Edit tour

Windows Analysis Report
https://eu.account.docusign.com/managed_token/v1/redeem?mtid=fe673205-a46e-4c50-8e2a-dae5950632e8&mtsec=JTv49oP6axHukl1psgTk0miH0upJK9cQ2IkbWvc5Qlk

Overview

General Information

Sample URL:	https://eu.account.docusign.com/managed_token/v1/redeem?mtid=fe673205-a46e-4c50-8e2a-dae5950632e8&mtsec=JTv49oP6axHukl1psgTk0miH0upJK9cQ2IkbWvc5Qlk
Analysis ID:	848967

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 5984 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu.account.docusign.com/managed_token/v1/redeem?mtid=fe673205-a46e-4c50-8e2a-dae5950632e8&mtsec=JTv49oP6axHukl1psgTk0miH0upJK9cQ2IkbWvc5Qlk MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 6848 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1792,i,18311158771167305895,3512179085048625809,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Source: unknown

DNS traffic detected: queries for: eu.account.docusign.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.74.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.228
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.228
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.228
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.228
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.228
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.228
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.228
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.228
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.228
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.228
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.228
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.228
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.228
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.228
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.228
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.228
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.228

Source: classification engine

Classification label: clean0.win@32/57@7/139

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu.account.docusign.com/managed_token/v1/redeem?mtid=fe673205-a46e-4c50-8e2a-dae5950632e8&mtsec=JTv49oP6axHukl1psgTk0miH0upJK9cQ2IkbWvc5Qlk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1792,i,18311158771167305895,3512179085048625809,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1792,i,18311158771167305895,3512179085048625809,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\Feedback

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://eu.account.docusign.com/managed_token/v1/redeem?mtid=fe673205-a46e-4c50-8e2a-dae5950632e8&mtsec=JTv49oP6axHukl1psgTk0miH0upJK9cQ2IkbWvc5Qlk	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	172.217.16.205	true	false	high
www.google.com	142.250.185.196	true	false	high
clients.l.google.com	142.250.184.238	true	false	high
clients2.google.com	unknown	unknown	false	high
account.docusign.com	unknown	unknown	false	high
eu.account.docusign.com	unknown	unknown	false	high
ssoforms.cib.echonet	unknown	unknown	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.228	unknown	United States	15169	GOOGLEUS	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
172.217.16.205	accounts.google.com	United States	15169	GOOGLEUS	false
185.81.101.62	unknown	Germany	62856	DOCUS-6-PRODUS	false
142.250.185.227	unknown	United States	15169	GOOGLEUS	false
52.109.32.24	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
185.81.101.38	unknown	Germany	62856	DOCUS-6-PRODUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
52.109.8.45	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.181.228	unknown	United States	15169	GOOGLEUS	false
192.229.221.95	unknown	United States	15133	EDGECASTUS	false
142.250.184.238	clients.l.google.com	United States	15169	GOOGLEUS	false
142.250.74.195	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	37.0.0 Beryl
Analysis ID:	848967
Start date and time:	2023-04-18 16:22:24 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://eu.account.docusign.com/managed_token/v1/redeem?mtid=fe673205-a46e-4c50-8e2a-dae5950632e8&mtsec=JTv49oP6axHukl1psgTk0miH0upJK9cQ2IkbWvc5Qlk
Analysis system description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	1
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@32/57@7/139

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe, SgrmBroker.exe, usocoreworker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.227, 185.81.101.62, 185.81.101.38, 34.104.35.123
Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, login.live.com, slscr.update.microsoft.com, clientservices.googleapis.com, account-eu.docusign.com.akadns.net, account-eu-pin.docusign.com.akadns.net, account-geo.docusign.com.akadns.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtWriteVirtualMemory calls found.

