDJX0gwd1wIeYUabCZu7wse5bQl1HX K+09L57Sliaa87xSMNCy6yUgFAmbNwEgamnKJrUsT2pq+a5SemjBS4/6ffH0bhKsdx hpojVY9e2XvKi5ObirbNHlwuMLDqLa1x44Ln3Bd3+fTnNIxo+6W2zzFtR6kUEvgM8k oTQgEWyZ/ANnlH24wA0FOiNrPmeaAPh5Pi48+ml5gg/DsQ2rfbL90aNx23KrKoiPV6 y+AVuz0ZndEDg==
                        X-EchoSign-BounceCBJCHBCAABAAAKedidrtq8Bftu7mtweZV__BzjM56iiI
                        X-EchoSign-Template reminder/reminderNextToESign.vm:en_US:40000015103469886
                        X-Cloudmark-Trackerv=2.4 cv=bpaHB1ai c=1 sm=1 tr=0 ts=67001c50 b=1 cx=a_idp_d a=vJByWGGFcaNgGtBuHXKwyQ==:117 a=vJByWGGFcaNgGtBuHXKwyQ==:17 a=MPnNMkKPenitHNjb:21 a=DAUX931o1VcA:10 a=JNcNm-BlylYA:10 a=SSmOFEACAAAA:8 a=0JOdXx76AAAA:8 a=LiKuy9J89cNmgSgdBDoA:9 a=s7EmJUqGDgciYXyB:21 a=frz4AuCg-hUA:10 a=_W_S_7VecoQA:10 a=QEXdDO2ut3YA:10 a=QW4Nquze9pOMQ_30Avnz:22 a=9edjaMZQKPUJtIpeB-Tj:22 awl=host:3127
                        X-LASED-VersionAntispam-Engine: 5.1.4, AntispamData: 2024.10.4.161216
                        X-LASED-SpamProbability0.085099
                        X-LASED-SpamNonSpam
                        X-LASED-HitsBODYTEXTH_SIZE_10000_LESS 0.000000, BODYTEXTH_SIZE_3000_MORE 0.000000, BODY_SIZE_8000_8999 0.000000, DATE_TZ_NA 0.000000, DKIM_ALIGNS 0.000000, DKIM_SIGNATURE 0.000000, FROM_NAME_PHRASE 0.000000, HREF_LABEL_TEXT_NO_URI 0.000000, HREF_LABEL_TEXT_ONLY 0.000000, HTML_70_90 0.100000, KNOWN_MTA_TFX 0.000000, LINK_TO_IMAGE 0.000000, MIME_HTML_ONLY_MP_MIXED 0.050000, OBFUSCATION 0.000000, OEM_SOFTWARE_X1 0.000000, REPLYTO_FROM_DIFF_ADDY 0.100000, SENDER_NO_AUTH 0.000000, SINGLE_HREF_URI_IN_BODY 0.000000, SINGLE_URI_IN_BODY 0.000000, SXL_IP_TFX_WM 0.000000, URI_WITH_PATH_ONLY 0.000000, __ANY_URI 0.000000, __ATTACH_CTE_QUOTED_PRINTABLE 0.000000, __BODY_NO_MAILTO 0.000000, __BODY_TEXT_X4 0.000000, __CLICK_HERE 0.000000, __CP_MEDIA_BODY 0.000000, __CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTYPE_HAS_BOUNDARY 0.000000, __CTYPE_MULTIPART 0.000000, __CTYPE_MULTIPART_MIXED 0.000000, __DKIM_ALIGNS_1 0.000000, __DKIM_ALIGNS_2 0.000000, __FRAUD_CONTACT_ADDY 0.000000, __FROM_3RD_PARTY 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_HTML 0.000000, __HAS_MSGID 0.000000, __HAS_REPLYTO 0.000000, __HIDDEN_HTML_CONTENT 0.000000, __HREF_LABEL_TEXT 0.000000, __HTML_AHREF_TAG 0.000000, __HTML_BOLD 0.000000, __HTML_FONT_RED 0.000000, __HTML_TAG_CENTER 0.000000, __HTML_TAG_DIV 0.000000, __HTML_TAG_IMG_X2 0.000000, __HTML_TAG_IMG_X5 0.000000, __HTML_TAG_TABLE 0.000000, __HTTPS_URI 0.000000, __HTTP_IMAGE_TAG 0.000000, __IMG_THEN_TEXT 0.000000, __IMP_FROM_IN_EXCLUSION_LIST 0.000000, __MIME_HTML 