Edit tour

Windows Analysis Report
https://eu.docusign.net/Signing/EmailStart.aspx?a=fda42e60-d786-47e1-bd4d-cefd28143f0a&etti=24&acct=ac54d6d4-2396-463d-a7b0-d065df9f63da&er=d553e8f2-760d-4734-ac30-816baca506d7

Overview

General Information

Sample URL:	https://eu.docusign.net/Signing/EmailStart.aspx?a=fda42e60-d786-47e1-bd4d-cefd28143f0a&etti=24&acct=ac54d6d4-2396-463d-a7b0-d065df9f63da&er=d553e8f2-760d-4734-ac30-816baca506d7
Analysis ID:	1545400

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML body contains low number of good links

HTML page contains hidden javascript code

Stores files to the Windows start menu directory

Submit button contains javascript call

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1660 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 996 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1964,i,6401566266122679399,13245475541568404218,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6556 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eu.docusign.net/Signing/EmailStart.aspx?a=fda42e60-d786-47e1-bd4d-cefd28143f0a&etti=24&acct=ac54d6d4-2396-463d-a7b0-d065df9f63da&er=d553e8f2-760d-4734-ac30-816baca506d7" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://eu.docusign.net/Signing/ActivateSecurityChecks.aspx?a=d77b1698-e8d2-4089-8a86-748f8fc409db&ti=a168a2f13c0848abadc581c399ffa05b

HTTP Parser: Number of links: 0

Source: https://eu.docusign.net/Signing/ActivateSecurityChecks.aspx?a=d77b1698-e8d2-4089-8a86-748f8fc409db&ti=a168a2f13c0848abadc581c399ffa05b

HTTP Parser: Base64 decoded: celeBtnHeight40 Btnsecondaryd&font-weight:normal;white-space:nowrap;submitd`if(event){if(typeof(IsEnterOrSpaceKey)!=='undefined'&&IsEnterOrSpaceKey(event)){this.onclick()}}#0A1428dhdFont15RddFont15...

Source: https://eu.docusign.net/Signing/ActivateSecurityChecks.aspx?a=d77b1698-e8d2-4089-8a86-748f8fc409db&ti=a168a2f13c0848abadc581c399ffa05b	HTTP Parser: On click: SMSAuthCallClicked()
Source: https://eu.docusign.net/Signing/ActivateSecurityChecks.aspx?a=d77b1698-e8d2-4089-8a86-748f8fc409db&ti=a168a2f13c0848abadc581c399ffa05b	HTTP Parser: On click: SMSAuthCallClicked()

Source: https://eu.docusign.net/Signing/ActivateSecurityChecks.aspx?a=d77b1698-e8d2-4089-8a86-748f8fc409db&ti=a168a2f13c0848abadc581c399ffa05b

HTTP Parser: <input type="password" .../> found

Source: https://eu.docusign.net/Signing/ActivateSecurityChecks.aspx?a=d77b1698-e8d2-4089-8a86-748f8fc409db&ti=a168a2f13c0848abadc581c399ffa05b	HTTP Parser: No <meta name="author".. found
Source: https://eu.docusign.net/Signing/ActivateSecurityChecks.aspx?a=d77b1698-e8d2-4089-8a86-748f8fc409db&ti=a168a2f13c0848abadc581c399ffa05b	HTTP Parser: No <meta name="author".. found

Source: https://eu.docusign.net/Signing/ActivateSecurityChecks.aspx?a=d77b1698-e8d2-4089-8a86-748f8fc409db&ti=a168a2f13c0848abadc581c399ffa05b	HTTP Parser: No <meta name="copyright".. found
Source: https://eu.docusign.net/Signing/ActivateSecurityChecks.aspx?a=d77b1698-e8d2-4089-8a86-748f8fc409db&ti=a168a2f13c0848abadc581c399ffa05b	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.72:443 -> 192.168.2.17:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.72:443 -> 192.168.2.17:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.108.10.254:443 -> 192.168.2.17:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.108.10.254:443 -> 192.168.2.17:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.17:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.179:443 -> 192.168.2.17:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49770 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	DNS traffic detected: DNS query: eu.docusign.net
Source: global traffic	DNS traffic detected: DNS query: docucdn-a.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: rpxnow.com
Source: global traffic	DNS traffic detected: DNS query: d29usylhdk1xyu.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: api.mixpanel.com
Source: global traffic	DNS traffic detected: DNS query: quilt-cdn.janrain.com
Source: global traffic	DNS traffic detected: DNS query: docj27ko03fnu.cloudfront.net

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.72:443 -> 192.168.2.17:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.72:443 -> 192.168.2.17:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.108.10.254:443 -> 192.168.2.17:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.108.10.254:443 -> 192.168.2.17:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.17:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.179:443 -> 192.168.2.17:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49770 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@17/28@26/212

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1964,i,6401566266122679399,13245475541568404218,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eu.docusign.net/Signing/EmailStart.aspx?a=fda42e60-d786-47e1-bd4d-cefd28143f0a&etti=24&acct=ac54d6d4-2396-463d-a7b0-d065df9f63da&er=d553e8f2-760d-4734-ac30-816baca506d7"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1964,i,6401566266122679399,13245475541568404218,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Name	IP	Active	Malicious	Reputation
rpxnow.com	34.194.220.181	true	false	unknown
www.google.com	142.250.185.132	true	false	unknown
d29usylhdk1xyu.cloudfront.net	18.164.52.68	true	false	unknown
api.mixpanel.com	35.190.25.25	true	false	unknown
docj27ko03fnu.cloudfront.net	18.172.112.60	true	false	unknown
quilt-cdn.janrain.com	unknown	unknown	false	unknown
eu.docusign.net	unknown	unknown	false	unknown
docucdn-a.akamaihd.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://eu.docusign.net/Signing/ActivateSecurityChecks.aspx?a=d77b1698-e8d2-4089-8a86-748f8fc409db&ti=a168a2f13c0848abadc581c399ffa05b	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.67	unknown	United States	15169	GOOGLEUS	false
18.172.112.38	unknown	United States	3	MIT-GATEWAYSUS	false
142.250.185.67	unknown	United States	15169	GOOGLEUS	false
35.186.241.51	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
34.194.220.181	rpxnow.com	United States	14618	AMAZON-AESUS	false
216.58.206.74	unknown	United States	15169	GOOGLEUS	false
172.217.16.206	unknown	United States	15169	GOOGLEUS	false
173.194.76.84	unknown	United States	15169	GOOGLEUS	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
13.224.189.58	unknown	United States	16509	AMAZON-02US	false
2.19.126.135	unknown	European Union	16625	AKAMAI-ASUS	false
35.190.25.25	api.mixpanel.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
18.172.112.60	docj27ko03fnu.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
142.250.185.142	unknown	United States	15169	GOOGLEUS	false
18.164.52.68	d29usylhdk1xyu.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
2.18.64.4	unknown	European Union	6057	AdministracionNacionaldeTelecomunicacionesUY	false
185.81.100.28	unknown	Germany	62856	DOCUS-6-PRODUS	false
2.20.245.140	unknown	European Union	20940	AKAMAI-ASN1EU	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1545400
Start date and time:	2024-10-30 14:12:29 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://eu.docusign.net/Signing/EmailStart.aspx?a=fda42e60-d786-47e1-bd4d-cefd28143f0a&etti=24&acct=ac54d6d4-2396-463d-a7b0-d065df9f63da&er=d553e8f2-760d-4734-ac30-816baca506d7
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@17/28@26/212