Created / dropped Files

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Download File

File Type:	data
Category:	dropped
Size (bytes):	37312
Entropy (8bit):	4.658969270305459
Encrypted:	false
SSDEEP:
MD5:	4C8940770BFBCA88D2DCCDA3C248E411
SHA1:	2D56A05BB560AC60492F1F2845C673D3D17B12B5
SHA-256:	590EC0B17401BA6218A0108C172031071BCF8CE51942B130DC17A6BF1F1974A6
SHA-512:	1553281B369EB348176AEC111A2CF6E07EAA83FA0116959AF3A6B1C0E988826D72C97B489C73C6B383AFA80F8FBC00229359C89EA9617BC89329C149FC78660B
Malicious:	false
Reputation:	low
Preview:	.A..LAAAAAAA..nA.AAA6#.A&AAA.#.AAAAA..bAAAAAb.bAAAAA...AAAAA.A.AAAe..6.AAA.A.AYApA:A.A.A.A.A.AxA.A.A.A.A,A.A.A.AYApA:A.A.A.A6.AAA6!AAA.AtA.ABA[A.A...............................h.h..........A...AAAAAAA...AAAAA.5&A&AJA.ALAAAAAAAAAAA.AGA.A.b.A%A.A...6.AqA.^bA...A..bA5..A...A6#tA.!bA.SAA.AbA.S.A.6.AA..A...Ab.&A6.b.!.#A.d.A..A..bAb~.A.n.6.~.A...6!~LA..An~.A..bA.~HA...S.cA.t.A..A.].A,.EA...6..A...6Y.A.bA..A...AAA.AtA.A....................A...AAAAAAA...AAAAA.5.A.A.A.ALAAAAAAAAAAA.6#.tA.ntA...A...6..LA..bA...A...A6#.A...A.#.A...6L#.A.dbA...A.bbAb..A...A...A6!.A.HA...6e.`A.]bA.w.A..bA.w#A...6~w.A..bA9S.A..tA#ScA.tbA;S.A..A8SqA..A.S&A.^bA.SAA.AbA.S.A.6bA...A...AAA.AtA.A.........#.R........+A..LAAAAAAA..nA.AAA6#.A&AAA..bAAAAAb.bAAAAA...AAAAA.A.AJA.A.A.ALA.A.A.A.AbAAA.AtA.A+A..........................V..wm.9*.............AAAAAAA...A&AAA...A.A.A.ALAAAA6AAAAAA.AGA.A.b.A.AMA..A~A(A.?bA...A..bA5..A...A6#tA.!.A.#.A.]bA...A..bA6&.A.1bA.SAA.AbA.S.A.6.AA..A...Ab..A6.b.!.#A.d.A..A..bAf..A