0.000000, __MIME_HTML_ONLY 0.000000, __MIME_TEXT_H 0.000000, __MIME_TEXT_H1 0.000000, __MIME_TEXT_H2 0.000000, __MIME_VERSION 0.000000, __MSGID_DOMAIN_NOT_IN_HDRS 0.000000, __MSGID_HOMEUSER 0.000000, __MULTIPLE_URI_TEXT 0.000000, __OEM_SOFTWARE_2 0.000000, __PART_TYPE_HTML 0.000000, __PHISH_SPEAR_SUBJECT 0.000000, __PHISH_SPEAR_SUBJ_PREDICATE 0.000000, __PHISH_SPEAR_SUBJ_SUBJECT 0.000000, __SANE_MSGID 0.000000, __SINGLE_URI_MPART_HTML 0.000000, __STOCK_PHRASE_7 0.000000, __STYLE_RATWARE_NEG 0.000000, __STYLE_TAG 0.000000, __TAG_EXISTS_BODY 0.000000, __TAG_EXISTS_HEAD 0.000000, __TAG_EXISTS_HTML 0.000000, __TOLL_FREE_PHONE_US 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_HAS_HYPHEN_USC 0.000000, __URI_IN_BODY 0.000000, __URI_MAILTO 0.000000, __URI_NOT_IMG 0.000000, __URI_NO_WWW 0.000000, __URI_NS 0.000000, __URI_WITH_PATH 0.000000
                        X-LASED-ImpersonationFalse
                        X-Sophos-Tracker0.085099 bfb0ee3c8852d78c874a4cf0dae76c4778ec8c5d
                        X-BAEAI-Source-GeoIP"US" "Oregon" "Boardman"
                        X-BAEAI-SPFPASS
                        X-BAEAI-DKIMPASS
                        X-BAEAI-DMARCpass
                        X-SilverSky-ARCnone
                        X-BAEAI-Authentication-Ratingstrong
                        X-BAEAI-Trust-Levelgreen
                        Return-Pathbounces@mail.na2.adobesign.com
                        X-MS-Exchange-Organization-ExpirationStartTime04 Oct 2024 16:48:21.8710 (UTC)
                        X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                        X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                        X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                        X-MS-Exchange-Organization-Network-Message-Id ec798870-fbb1-4baa-626d-08dce4945b5a
                        X-EOPAttributedMessage0
                        X-EOPTenantAttributedMessage3778f0b2-789a-4d43-b25e-d4fe25a4c3c0:0
                        X-MS-Exchange-Organization-MessageDirectionalityIncoming
                        x-ms-publictraffictypeEmail
                        X-MS-TrafficTypeDiagnostic CO1PEPF000044F4:EE_|SA1PR22MB4415:EE_|CH2PR22MB2022:EE_
                        x-ms-exchange-organization-authsource CO1PEPF000044F4.namprd05.prod.outlook.com
                        x-ms-exchange-organization-authasAnonymous
                        X-MS-Office365-Filtering-Correlation-Id ec798870-fbb1-4baa-626d-08dce4945b5a
                        X-MS-Exchange-AtpMessagePropertiesSA|SL