Warnings

Exclude process from analysis (whitelisted): TextInputHost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.67, 173.194.76.84, 142.250.185.142, 185.81.100.28, 34.104.35.123, 2.19.126.135, 2.19.126.140
Excluded domains from analysis (whitelisted): eu.docusign.net.akadns.net, a1737.b.akamai.net, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, eu-northeast.docusign.net.akadns.net, clientservices.googleapis.com, clients.l.google.com, docucdn-a.akamaihd.net.edgesuite.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://eu.docusign.net/Signing/EmailStart.aspx?a=fda42e60-d786-47e1-bd4d-cefd28143f0a&etti=24&acct=ac54d6d4-2396-463d-a7b0-d065df9f63da&er=d553e8f2-760d-4734-ac30-816baca506d7

LLM Input / Output

Input	Output
URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: URL: https://eu.docusign.net
URL: https://eu.docusign.net/Signing/ActivateSecurityChecks.aspx?a=d77b1698-e8d2-4089-8a86-748f8fc409db&ti=a168a2f13c0848abadc581c399ffa05b Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "This site uses cookies, some of which are required for the operation of the site.", "prominent_button_name": "OK", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://eu.docusign.net/Signing/ActivateSecurityChecks.aspx?a=d77b1698-e8d2-4089-8a86-748f8fc409db&ti=a168a2f13c0848abadc581c399ffa05b Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "In order to access this document, you need to confirm your identity using your mobile phone.", "prominent_button_name": "SEND SMS", "text_input_field_labels": [ "Choose a phone number below and click the \"Send SMS\" button to receive a text message.", "Enter the access code on the following page.", "Authenticating Signatory Name: Keiko Seta" ], "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://eu.docusign.net/Signing/ActivateSecurityChecks.aspx?a=d77b1698-e8d2-4089-8a86-748f8fc409db&ti=a168a2f13c0848abadc581c399ffa05b Model: claude-3-haiku-20240307	```json { "brands": [ "Docusign" ] }
	```json { "brands": [ "Docusign" ] }
URL: https://eu.docusign.net/Signing/ActivateSecurityChecks.aspx?a=d77b1698-e8d2-4089-8a86-748f8fc409db&ti=a168a2f13c0848abadc581c399ffa05b Model: claude-3-haiku-20240307	```json { "brands": [ "Docusign" ] }
	```json { "brands": [ "Docusign" ] }
URL: https://eu.docusign.net/Signing/ActivateSecurityChecks.aspx?a=d77b1698-e8d2-4089-8a86-748f8fc409db&ti=a168a2f13c0848abadc581c399ffa05b Model: gpt-4o	```json{ "legit_domain": "docusign.com", "classification": "wellknown", "reasons": [ "The brand 'Docusign' is well-known and typically associated with the domain 'docusign.com'.", "The URL 'eu.docusign.net' uses a subdomain of 'docusign.net', which is a legitimate domain owned by DocuSign.", "The use of a regional subdomain 'eu' is common for global services to cater to specific regions.", "There are no suspicious elements in the URL such as misspellings or unusual domain extensions.", "The input fields are consistent with DocuSign's services, which often involve authentication and document signing." ], "riskscore": 2}
URL: eu.docusign.net Brands: Docusign Input Fields: Choose a phone number below and click the "Send SMS" button to receive a text message., Enter the access code on the following page., Authenticating Signatory Name: Keiko Seta