Chrome Cache Entry: 126

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (560)
Category:	downloaded
Size (bytes):	565
Entropy (8bit):	4.849120909334744
Encrypted:	false
SSDEEP:
MD5:	DC84B98062B3455F3C31479B33C42BA9
SHA1:	8F85A94A691B69BCE68773746AD07A8C9A86FD60
SHA-256:	6057EB1A71E41CC477EF459002AE6072429A971F98D9F79621C7EA021D0A4898
SHA-512:	0694CD553B91662C2948A93247EC9D00D7F7D4EC598ACDE9125AC9D3D25580C564329FA0C5E03FBAD78CC78F8FFD20FDDB14D2AB9470F8000E0ED309C371E0B2
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Feu.account.docusignt&oit=3&cp=28&gs_rn=42&psi=qvsLUdx3zP8v4NSf&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://eu.account.docusignt",["https //eu.account.docusigntech.com","https //eu.account.docusigntech.com login","https //eu.account.docusigntools"],["","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//eu.account.docusigntech.com"},{"mp":"\u2026 ","t":"//eu.account.docusigntech.com login"},{"mp":"\u2026 ","t":"//eu.account.docusigntools"}],"google:suggestrelevance":[601,600,550],"google:suggestsubtypes":[[160],[160],[160]],"google:suggesttype":["TAIL","TAIL","TAIL"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (823)
Category:	downloaded
Size (bytes):	828
Entropy (8bit):	5.198988719298813
Encrypted:	false
SSDEEP:
MD5:	19D6DA389241A5050AA4BE9D58CDBF26
SHA1:	20165FD37B1F532E3685DAC0E3F6DABC86159A07
SHA-256:	345F95442F294B72DAC44F1B805942AC7F17671F7FB206A54BA05A1AFE8C91FA
SHA-512:	52ABB29BE1BDB46692EE0B704B75BBFBF596C73BEEC3FBD3B043CBA4B4F9135120AEBF56CF31CDC9CB28C18D0673E31D48F5D5EAAC604C1F8EF7C494964D6A43
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Feu.&oit=3&cp=11&gs_rn=42&psi=qvsLUdx3zP8v4NSf&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://eu.",["https://eu.myconnectwise.net/","https://eu.claims.axa.travel/claim_form/form","https://eu.mu.ariba.com/seller-portal-dashboard/home","https://eu.knowbe4.com/ui/login","https://eu.portal.ricoh\u2013europe.com/gb/login","https://eu.jotform.com","https://eu.sharesource.com","https://eu.adyen.link","https://eu.prod.tracks.supply-chain.a2z.com/login","https //eu.bbcollab.com/guest classe virtuelle"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[808,807,806,805,804,803,802,801,800,600],"google:suggestsubtypes":[[44],[44],[44],[44],[44],[44],[44],[44],[44],[512]],"google:suggesttype":["NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","QUERY"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (707)
Category:	downloaded
Size (bytes):	712
Entropy (8bit):	5.01417753049732
Encrypted:	false
SSDEEP:
MD5:	284147B47C0360E35418A875E8545F0C
SHA1:	951217FDBEE385F72C1A54CEFE5355B800FA86BC
SHA-256:	A47BF96863BCCE6338B3ECE25A8ECA5066332C9F74B28747F8928747D6538ECA
SHA-512:	7C51CA4D4F47A6A44ADD1125F71B2A839D74145EDDDC24E3EF3E393E55864A9EA174F3ABD0FD1BC8927D42200E8D738A6206DEF508719880B4075E9F7D076C77
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["knuckles cast","spacex starship rocket launch","ripple xrp news","junior doctors strikes","eid ul fitr moon sighting","hms montrose","elon musk artificial intelligence","the idol trailer"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:headertexts":{"a":{"8":"Trending searches"}},"google:suggestdetail":[{"zl":8},{"zl":8},{"zl":8},{"zl":8},{"zl":8},{"zl":8},{"zl":8},{"zl":8}],"google:suggestrelevance":[601,600,555,554,553,552,551,550],"google:suggestsubtypes":[[143,362],[143,362],[143,362],[143,362],[143,362],[143,362],[143,362],[143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (826)
Category:	downloaded
Size (bytes):	831
Entropy (8bit):	5.007231957455482
Encrypted:	false
SSDEEP:
MD5:	7750B30731978CBA73A5B6789834792B
SHA1:	3BCC8B47414E135B05EAA0865F7939FD22D254DA
SHA-256:	948F73A5B4191FC9CD688B6B2522B1BB2A2A55C168F318F0E8D09DE5A90EAD27
SHA-512:	70088832842AA517C5BD5DCF1DC2C8A756E9D0BD3562AA30357A7571A9C12780CF17B660BBA487BDD8ADD60639520D8C73BE8C8C39AF2C199B1EC51B4C0FF0F6
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Feu.accou&oit=3&cp=16&gs_rn=42&psi=qvsLUdx3zP8v4NSf&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://eu.accou",["https://eu.account.battle.net","https://eu.account.battle.net/creation/flow","https://eu.account.battle.net/creation/flow/patch","https://eu.account.amazon.com","https://eu.degreed.com/account/login","https://identity.oneecosystem.eu/account/login","https://sail.guess.eu/account/login","https://vat-search.eu/account/login","https://gtglobal.eu/account/login","https://pokemmo.eu/account/"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[809,808,807,806,805,804,803,802,801,800],"google:suggestsubtypes":[[44],[44],[44],[44],[44],[44],[44],[44],[44],[44]],"google:suggesttype":["NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (831)
Category:	downloaded
Size (bytes):	836
Entropy (8bit):	5.105543614641663
Encrypted:	false
SSDEEP:
MD5:	6AE9EE3F9CC103C55EC77A46936029CE
SHA1:	60D122201354C9CFB6375F7621BEFFBD788CA2C5
SHA-256:	10685EE14F3CB76A92676A866138870DA8F0556E0003C2E281A0708E4EBD5128
SHA-512:	0D6C4FACD7AE9AE06E62FC77592D36567D0295971C992D952E339464E702AA8B88792DF8289601249B6AEBC4DAB39B318F97B22882F15DEF119C5BFD32F2E27B
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Feu.account.&oit=3&cp=19&gs_rn=42&psi=qvsLUdx3zP8v4NSf&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://eu.account.",["https://eu.account.battle.net","https://eu.account.battle.net/creation/flow","https://eu.account.battle.net/creation/flow/patch","https://eu.account.amazon.com","https://login.eu-frankfurt-1.oraclecloud.com/","https://pokemmo.eu/account/","https://login.eu.nissan.biz","https://login.eu.customergauge.com/","https://authentication.myprotime.eu/account/","https //login.eu.nissan.biz is correct"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[808,807,806,805,804,803,802,801,800,600],"google:suggestsubtypes":[[44],[44],[44],[44],[44],[44],[44],[44],[44],[22,30]],"google:suggesttype":["NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","QUERY"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:	downloaded
Size (bytes):	56
Entropy (8bit):	4.599341698990738
Encrypted:	false
SSDEEP:
MD5:	AC248120C723801819C4AA245E15659E
SHA1:	D6466C35F03C86E69BF1D13ABE8CE50EC571309D
SHA-256:	0386C313816AB4DA2DA6193FB86499A6FDC8E917732EC422C2D073BDCB4DDD72
SHA-512:	CB7BD00C0566733B942CEA6469E68376828B6C1A3C213F1FA97E34871DB14DFF2486953DA41E0946F346680A1B651703C5615C3651A44BCF067AB607B8B11334
Malicious:	false
Reputation:	low
URL:	https://account.docusign.com/scripts/utility/submitform.js
Preview:	.window.onload=function(){document.forms[0].submit();}