                        X-MS-Exchange-Organization-SCL-1
                        X-MS-Exchange-Organization-BypassClutter$true
                        X-Microsoft-Antispam BCL:0;ARA:13230040|3092899012|3072899012|82310400026|12012899012|2092899012|4092899012|5062899012|13012899012|13102899012|6062899009|5082899009|5073199012|69100299015|8142799012;
                        x-forefront-antispam-report CIP:165.212.64.87;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:NSPM;H:postin03.mbox.net;PTR:postin03.mbox.net;CAT:NONE;SFS:(13230040)(3092899012)(3072899012)(82310400026)(12012899012)(2092899012)(4092899012)(5062899012)(13012899012)(13102899012)(6062899009)(5082899009)(5073199012)(69100299015)(8142799012);DIR:INB;
                        X-MS-Exchange-CrossTenant-OriginalArrivalTime04 Oct 2024 16:48:21.7148 (UTC)
                        X-MS-Exchange-CrossTenant-Network-Message-Id ec798870-fbb1-4baa-626d-08dce4945b5a
                        X-MS-Exchange-CrossTenant-Id3778f0b2-789a-4d43-b25e-d4fe25a4c3c0
                        X-MS-Exchange-CrossTenant-AuthSource CO1PEPF000044F4.namprd05.prod.outlook.com
                        X-MS-Exchange-CrossTenant-AuthAsAnonymous
                        X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
                        X-MS-Exchange-Transport-CrossTenantHeadersStampedSA1PR22MB4415
                        X-MS-Exchange-Transport-EndToEndLatency00:00:04.5696093
                        X-MS-Exchange-Processed-By-BccFoldering15.20.8026.019
                        X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
                        X-Microsoft-Antispam-Message-Info WBXO+5RvnHmSaG1kXHvsrTPsWU8yi7gfGjmjI4ZvU6mrliQ1mnj5nOwGPtnQ7/FwcEZqvrnzdeunF79FkWqWfS5boz+H1X6zXjgHmrKNSOXFOA3QOdjMGd0pLXzI5ffuP58nDxtsxTi+/g9lwMLAS587co9JsbZMNGMEr1qNzjDAr9Mlbz4Oj6VPqPP2Qi2r/nhiYc1BjsfnzipiVzxBjv3GWBFV5I+0jqCiZAfqih0tEd0edxQb0bLgHAfa+iaKu33G6tIUkCwPuLdVI/W7J8r2+wafXut6wIe31Zgvj3cLCjQLvte5jOR5vvFQep1gn8a+xSo/JCynCjp6tmOJkwh1nvNAIBoeLBETB81yKgxZqVVVeKzTPkstq2hEph5IopFIFtDedr/mR5AuDDyuUN493hFOSZm4Xodo+iGuapT7YH2mNKosYcxrBDknRAVej2JVNoy8H8fMqLy/wZwpoHirc5l5RKnvIhsxEgTCkM1CdBASe3z2xMvOvDaNW52M2+H4XzcBlmrx+W44Bx78u6MaOmrSycl18B5nFaLVV17J1S9wIIfeRAK7Q2Oi4xgoIY1Es6OiD3T12ePTrPgUQq0opTXvpKDya51naa6rl7snBTShgUiIARF6IKIoqS4F8u8XzuaPbsGPWWtIs0u+8T8WeXZZcGepHL1+cKnXotIvmcU7OMWanpKG770VElpOW2wRkv9CGjbkfzZQcUY527AKDCwW4DLWyuwL01s99JuKSZFKZjQxlWreLA7qUc8HlkaCGA2y1jkpNhsM835yOD8NK3bo2F4W6CDjqK6l6X5OPSuFh3OmCwxd6AhRLccC9zXfh1V7R55Vtx3dzfuL/vDEbclFpHmaukYLvxmx3GIY/2BGDgrr5cCw5EJ3Q03iggBv2+yM4PNFr511tKdxxoZHBREv/RN93t2+OGOX6mL2t93Qz7kx+iGLpSOOut