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 12:13:00 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.986334420279675
Encrypted:	false
SSDEEP:
MD5:	097C31057A2B6985E6DE1115D56C1510
SHA1:	335FFED7A52B2E1F21A9C0921A7E271BA5D1361A
SHA-256:	5AF09F12E3B0600E8BDDF99B49D1DEA68A6F124DA0426EC6E406CCBF57167A78
SHA-512:	1497904B7F0C1321EEA7A78712A1044D0F80814310864CA912E26BC9F34A1C3C9ED22FF87EAC99B74C43CAB3F25FA55E282464C3D7FAB1D0FD06F27C01A73C58
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....~..r.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I^Y.i....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V^Y.i....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V^Y.i....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V^Y.i...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V^Y.i...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........p........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 12:13:00 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.001058520187948
Encrypted:	false
SSDEEP:
MD5:	147DEE9AE7678888C298CC810EEDE936
SHA1:	8DE28E24E3D0726A65C5F1912A9D7327390ED468
SHA-256:	EE13F56AF93F48D541D940AE2AB24E25898106E701ED03586317E73C1340431A
SHA-512:	42FFC9B88200202BA8731208E76365F3E6A557028DB0D9681BE39C5D9E617E5743A284700DC9A7D4644BB7E762B335297DAD1829CA5C0A232E6841B65778B7C3
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....D.r.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I^Y.i....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V^Y.i....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V^Y.i....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V^Y.i...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V^Y.i...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........p........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.011820504392953
Encrypted:	false
SSDEEP:
MD5:	EE3774B00E8AD883BFCEDF248321312E
SHA1:	ECE450E1C7BCA869578208ADCB92383483415F2D
SHA-256:	B85F053837B85D035341414374E9F14B198206A99BFDE45D0C26D13A414A437F
SHA-512:	DE965026314FCDD9F6AF61C0FD9BD45D77BBFD83D49972C24C96BA6E94EBD3A64AFA5D235D9FF67EE54EB20BDC27E1CF207C65B8CFE48522CE60CF6A25C9B005
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I^Y.i....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V^Y.i....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V^Y.i....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V^Y.i...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........p........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 12:13:00 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.000784403462315
Encrypted:	false
SSDEEP:
MD5:	313104D0A560C998F1E6DB31EEA58A02
SHA1:	788D1CC9CEA5B0D01BAE86FFF8FA68B3C27F52CB
SHA-256:	2C39723D2D016DC902557EBD1D289DEA537B9625DF82DFFF3FF9646FBF41055A
SHA-512:	6CE1C2E8A4F89D4A46C9E3FE265EC9D9A7F0C7793FDDB4FA40E73539D506207577E3CF1276D97D45C22CCCF0433F7ABCE133C70371FB58090CA37FC640F4DF78
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....x.r.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I^Y.i....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V^Y.i....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V^Y.i....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V^Y.i...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V^Y.i...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........p........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 12:13:00 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9894220131760956
Encrypted:	false
SSDEEP:
MD5:	E0AB4A8DA3E2F8D0EF796C41B0DC5D07
SHA1:	EEF2C491DF8BF790E51E193F0D24FAB56302B562
SHA-256:	BD1E7D040D9B6A9697B98FEBFB91425D4B472CCE64B9C8584F3DFF0A7928705F
SHA-512:	ADCA1BDED6ABED548F6A6CD27860621C6DE5E65A54C6A52EF52363E90E98790A869C26A0570B4893FD27337D615CC5A19C5428D46C773173BE9FF81DA40FB679
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....p.r.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I^Y.i....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V^Y.i....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V^Y.i....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V^Y.i...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V^Y.i...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........p........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 12:13:00 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9948945832930542
Encrypted:	false
SSDEEP:
MD5:	742FD37A9465323F10FCF7BF7E56EFCD
SHA1:	71CA0F9C5E80E09E0412DE0B5C5ADBF25B7D21E0
SHA-256:	D7FC1026E82361F143DD36D18A79B9033FE2C33D7688617FDA1BBFF3FBE726CE
SHA-512:	CE4FCBABED31DAC05F542F1DC31FF8D75284565062B3EC81A3122DF7F548EBCD518AD977D955628A19AAF224CE2A20009954D8CA779ADF3D4662B058C3B30645
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....m..r.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I^Y.i....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V^Y.i....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V^Y.i....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V^Y.i...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V^Y.i...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........p........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	3896
Entropy (8bit):	4.786686051422741
Encrypted:	false
SSDEEP:
MD5:	855476199961A10981ADCA7432CEC048
SHA1:	7995725A0CAC73EB6A2A1B5A8D5B162DBF47988E
SHA-256:	6DD60FAA0E35F2DFE342C452ED414A084D384D11793BD0F0EB03C2B1C6F1405C
SHA-512:	A9E61582FA18BCC1DD57DE8A7C194BAB0D6F733897F541A6E13B94906ADC115D65004F5A2649919FA8B8545F0C67C9313A14EAEAF42C34F630DA13CD38E17994
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>. Generator: Adobe Illustrator 28.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->.<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px".. viewBox="0 0 1200 241.4" style="enable-background:new 0 0 1200 241.4;" xml:space="preserve">.<style type="text/css">...st0{fill:#FFFFFF;}...st1{fill:#4C00FF;}...st2{fill:#FF5252;}.</style>.<g>..<g>...<g>....<path class="st0" d="M1169.2,109.7v78.7h-28.9v-73.5c0-17.9-7.7-27.9-22.7-27.9s-24.9,10.5-27.7,28.1c-0.8,4.2-1,10.7-1,24.4.....v48.8H1060v-125h25.6c0.1,1.1,0.7,12.3,0.7,13c0,0.9,1.1,1.4,1.8,0.8c10.6-8.4,22.3-16.2,38.6-16.2.....C1153.5,60.9,1169.2,79,1169.2,109.7z"/>....<path class="st0" d="M1013.4,63.4l-0.9,14.3c-0.1,0.9-1.2,1.4-1.8,0.8c-3.5-3.3-16.4-17.5-38.3-17.5c-31.4,0-54.5,27.1-54.5,63.9.....l0,0c0,37.3,22.9,64.5,54.5,64.5c21.1,0,34-13.7,36.4-16.7c0.7-0.8,2-0.3,2,0.7c-0.3,3.8-0.8,13.3-4,21.4.....c-4,10.2-13,19.7-31.1,19.7

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	119869
Entropy (8bit):	4.18401975910281
Encrypted:	false
SSDEEP:
MD5:	ECE7A224F69AB2205D90900589AE1D05
SHA1:	3D861B816A5DA892C8A88D5755A5537C036239DE
SHA-256:	FFA8C6A4CE199BFD9E32B05E0E4DECE330C6A577FB3A0E8518291619C658C486
SHA-512:	EEF4BDD54AF95BE42224FFE605BB627293DAEA0C58A50B328ACC8B56040C81FDCB5EC8406F56856FC617A552E4D6DD28BB892467666889D27F03EE8BFCD16D7B
Malicious:	false
Reputation:	unknown
URL:	https://docucdn-a.akamaihd.net/v/static/mixpanel-2-2-1b.js
Preview:	/. DocuSign modified version of Mixpanel JS Library v2.2.1. * $initial_referer and $referer have been removed, as not to send any senstive information. * $initial_referring_domain and referring_domain have been retained.. . Mixpanel JS Library v2.2.1. . . * Copyright 2012, Mixpanel, Inc. All Rights Reserved. * http://mixpanel.com/. . Includes portions of Underscore.js. * http://documentcloud.github.com/underscore/. * (c) 2011 Jeremy Ashkenas, DocumentCloud Inc.. * Released under the MIT License.. /..// ==ClosureCompiler==.// @compilation_level ADVANCED_OPTIMIZATIONS.// @output_file_name mixpanel-2.2.min.js.// ==/ClosureCompiler==../.Will export window.mixpanel./../.SIMPLE STYLE GUIDE:..this.x == public function.this._x == internal - only use within this file.this.__x == private - only use within the class..Globals should be all caps./.(function(mixpanel) {. /. * Saved references to long variable names, so that closure compiler can. * minimize file size.. */. var

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 464380
Category:	downloaded
Size (bytes):	111565
Entropy (8bit):	7.9973816730256155
Encrypted:	true
SSDEEP:
MD5:	B12CCFEA1EC61935954ACCE8396FCEA1
SHA1:	497BD93881D12309A71C40FD52BEC2B6C64965DE
SHA-256:	F4E35E9CC17BAAB26C94389FC8703F555084AFE8B19A15B8C12F5997F98B931E
SHA-512:	6CBE28627FF84F95AC76A064020BB515B70223DB67512839F7AF38F7486FC325DCB88BCBE6B9C99CFE8EFC8AF7319465F0150EE5A75093634D7DB17AA79676F7
Malicious:	false
Reputation:	unknown
URL:	https://d29usylhdk1xyu.cloudfront.net/manifest/login?version=final
Preview:	...........}._............(m.9..n.......O~.l.;.. %.....I.....s..s.X..4.F3...R.x.Q}......}..bT.Z...I..7..Q.l...2.Y=..zuw8.R..:.c.r.{u(....(lW[...V....n=.<lT....w..mO.c?..W.....q...z6.Y.V..H...t../b(..ZQ2....../T+..F.p}<....?9..'.....B..L.\6..&~.....\4.Eai1J)/5d....UVN...j.U)....H.;..i4.......B..,...0......\|....-.>.rLQBy.Y..i.-..$1Sv.1....)...Y7-..c..r\|......}{.......j...Y...q#.M\|..;L7.^..F~8.3.;...7.x....2E..O...p.q...d.Z.h.).S.....E!..r..1..1.......o"..O..... ..F.R].k..%C...(.R.c6...~~b..k....E..nX..pk..C..x.&Uf.^l7K.Y..?..],..t:...Em.^.P.XO..}:x.zxr...fM\|..V...aH]hI....P.....v.5..o.b3.:.%oo.0....6m...\|\.xD.}nX=....F...\|..h6...pj-ci.F[.._....nu.............(.f...0.%...j6..2C.i.mM3..\Z..dX..R.:..d.Yk...n.).L.6....i../.x......g..;/....?d.. R.g#.....>.?z`.".#v.;....4./.Q.....=6.....*..@........=2+.m..........f0nN..2.s/]..q...d}.F.0........b.[.d..i..t..cd'.] HS_..5....F`.5.Y?..:.j5.A......j.....b.^6.O\.pD.x:.B....q..a.....Y.C