Chrome Cache Entry: 132

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (825)
Category:	downloaded
Size (bytes):	830
Entropy (8bit):	5.007276813518736
Encrypted:	false
SSDEEP:
MD5:	5362C2148A13340F4C299CD3A83D028B
SHA1:	8784C5DAA874E02AB62B10A18F1DBF7F506A3B40
SHA-256:	33E74D25DBDC2A577FD89BFCB5EDDD2361B2F4DF6DA5B7CCA3CC1E57A7420FAA
SHA-512:	84A06973415C4C369D27B03CFF562E7A9C7BA8FB3F4DBDF67DD7B051613DA7444C56C8FF1D1225B1BF9193049574B7347B0FE7954F8C8562149515C7C69ADD95
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Feu.acco&oit=3&cp=15&gs_rn=42&psi=qvsLUdx3zP8v4NSf&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://eu.acco",["https://eu.account.battle.net","https://eu.account.battle.net/creation/flow","https://eu.account.battle.net/creation/flow/patch","https://eu.account.amazon.com","https://eu.degreed.com/account/login","https://identity.oneecosystem.eu/account/login","https://sail.guess.eu/account/login","https://vat-search.eu/account/login","https://gtglobal.eu/account/login","https://pokemmo.eu/account/"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[809,808,807,806,805,804,803,802,801,800],"google:suggestsubtypes":[[44],[44],[44],[44],[44],[44],[44],[44],[44],[44]],"google:suggesttype":["NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (436)
Category:	downloaded
Size (bytes):	441
Entropy (8bit):	4.853720307744698
Encrypted:	false
SSDEEP:
MD5:	87AE54C530FB49D36F5A1D277553399E
SHA1:	9F56B597D0EC65F5E29FB3E9DBC01897134E6B9B
SHA-256:	056F094D2E482F7DEDDF20BFF9447FC9E5E07B9C93916B16D5D78BFEA818214C
SHA-512:	AC5B4C267C987B53120E9200F06341B130D35B079456D97D458BE1BCC504761CABE644F9236F74799983E703151FE5B0DAC79CCF5D2FE3EA2CB0CC17EFEE85B8
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Feu.account.docusi&oit=3&cp=25&gs_rn=42&psi=qvsLUdx3zP8v4NSf&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://eu.account.docusi",["https //eu.account.docusign.com","https //eu.account.docusign.com login"],["",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//eu.account.docusign.com"},{"mp":"\u2026 ","t":"//eu.account.docusign.com login"}],"google:suggestrelevance":[601,600],"google:suggestsubtypes":[[160],[160]],"google:suggesttype":["TAIL","TAIL"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	32038
Entropy (8bit):	5.104352236785294
Encrypted:	false
SSDEEP:
MD5:	4859E39AE6C0F1F428F2126A6BB32BD9
SHA1:	1C0C85678AE963BC96D0B7FBE1EB89074CF1FBE0
SHA-256:	A94F8A8553CAEA8430DD4CA3CC01D4E318D19828F74CB65453FFB7F5D9E2F44D
SHA-512:	97541B40D8BEAC0DD8831EF8D2814EFEF10CFB185DF316E05B4F3AEF0A2D1839FB7A39D90F141F490E21B2955C32DF9D690785CC4DEF97CDFCE21ACF9BBAA2C7
Malicious:	false
Reputation:	low
URL:	https://account.docusign.com/favicon.ico
Preview:	............ .h...F... .... .........00.... ..%..V...@@.... .(B...:..(....... ..... .....@................................................................................................................................................u..L..n......................................................x..V..m......................................................{..X..n.........................................................\..q........................................................a..u........................................................d..x................................................S.......i..{................................................E.......q...................................................E.......o...................................................E.......q...................................................E.......u...................................................C........................................................