32DRj0m5xUPUktewyg/AqM1+/71/TypR/ScIuu2gyqKmVkQrgZDBK9Y/lnOJn42OW3e/GO8MaTht2Zu2lDx+HKVBxZAY9WxYPYlDnV2QCew23Bk4sY5SsCTBqzXhxpUN7PwCQbHIAWY12kmfNSyst6pvh4nFs3Ov6p2djRLAkkBJRRLsAv31NvbSPzMwe04me30j0ed7y0yvXldV72pf2oItavWR5YfFQoOYe0+JWarPhbMMrLZaut/1gUqbUABeLKnArEMGK9mppvhaahSsADug6H0y5PwRJbimX9hYHd7VA5z4WlEqhwQkPxq4ELdN7KF1CThpb7tT+SJCUxn6XIYP5Xa4om553gfpzOpOlmJlloyyHg1/jX3E5sDmiHPBK+dzEvbcEOXEI2/O5xNIdnKsDruhNHX3cbdFApE/pFHyjTTSHyCfGLpKSWNSj4gk7vnViB2Kt3byWU3LjTKvOPS/u/AFsUpOsqJszcAoYs2XtTAb2sVeuM0LgQ0I4PKVaQYukqASPdL+wT5mBHLhJq97b7F5NsuhBNodPM6+5K7XLXC9XmnYc22+NCKjusm0AuP20NRf8YeF3tZrVNUad1+p+PkliDQ2dnYycD4Am7gdJBZcvy1zWH6qi1ecTFS/M+O1i43GqmS8RGORAl/abM3NgGB9wKarZ7Rcz0gUOZYY3vgMvkVkAuM6AjbgLyi3r1JHOHpH+AQ8bfauh2atnlOxKrg+1ysq+vjbkTajvqkYPtFOmVQriMbOWuQf29wF1qNP2Ps07+hLgMEKcTVhuyFgcHVOgqgYUA78SvBfYpnIcsfX3UX+mescwVdFkGdq3Q6yigTsrVkxx/BT0lwJwJD65GRa0Elv6tkv7+KARzHidzMQY+vh/ouX3cxoiyq042o79VB4Awk35dYhcknUaSD4TRT1frOEE2Fj6lCeG8miU7XWQ+ESd4g9FKb6HxLS1BVvav5pO4Xqvetyza6rcjlZvTXLixLjpkhqaTKi/+8pHfLhUgUsAWnH+CXbMnCb7y4dy7BuzcUAyviPtFSwqw72PRLWGY+T2ZjXylp7/TweuOXJ1S42l/7Xnz2PTuoq87Mvd3+zXWAKDm43Q5q3pj86y6tAUvzFJwjAn5y/Y6Ldw30PYP6HyYIWCnjJV5mfQFKjB0Vi3iz++j46/xQuc3+xsdcgHA1wJBK2cVLpJ8NnIxRhZ5S/VMXUufYE7G4SKZ0+DC6ufs94VgmisMaJFQgP7Wsu3VXgYOyoNcXgo29jvfiP7T2pD/IGMfuxQ2QHRcPf1Tk0VdfiFcVNNqJFn+5kz4Ziakc42SzgVXHQWauEVb8n/tTBwE6Pyo5v3Bpcp1
                        x-ms-exchange-organization-originalclientipaddress165.212.64.87
                        x-ms-exchange-organization-originalserveripaddress10.167.241.74
                        X-Priority3
                        X-MSMail-PriorityNormal
                        Thread-IndexAQHbFn07nnfdNOXRhEq0Wx+QMBx+bg==
                        Message-ID <1156113907.1119594.1728060422918@webapp-prod-a-34.webapp-prod-a.ns-team-sign-core-prod.svc.cluster.local>
                        FromAssurance Program via Adobe Acrobat Sign <adobesign@adobesign.com>
                        ToJordan Herron <JHerron@FirstFedWeb.com>
                        SubjectReminder: Waiting for you to sign Security and Resiliency Assurance Program materials for FIRST FEDERAL SAVINGS & LOAN (OR): 323270313
                        DateFri, 04 Oct 2024 09:47:02 -0700
                        Reply-ToAssurance Program <sys.assurance.program@frb.org>
                        MIME-Version1.0
                        Content-typeMultipart/alternative; charset="utf-8"; boundary="00B0FEED_message_boundary"
                        Content-DescriptionMultipart message

                        File Icon

                        Icon Hash:46070c0a8e0c67d6