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 79 x 79, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	2879
Entropy (8bit):	7.660950602080433
Encrypted:	false
SSDEEP:
MD5:	C87DA3413DAD0BC57D3F6C42C3848657
SHA1:	5F307E843AE7B61DBB541B55CC159386664A40F4
SHA-256:	AE8E67BAA196F0D1A50103804DA7CC8EA1B30F97A3878F044D2EE03902D9925E
SHA-512:	A5D1E1F35C47264FF5616FBA0409249394B6DC44347C0F4B5536679AA1965B8A69AD3C20E42CAE4D82C44B63D1054C5F985B9FA72A7BE563FE2EC3438AFCFB77
Malicious:	false
Reputation:	unknown
URL:	https://eu.docusign.net/Signing/Images/Profile_Default_New.png
Preview:	.PNG........IHDR...O...O.....%V......tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:C298895EA7E911E0B1F8FF0264B08A24" xmpMM:DocumentID="xmp.did:C298895FA7E911E0B1F8FF0264B08A24"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C298895CA7E911E0B1F8FF0264B08A24" stRef:documentID="xmp.did:C298895DA7E911E0B1F8FF0264B08A24"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...{....IDATx..\kO.:..!.z[.. $.......(o..s..u....)...U.R..}x.............kQ.xS.G.D+......W._i....v~F.6...7.\..8'.t.eY.

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, CFF, length 33752, version 0.0
Category:	downloaded
Size (bytes):	33752
Entropy (8bit):	7.984139047245452
Encrypted:	false
SSDEEP:
MD5:	4DE7535F6F5DF8D5437C21C068DDB0EC
SHA1:	3553204B4624CA41CF1C4F3BD9B37D8C968CBA23
SHA-256:	8F6A520A392FF62149E5FC5AA87BFAB9B3816CD6010D4D4FCA194E8683CA498B
SHA-512:	E2A9B45F69BD1CBCF0D5F3710BECFACF6A28AF0A9FD034262F6AF4803628DADCE4C2FCC385758F88130AB68D362F3694ED786D0971CF7FD7E8FAF6CD1C2860DE
Malicious:	false
Reputation:	unknown
URL:	https://docucdn-a.akamaihd.net/production/1ds/widgets/@ds/signing/24.10.26-8/fonts/maven-pro/MavenPro-Bold.woff
Preview:	wOFFOTTO...........x........................CFF ......Om......FFTM...h........Z...GDEF..T........ ....GPOS..TH..-....DiP}7GSUB..T(... ... l.t.OS/2.......H...`...Ccmap.......\|....#G..head...0...3...6....hhea...d... ...$.U.>hmtx.......Q...X.Xl7maxp..............P.name.......4....N...post........... .j.fx.c`d```d8...l<..W.n...8..2.F.../..)...:..&.(..v...x.c`d``../........g.2.EP.5.......P.....x.c`b.......u..1...<.f........p...).,fP`P...._....N.u05..X.@r.L.GP..x.m.1O.A.....(...XL...K....+.[...-..@.A....6..K...e#.x..\|.......^.p..PzV...s...=7q.O..z..+.xn.R=Q.....m.Y.......s..><........6n..c.lq@..klPC.....!".,AJ.`N.e.&.L....F..7g..&..w<.J...P..M-..@.Q.Kz.yn.)dRg...B..J...v:....gR.vFC..N.2....PF0..=.)V.,..{..LY.g"...;9..]p..2n!f....IW67..a.%.mO..-......iXax.c```f.`..F..8..1..,..........P..a)........L..(.(H).)().)X).QTz..........@....1.AU.+H(.UZBU2.................n...}.`...V=X.`.I...Q8.z....#..A.L.,.l...\.<.\|...B.".b...R.2.r...J..j...Z.:.z...F.&.f...V.6.v...N...n...

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 45 x 40, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2232
Entropy (8bit):	7.8980355002767455
Encrypted:	false
SSDEEP:
MD5:	CA320B5A928109755FFA12D7388506E1
SHA1:	F237244628CA41165081F70F3987120C003AAE7F
SHA-256:	8A25CB9589C976773DEA150AAEF2DDED6DB6381E2F51FCF34ABE6D5C1A1D2ACF
SHA-512:	143CE83A55D153ED91925D3857418AEA694E158CF37315D442F3FCD320F7B0B08B8509B67594055E1A9E58DE8D15746B6448A0E492EB30828721716B85D4E6A4
Malicious:	false
Reputation:	unknown
URL:	https://eu.docusign.net/Signing/Images/WarningIcon40.png
Preview:	.PNG........IHDR...-...(.....j.s)....gAMA......a.....tEXtSoftware.Paint.NET v3.36...%...KIDATXG.X.PT....~.e....G..X.....H...V..I$.....-jL.Q..c.+U...HT.t.!..m.-..hm.L&...t:..i......E0........s.......s..;G...oH...k.V.\9.....B'..X..iK..$.`.g.{W....xk.....%1...BU.../ju.........]k... ..8..l..p..LH.......>.E....'...t.X..._~...eB..?.3.Y..-...V.!0T......y....j...[;/}pI.0._;.Z.}......WtxtA0~18.....O....E.Ex..;mB.>w..b]e.. .%.1...9...Z.#o.#4T...aT.h..>..K.T.8..ZZ.....X...A.+...;...L6...%.S....y....n....e.W.Q....!......,..yH....}.......\|.....K(..a4..#.'h.@.....!...m.w\|........;.3..@.X.....3d..m..Q^.....z.~_..>}.....4.,.@X.....Q.0..C.PY....I.s{^......h_......+.}..~`.....$J$..%.l#./.A.........R.}....a.<..t./..u..x...,SDP..+.....@.FQ.f-H..G.w..#,B...@U.........}.q9..FG.mJ0...[.......L..!>Z...W....^.c......Z.+.....E..}..L.e.YY.5...;Y......{=1V 3.!."f....{...k.q4.).'W.2OT9...6"B"..,v.....*t<.....e.. .T..DDXX.jj..'.>....+........J.c...,..8.M.)..#C&'.. 82...;..