Chrome Cache Entry: 135

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (438)
Category:	downloaded
Size (bytes):	443
Entropy (8bit):	4.852101418831497
Encrypted:	false
SSDEEP:
MD5:	FB3CB6D4BDF044E2628C336492E158CC
SHA1:	C427B0690E999E30EE845F0413ACA6140C46D7AD
SHA-256:	C5A04EEAD8CE707018E3725D35DDEA74676B946B03E1A124AF5D08C5BD3BD432
SHA-512:	A3BFFE51935B40B6CF573A6622AFC713B5983FB105FD788E59109A7FE27006B8E2B540A44CD3F612CA26E2B5882D492E0771D4EF02713876E47F7C4190A5AA7E
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Feu.account.docusign&oit=3&cp=27&gs_rn=42&psi=qvsLUdx3zP8v4NSf&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://eu.account.docusign",["https //eu.account.docusign.com","https //eu.account.docusign.com login"],["",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//eu.account.docusign.com"},{"mp":"\u2026 ","t":"//eu.account.docusign.com login"}],"google:suggestrelevance":[601,600],"google:suggestsubtypes":[[160],[160]],"google:suggesttype":["TAIL","TAIL"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 136

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (757)
Category:	downloaded
Size (bytes):	762
Entropy (8bit):	5.08166062942187
Encrypted:	false
SSDEEP:
MD5:	8774ADB6BCBBA48A686385181E1BE75A
SHA1:	84FB0904464FD837E336E5E66A05AC2D4727842E
SHA-256:	154DAC51DD100A6106EF40F2F4D233AFFA2D4D07EC81BDFF21B3079CF50FB1CE
SHA-512:	68BD73628A9A3314212F25518E98D493BC1D19890CCB29B0CD2C089A4A2B711675983F5A151A71F359A9CC996CD98F75630DFD7CEB25CBCDB14A1690551F23E1
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Feu.a&oit=3&cp=12&gs_rn=42&psi=qvsLUdx3zP8v4NSf&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://eu.a",["https://eu.adyen.link","https://eu.apps.technipenergies.com","https://agrecruitment.eu/","https://avc-eu-mfa.allianz.com","https://amzng.eu","https://agrecruitment.eu/ru","https://agrecruitment.eu/apply-now/","https://www.amazon.com","https://matchmaker-eu.among.us/api/user","https://portal.oneecosystem.eu/auth/login"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[852,808,807,806,805,804,803,802,801,800],"google:suggestsubtypes":[[44],[44],[44],[44],[44,10],[44],[44],[44,10],[44],[44]],"google:suggesttype":["NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 137