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (14047), with CRLF line terminators
Category:	downloaded
Size (bytes):	14687
Entropy (8bit):	5.207772274963725
Encrypted:	false
SSDEEP:
MD5:	2DF506C66BFCE9CB2060DE8963D8D8A6
SHA1:	6A953FD27DD87FC6CF7927C74E3B210AC8182DA9
SHA-256:	316EDC0BF34BD527C50793EB5C134AD5582060F7743AE28B6EE2C07AC391DE93
SHA-512:	61340555C03F4731CFC4A190BC666242520133B10E3876820467728BE4C0AF314371EF804C47A38637D97CA23DA39F6D43D933B3C83AF930F8A15EE907195B8C
Malicious:	false
Reputation:	unknown
URL:	https://eu.docusign.net/Signing/script/XmlHttp.js?vers=24.3.100.52514
Preview:	/*... Copyright (c) 2003-2014 DocuSign Incorporated...* All rights reserved.......* The information contained herein is confidential and proprietary to...* Docusign Incorporated, and considered a trade secret...* as defined under civil and criminal statutes. Docusign...* Incorporated shall pursue its civil and criminal remedies in the event...* of unauthorized use or misappropriation of its trade secrets. Use...* of this information by anyone other than authorized employees of...* Docusign Incorporated is granted only under a written...* non-disclosure agreement, expressly prescribing the scope and manner...* of such use...**/..var XmlLoaderCount=0;function XmlLoader(u){this.onload=donothing;this.onerror=donothing;this.ontimeout=donothing;this.url=u;this.timeoutSeconds=120;var running=false;var timeoutId=null;var THIS=this;this.sendGet=mySendGet;this.sendPost=mySendPost;this.sendDOMPost=mySendDOMPost;this.sendGetSynchronous=mySendGetSynchronous;this.sendPostSynchronous=mySendPostSy

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	131206
Entropy (8bit):	4.89015153386171
Encrypted:	false
SSDEEP:
MD5:	8121AE33F00D45B74C7801A544E8C08D
SHA1:	DC46A1A035D85F09FDFFE9284B455054E1DA731E
SHA-256:	66A55BD8F6EA7923BF41E71E84ADCD50C4EA4976ED7228DCA2704EC71F8A5B54
SHA-512:	522F0DEC0A6454478A081A5A0AA10F66492074C1063430E89D85142872E2C1CBA8C7DE0BC033A01E4BD5875FC1820FA4855B5212176CBC91371B1FB8D936DE9D
Malicious:	false
Reputation:	unknown
URL:	https://quilt-cdn.janrain.com/HEAD/providers.css
Preview:	.janrain-provider150-sprite,.janrain-provider150-aol,.janrain-provider150-blogger,.janrain-provider150-disqus,.janrain-provider150-facebook,.janrain-provider150-flickr,.janrain-provider150-foursquare,.janrain-provider150-google,.janrain-provider150-hyves,.janrain-provider150-linkedin,.janrain-provider150-livejournal,.janrain-provider150-microsoft_live_connect,.janrain-provider150-microsoftaccount,.janrain-provider150-mixi,.janrain-provider150-myopenid,.janrain-provider150-myspace,.janrain-provider150-netlog,.janrain-provider150-openid,.janrain-provider150-orkut,.janrain-provider150-paypal,.janrain-provider150-renren,.janrain-provider150-salesforce,.janrain-provider150-sinaweibo,.janrain-provider150-soundcloud,.janrain-provider150-tumblr,.janrain-provider150-twitter,.janrain-provider150-verisign,.janrain-provider150-vk,.janrain-provider150-vzn,.janrain-provider150-wordpress,.janrain-provider150-yahoo{background-image:url(/HEAD/icons/janrain-provider150-sb396996fdb.png);background-repeat

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	326
Entropy (8bit):	6.860674885804344
Encrypted:	false
SSDEEP:
MD5:	AFE00DB89CE086B91A541C227EDBF136
SHA1:	961B2EE6FB39C4D515BDC49EC1BA688B0916F104
SHA-256:	E11827C678AF8519E702F364E525AC34509CAD49F8D839677E089949EDDA060E
SHA-512:	85F265A917E83BA92FEDB2152FBFADA273FCFF2937A85B080641307FD2E61D0138493162883E016796C9F68062A01D79DA60F546EFC2CB1FB4078760EB3451F0
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR................a....pHYs.................sRGB.........gAMA......a.....IDATx.....0...Uq...UP.\|..v.K.>.O`.$.[.B....'pvJ}..B..P.h...I.!.rs.%.$....O"r!.I.m....J..........U.. ..F[.....j4<...6.b6.T!x..Y..]..;._.,..........K.F..b.~.$..M.......M....,...i....*.z...x8."C.r.{.2~.~........x...B.G.6.....IEND.B`.

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 60 x 60
Category:	dropped
Size (bytes):	5469
Entropy (8bit):	7.407468436786064
Encrypted:	false
SSDEEP:
MD5:	07C429B126D443CF5FBD80E08AC61939
SHA1:	FA928667AFBF4D34B104FDE08536589D87D3EF8F
SHA-256:	F3A25B79FD41F1B6EC6B0A679892C87A1445BC0BE089099AAC6D6D5956E355C2
SHA-512:	2CED6D2DE2D24936403A3283BFF76A9E91E1FA1E80B8CE59FF0EA1A46EB5D74021331912FF26223955D27E0472EDADC79FFCEED88CDBD6A309294418940713BB
Malicious:	false
Reputation:	unknown
Preview:	GIF89a<.<...............................................................................................................................................................................................!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.154911, 2013/10/29-11:47:16 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:6952efb6-7b37-44ad-8f49-fb6d57787754" xmpMM:DocumentID="xmp.did:CC4E39E8547B11E4960B8D7E59B6B241" xmpMM:InstanceID="xmp.iid:CC4E39E7547B11E4960B8D7E59B6B241" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:22335ebf-8a2f-43c0-a35d-602b0ebe7cf3" stRef:documentID="xmp.did:695

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32029), with CRLF line terminators
Category:	downloaded
Size (bytes):	97185
Entropy (8bit):	5.374276891254097
Encrypted:	false
SSDEEP:
MD5:	2B6294333DB8EEB65BC7717144357D23
SHA1:	74EF185A3CBA75AF7F4E1B3DCAF1B32B0DB5C1AF
SHA-256:	4946FCF019E50CF850A0344E45B3A8F93D5EAD5E1DADE33695025EF732913AF1
SHA-512:	BF4197F2ECA58ED25DFDD82D518FB0A6F900695318DC5A47E2039273C3BDA02B1D73249D5EA7D047BFBDA3A692606B430C836912E043F87751FDD900576BEC9C
Malicious:	false
Reputation:	unknown
URL:	https://eu.docusign.net/Signing/client_scripts/jQuery/jquery-1.12.3.min.js
Preview:	/! jQuery v1.12.3 \| (c) jQuery Foundation \| jquery.org/license /..!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="1.12.3",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.c

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, CFF, length 34820, version 0.0
Category:	downloaded
Size (bytes):	34820
Entropy (8bit):	7.982902826695778
Encrypted:	false
SSDEEP:
MD5:	FD117C9EB999E35D64BE1515D5B2192D
SHA1:	B0FAE4091AC17A28C47AF531A9D5B73B4C35F6BD
SHA-256:	553582BE8A5D2779D1A9E9C3A6698FD4D365E01353D8876A7204DB68FCD1D12D
SHA-512:	24D51DBAFDE7E5B7B1486BA3800BC8ECBAF369A2D28BBBF15096C723DC565247F9B956E8D0F28EDB535313E1B26934DFC30AF0AF700B8CB57F02926B889B2177
Malicious:	false
Reputation:	unknown
URL:	https://docucdn-a.akamaihd.net/production/1ds/widgets/@ds/signing/24.10.26-8/fonts/maven-pro/MavenPro-Regular.woff
Preview:	wOFFOTTO...........<........................CFF ......S....{..."FFTM............Z...GDEF..X4....... ....GPOS..Xt..-....DiP}7GSUB..XT... ... l.t.OS/2.......I...`.[.8cmap.......\|....#G..head...0...3...6.h..hhea...d.......$....hmtx.......Q...X.xm.maxp..............P.name.......=...1.E.Lpost........... .j.fx.c`d```d8R!.0...+.7.....\|Y...o.....v...``....MM...x.c`d``../.H.....1.F..............P.....x.c`b..8.....u..1...<.f........p...).,fp`P...._......u05..X.......,......x.m.1O.@....aP.......K.B.N..&.......^...\......G../.Dc....{....\.......c.....p...u.c.W..q....q...2...gY.g.k.8...w.u.c...9n.Vu.7q..1...[.H.`...6..p."@...L.&.X....Cfg.I}..+..[.4G.q..>..Yn.4Y..v.....[...L...~.I..Rh.......Q%..Qh...u...8.N....q.c......z.9.9.....&/O...h..mR=..........ljr.. ......T....Sw`....x.c```f.`..F..8..1..,..........P..a)........L..(.(H).)().)X).QTz..........@....1.AU.+H(.UZBU2.................n...}.`...V=X.`.I...Q8.z....#..A.L.,.l...\.<.\|...B.".b...R.2.r...J.*.j...Z.:.z...F.&.f...

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 28 x 31, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1815
Entropy (8bit):	7.799541881156202
Encrypted:	false
SSDEEP:
MD5:	17C96FC4B9C8464D1C95CD785DD3120B
SHA1:	561ACE8E4B5FE53D23CF02C4DD6ABF6099D618C6
SHA-256:	3051AD5E11115EC4C89769159F719EA0F43A2557749EAA5DA3E1955EBC5DFF1D
SHA-512:	066A907B22AE2312F355356E05D2062D029545679826AFBFD346F6246E331BDC90F6627119B88D35E8204B8A9EB15BA7C7B46A6E4278BD4151692AE52AF1B7D3
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR................:....sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS5q..6....tEXtCreation Time.10/31/11Cw.....oIDATH..WkhSi.~r.I.I.I..7{..J.....8E.Z.dq..q.....@...!...d."R-dY.o.T..T...vY...t.....N.......I......$...>..^..9..^.f8\|.0.H$..l.077g8......d..........v;MLLh...\B. ...v.......{.Z.......J. ...j]...hll...9.@... .@c.I`.L.`.`;z.h.k..O.>.^[[..,....%..L,.....x......p...X.A.R...,.w......"..x<~..$......r..766...z..^...t..,,&.)fV..........e..[`,.H$"wvv..$.-.......L&...I.4.......h.E...Z...v....j.u..WD$..=z.HmhhH......KMOO.:........f..bP3....6].\|....?.........O.\|.8.q..%I..~..W......0x...v.=.........3..X.....DD.x\|..^.5...z=].`.mll..".T....-H....S.......*....X,..FcbyyY!"....}]]...\....Z..p8\|h~~./DD###r~P....444$....R.....Q$.)..........}.....1..DQl...:.J.f....`.....d:..\|....m0".+W.H.>...IU..!.........&8.N.(....=W....O....m.;w.(........hpp.;......P.UVVZ.......FK.E..>...$I....n...w.'O..j............N....L&.QQ.2.P.........L&.6...

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	788
Entropy (8bit):	4.9019698351522845
Encrypted:	false
SSDEEP:
MD5:	CB4FD3AF4DEEBD7277FCD75A576BF633
SHA1:	71A7BC5DE0F92581F2A9F8DCED86578E01B4856C
SHA-256:	F6C29AE65E37D866FEFB836DB488C4D044414798EC995B2B69CD067949938DD9
SHA-512:	1507C60248859484296F0CF5D1D0AB73BA4B2522A8D05C37773E45AE57C381BFC1FBFC1E38C2F1EE4DB626C1E4AF8C973B38FAD6C5FD74A4423FD78CFEE47E85
Malicious:	false
Reputation:	unknown
URL:	https://docucdn-a.akamaihd.net/production/1ds/widgets/@ds/signing/24.10.26-8/css/font-faces.css?cs=7aa34814
Preview:	/ mix ins /..list-no-style {. list-style: none;. padding-left: 0;.}.@font-face {. font-family: 'Maven Pro';. src: url('../fonts/maven-pro/MavenPro-Regular.eot');. src: url('../fonts/maven-pro/MavenPro-Regular.eot?#iefix') format('embedded-opentype'), url('../fonts/maven-pro/MavenPro-Regular.woff') format('woff'), url('../fonts/maven-pro/MavenPro-Regular.ttf') format('truetype');. font-weight: normal;. font-style: normal;.}.@font-face {. font-family: 'Maven Pro';. src: url('../fonts/maven-pro/MavenPro-Bold.eot');. src: url('../fonts/maven-pro/MavenPro-Bold.eot?#iefix') format('embedded-opentype'), url('../fonts/maven-pro/MavenPro-Bold.woff') format('woff'), url('../fonts/maven-pro/MavenPro-Bold.ttf') format('truetype');. font-weight: bold;. font-style: normal;.}.