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (830)
Category:	downloaded
Size (bytes):	835
Entropy (8bit):	5.1058212956990126
Encrypted:	false
SSDEEP:
MD5:	F54442CA7BA8E867A4FF61CDF8142325
SHA1:	EAF36314D861D2A901EE5473CFF036AF12530F0A
SHA-256:	82645EA5FDB47204F1EAB08A6A4F9CCF10E5921614B28443D75B9813898BDB01
SHA-512:	DCD735A673F238A2F68A7088B874E4E0D33D7192FA8E401DAC65386EAE5561AAC290DF0A9B360374ED5A9B0B4885E23F75777453CDBFAD5DF39DAB6284022A29
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Feu.account&oit=3&cp=18&gs_rn=42&psi=qvsLUdx3zP8v4NSf&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://eu.account",["https://eu.account.battle.net","https://eu.account.battle.net/creation/flow","https://eu.account.battle.net/creation/flow/patch","https://eu.account.amazon.com","https://login.eu-frankfurt-1.oraclecloud.com/","https://pokemmo.eu/account/","https://login.eu.nissan.biz","https://login.eu.customergauge.com/","https://authentication.myprotime.eu/account/","https //login.eu.nissan.biz is correct"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[808,807,806,805,804,803,802,801,800,600],"google:suggestsubtypes":[[44],[44],[44],[44],[44],[44],[44],[44],[44],[22,30]],"google:suggesttype":["NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","QUERY"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 138

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (432)
Category:	downloaded
Size (bytes):	437
Entropy (8bit):	4.9287081163113395
Encrypted:	false
SSDEEP:
MD5:	E4A9BC9BD49BA767B81F78F1B2AD7F9A
SHA1:	F778E88F55003EB2600EFE4A5085E3566F6B3921
SHA-256:	FCEA140DD079B7B137D46AF8AD3FBB6AEBB1E674DA9F3E82197FC2A62DDD0198
SHA-512:	A682B520DA04E134A8AF7865CCE9BD516D0997439EF1FE1A1BD41EBA886E25FF81CE86A1D84A17742494A59AC20725B6CC0B1554D8C764285823A8186530D2D2
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Feu.account.do&oit=3&cp=21&gs_rn=42&psi=qvsLUdx3zP8v4NSf&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://eu.account.do",["https eu account do","https eu account domain\u003dpnp.co.za"],["",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"https eu account do"},{"mp":"\u2026 ","t":"https eu account domain\u003dpnp.co.za"}],"google:suggestrelevance":[601,600],"google:suggestsubtypes":[[22,30,29],[22,30,29]],"google:suggesttype":["TAIL","TAIL"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 139

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (863)
Category:	downloaded
Size (bytes):	868
Entropy (8bit):	5.244735335392657
Encrypted:	false
SSDEEP:
MD5:	E81440782610418D9B247A7352FAFFD5
SHA1:	EB6E58D8FC82FF9936070CAA6A0F76FC868CE0FC
SHA-256:	DFC974E588C717CA2090699C0867B7063456F3F338B09E41787F69A62015F5ED
SHA-512:	55936C330868B52E7B4C6F05B87174DECAD70569A45FAAA5AB09F8ADA2901D3E90FB32C693C9979A3AF949F8AA603FE5E0CDB51CF24A1B0F714A4469FABFA4A7
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Feu&oit=3&cp=10&gs_rn=42&psi=qvsLUdx3zP8v4NSf&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://eu",["https://eu1.concursolutions.com/","https://eu.myconnectwise.net/","https://eu.claims.axa.travel/claim_form/form","https://eu.mu.ariba.com/seller-portal-dashboard/home","https://eu.knowbe4.com/ui/login","https://eur-lex.europa.eu/","https://eu261compensationclaims.ryanair.com","https //eu261compensationclaims.ryanair.com/index.php l\u003des es","https //eu1.concur solutions.com/nui/signin","https //eu- settled-status-enquiries.service.gov.uk"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[806,805,804,803,802,801,800,601,600,550],"google:suggestsubtypes":[[44],[44],[44],[44],[44],[44],[44],[512],[512],[512]],"google:suggesttype":["NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","QUERY","QUERY","QUERY"],"google:verbatimrelevance":851}]

Static File Info

⊘No static file info

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://eu.account.docusign.com/managed_token/v1/redeem?mtid=fe673205-a46e-4c50-8e2a-dae5950632e8&mtsec=JTv49oP6axHukl1psgTk0miH0upJK9cQ2IkbWvc5Qlk

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Chrome Cache Entry: 136

Chrome Cache Entry: 137

Chrome Cache Entry: 138

Chrome Cache Entry: 139

Static File Info

Windows Analysis Report
https://eu.account.docusign.com/managed_token/v1/redeem?mtid=fe673205-a46e-4c50-8e2a-dae5950632e8&mtsec=JTv49oP6axHukl1psgTk0miH0upJK9cQ2IkbWvc5Qlk