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1278
Entropy (8bit):	6.645339986902205
Encrypted:	false
SSDEEP:
MD5:	5F84956EE22160FF2BAEC2035234A7D4
SHA1:	F9CE8F109CBA3F9C253C02A5C4274930F01F3582
SHA-256:	8FBDC57DADDB25026195ED010F855392D9E0C0F3BF3528B284F57E5C1016E581
SHA-512:	0AC0DD6C2A1CEC4DB26CF3C5912957F45C720015D3B3C6AC4ED00C8326E7FB99F2FA9C0DB7FAD53E1CDACEFDD21F96A56C00D4171295444FFEA59EC63FC42EF8
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............H-.....tEXtSoftware.Adobe ImageReadyq.e<...hiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:95B136851C206811B5B7843A20461F4C" xmpMM:DocumentID="xmp.did:E86159988DA111E2B9A0FF093E7C528F" xmpMM:InstanceID="xmp.iid:E86159978DA111E2B9A0FF093E7C528F" xmp:CreatorTool="Adobe Photoshop CS5.1 Macintosh"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:95B136851C206811B5B7843A20461F4C" stRef:documentID="xmp.did:95B136851C206811B5B7843A20461F4C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..N....,IDATx...J.A....J.. V..".._@R....C..."

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3196), with CRLF line terminators
Category:	downloaded
Size (bytes):	3836
Entropy (8bit):	5.253541417343987
Encrypted:	false
SSDEEP:
MD5:	2403A507DB3BEC351FF6982A66EF17F8
SHA1:	EF50995B9594A66A78E8CAD364DC907D634B22C2
SHA-256:	71D87C7D8573D220079013552A187C9B08884C83D70F51CEBCB5CA4EF2D7960F
SHA-512:	B4D0F44CCC947AA23AE3F0724F2588F872D4D84C98819BC18F6815C7FEC5BC217EB54FC79E594EC91CE03F3764AAE698BB9CC6BFC5D2AD395FE470FED3BCB8C2
Malicious:	false
Reputation:	unknown
URL:	https://eu.docusign.net/Signing/script/Popup.js?vers=24.3.100.52514
Preview:	/*... Copyright (c) 2003-2014 DocuSign Incorporated...* All rights reserved.......* The information contained herein is confidential and proprietary to...* Docusign Incorporated, and considered a trade secret...* as defined under civil and criminal statutes. Docusign...* Incorporated shall pursue its civil and criminal remedies in the event...* of unauthorized use or misappropriation of its trade secrets. Use...* of this information by anyone other than authorized employees of...* Docusign Incorporated is granted only under a written...* non-disclosure agreement, expressly prescribing the scope and manner...* of such use...**/..function ShowOtherPopup(url,windowname){window.open(url,windowname,'height=600, width=880, scrollbars=no');}function ShowScrollingPopup(url,windowname){window.open(url,windowname,'height=600, width=880, scrollbars=yes, resizable=1');}function ShowPVPopupWindowOnFocus(url,windowname){var pvPopupWindow=window.open(url,windowname,'height=600, width=880, scrollb

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	20
Entropy (8bit):	3.6464393446710153
Encrypted:	false
SSDEEP:
MD5:	EFAC30A8E225EA004DA05F31C701732D
SHA1:	4D8871774233878046CC11567E70B0F3D6EC3870
SHA-256:	56B4E766B8BE69CE923F1BB4C1B0D82522FEAB6221FAFC9EDEB8B65EB05063E9
SHA-512:	5463540F3F0D3BE7B97ADA2BE9969A007B09785EA29E40A9F16CFB9EB7374B877B903AD26E8539B0C4817F8EEEC37B95345F3AD040584E2B58ED9BF69D52CB07
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSEAmjD4Pezwoh4hIFDTWGVBw=?alt=proto
Preview:	Cg0KCw01hlQcGgQISxgC

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1696 x 1294, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	60268
Entropy (8bit):	7.711102082925534
Encrypted:	false
SSDEEP:
MD5:	FB78456DE1AD22E5884E8DFAF560A7F2
SHA1:	62DEE26C982A61413C883B6E37AD48B8262FC61A
SHA-256:	BB1ED3D6B50A1675B90F48B19E64F7BA614B26D5CA6DF8FDA64FA1EF5CC30ED1
SHA-512:	9A481A7B4075E0AB710AC5001A884EAAA1E920543E2AEA0FBDB64C1A2A0A87DDA7D879745A88F97B500AC8755FCDD1A9739F94D06B5E453CEF0799D9EA9AB7AB
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............eS......pHYs...#...#.x.?v.. .IDATx.....H. \.D...`.....,..`..i,.,...X.`,...<...Z._.Q.(TU..L.T.Dt.;.).....................................>.....S.H.=.Q....%./.....<u#....mL.....s>].............n...\|.M3.&\...#BMt"Z\|....7.....`x8.._..c...y}...M0'...N.......7.>........rS.JlL......u..P......j.%5sn......../w....Nf.BfH.i4...5CwQ.]......i.P...&.....E.m..$.....I.l..U.?Hbsn..#}.}.u.Q2.rcM..p3.K.D&.3f...S.....U...p)Z.8.!B.....n(H..5...WK...x..P3...s../.....bw...M9........7U.$..._.c+...'....^.N=./x.fy.~fL.U...25.Lg..a.G...t.....R{d:h..et3mG....".>.w.7..o...l.A.[..pCQ.=.....^....1G...?L].i........]..V.j......\|w.J./{...7#........m.Ts..A/......z].l.M...3{...s..&n......vJ...&..N\|....9?...\..}....>....p..lLy.......k..rf.g_W...R.O....M)......8....9.z7g.W-.Eu.i.p.'.w..K..c.;...>.*w.;K?{.\...K....v[)..?=7.......H..t.]N....Te...2.sg.i_Z{w......6.0..7....9v.s..!<8.Gcvuf.j....U.....a.c...G.....Z....+-.~)W.9.k.9;...2..0..

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	11468
Entropy (8bit):	4.888430951378255
Encrypted:	false
SSDEEP:
MD5:	CB2C566A95361D2A63BB49DEFE5017D7
SHA1:	1653DEA71F2F6DDC35A407DC4394F9D119FCFEAC
SHA-256:	462212100F197888C46A04E8E11F51764A6AC3A66FB8F3A508ECBDFE482BBD1C
SHA-512:	CA262A1BB6DBD2E4A0F7683D353C70D7BDC4D8D2D89315EEAD343C6AC7B2363881AFD2A995ECAE0B15B13011CBBBC3B36F053377ACCC81784816FC43E84067BB
Malicious:	false
Reputation:	unknown
URL:	https://d29usylhdk1xyu.cloudfront.net/load/login.docusign.net
Preview:	(function() {.if (typeof window.janrain.engage !== "object") window.janrain.engage = {};.if (!janrain.settings.providerOverrides) janrain.settings.providerOverrides = {};.if (!janrain.settings.capture) janrain.settings.capture = {};.if (!janrain.settings.common) janrain.settings.common = {};.if (!janrain.settings.language) janrain.settings.language = 'en';.if (!janrain.settings.packages) {. janrain.settings.packages = ['login'];.} else {. if (janrain.settings.tokenUrl) janrain.settings.packages.push('login');.}.if (!janrain.settings.share) janrain.settings.share = {};.if (!janrain.settings.analytics) janrain.settings.analytics = {};.if (!janrain.loadedPackages) janrain.loadedPackages = [];.if (!janrain.settings.linkClass) janrain.settings.linkClass = 'janrainEngage';..if (typeof janrain.settings.common.appUrl === 'undefined')janrain.settings.common.appUrl = "https://login.docusign.net";..if (typeof janrain.settings.showAttribution === 'undefined')janrain.settings.showAttribution

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4056), with no line terminators
Category:	dropped
Size (bytes):	4056
Entropy (8bit):	4.940209700440235
Encrypted:	false
SSDEEP:
MD5:	0EE255C8B0FD4ABCB7623AD802944099
SHA1:	79613A2B93AD81BBBEDAD0EFEC9B0CC06E3389EE
SHA-256:	FE5664E2F1099E3DC83E07A4B65E7B7407A7852A03C979642ACE652D947C01C7
SHA-512:	B155B8A3C2F99587AE8D80A9922EAFA8FECA83FDD86A8B0718208A8BE9E6371B0E6104C7B6C1ACE52BC75CA9B98C7431E9367B344C3479056000C8DD122AAEB3
Malicious:	false
Reputation:	unknown
Preview:	var uagent=navigator.userAgent.toLowerCase();function signing_canvas(){var tool=this;this.started=false;this.drawContext=null;this.drawCanvas=null;this.drawn=false;this.startX=-1;this.startY=-1;this.scale=1;this.resetDrawCanvas=function(){if(tool.drawCanvas&&typeof(tool.drawCanvas.addEventListener)!="undefined"){tool.drawCanvas.removeEventListener('click',tool.ev_sigcanvas,false);tool.drawCanvas.removeEventListener('touchstart',tool.ev_sigcanvas,false);tool.drawCanvas.removeEventListener('touchmove',tool.ev_sigcanvas,false);tool.drawCanvas.removeEventListener('touchend',tool.ev_sigcanvas,false);tool.drawCanvas.removeEventListener('gesturechange',tool.ev_sigcanvas,false);tool.drawCanvas.removeEventListener('mousedown',tool.ev_sigcanvas,false);tool.drawCanvas.removeEventListener('mousemove',tool.ev_sigcanvas,false);tool.drawCanvas.removeEventListener('mouseup',tool.ev_sigcanvas,false);tool.drawCanvas.addEventListener('click',tool.ev_sigcanvas,false);tool.drawCanvas.addEventListener('touc

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	4739
Entropy (8bit):	4.736490039075709
Encrypted:	false
SSDEEP:
MD5:	4B86605C4B80FA75342703878E7DFF13
SHA1:	6EF59F904C58E88B3E143BA3DA464AFE63FDC188
SHA-256:	2F186CDFA13B6CA51F69D44BAC8A7D5B69E1D5409A68D21F5768A87C6DFDB3A1
SHA-512:	B493241426AB5A1B75D1455720E84AB27A2B7E176FDF782ECB14B26004F5553FD306DCAE14C17CE788891FDBCAE9A32A5E22CB187C6BCE66486B89A0E5028AD9
Malicious:	false
Reputation:	unknown
URL:	https://eu.docusign.net/Signing/StyleSheets/Framework.css
Preview:	/-----------------------/..../* needs brackets to swallow error on dev /..{..}..../ This file contains the styles needed for the 2014 rebrand /..html {.. / Prevent font scaling in landscape while allowing user zoom /.. / Use 100% here, NEVER none. See http://blog.55minutes.com/2012/04/iphone-text-resizing/ /.. -webkit-text-size-adjust: 100%;..}..body {.. margin: 0;.. background-image: none;.. background-color: #EAEAEA;.. font-family: "Helvetica Neue", Arial, sans-serif !important;..}...Header {.. display: none;..}...scroll-area {.. position: absolute;.. overflow: auto;.. overflow-x: hidden;.. top: 0;.. left: 0;.. right: 0;.. bottom: 0;.. min-width: 1024px;..}...scroll-area, .Border.scroll-area {.. overflow-x: auto;..}...scroll-container {.. border-bottom: none;.. position: static;..}...clear {.. clear: both;..}..../ site content - centered w/ max-width and padding */...site-content {.. margin: 0 auto;.. max-wid

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 10 x 10, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2961
Entropy (8bit):	7.876188909726169
Encrypted:	false
SSDEEP:
MD5:	C863DB426897325CB4805B2C20F51F30
SHA1:	A426FE43F0CE1A489CE091CC27768CDCC2991210
SHA-256:	2A5179B8851C8E3DFC77D7DCB33B3963AFA037608336D6AE412ACAA38AD59D22
SHA-512:	90DA76303CDE0B81F183709D94DC96B5C3EA7B7766948AF5B81E1EBE4B887012FC611F6A0CFC50873E80AF7B73077F7CB8BD5F254A4F4848C632A68733522A68
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............2.....gAMA....\|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0..z..0... ..Q.f......Ml..@D...E......H..b!(.`.H.Pb0...dF.J\|yy.......g.s..{....$O../... .'..z8.W.G....x....0Y.A..@$/7.z........H..e..O...O.T...._..lN:K.."N.....3"..$..F../JP.rb.[.}..Q..d.[..S..l1..x{..#b.G...\N..o.X3I....[ql2.....$..8.x.......t..r.p../8...p...C...f.q....K.njm.{r2.8...?......).L^6..g.,.qm."[.Z[Z....~Q....7%.."....3......R..`.j...[.~.:.. w....!.$E}k...yh.y...Rm..333..........:..}.=#.v.....e...tq.X)I)B>==......<..8..X....9<QD.h..8Q.yl....sy....0.OZ.k.(...5..H....>.....yP..........:.8......p.........Lg....k.k...$.......t.!0.V..8.7....`.........2A....@.....JP..A#h.'@.8.....:....`....`......a!2D..!UH.2.. .d..A>P ..ECq...B.......Z....:.]..B..=h...~....L...2...........5p.......N..........:\|......@...QC.....!.H,.G6 .H9R.. ]H/r..A..w(......Q.(OT...JCm@..QGQ...-.(j...MF+...6h/.t.:.]..G7....w...7......Xa<1..

Static File Info

⊘No static file info

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://eu.docusign.net/Signing/EmailStart.aspx?a=fda42e60-d786-47e1-bd4d-cefd28143f0a&etti=24&acct=ac54d6d4-2396-463d-a7b0-d065df9f63da&er=d553e8f2-760d-4734-ac30-816baca506d7

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 115

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 123

Chrome Cache Entry: 125

Chrome Cache Entry: 89

Chrome Cache Entry: 91

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 96

Chrome Cache Entry: 99

Static File Info

Windows Analysis Report
https://eu.docusign.net/Signing/EmailStart.aspx?a=fda42e60-d786-47e1-bd4d-cefd28143f0a&etti=24&acct=ac54d6d4-2396-463d-a7b0-d065df9f63da&er=d553e8f2-760d-4734-ac30-816baca506d7