Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Salary Increment.eml

Overview

General Information

Sample name:Salary Increment.eml
Analysis ID:1500050
MD5:fa447e06a2d08f74dd246032658c73ec
SHA1:454ba3b070fe26a4258fe19b2bcf80762d22964d
SHA256:e60547863731636c6693d7b74f14f4424e381db16f48f9d1d84c34603d887f6c
Infos:

Detection

Score:21
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Suspicious MSG / EML detected (based on various text indicators)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6884 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Salary Increment.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 2788 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6BE09355-36AA-4009-9F42-BDF760F66809" "9A52AE94-82F4-480B-BC86-CBAB0F06E436" "6884" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 1552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fca.docusign.net%2fSigning%2fEmailStart.aspx%3fa%3d67ad5be8-afc4-47a1-ad27-4c759a13b5db%26etti%3d24%26acct%3d40b9d5ee-3305-4c74-9e54-3b203af8461a%26er%3d19ba4987-bc67-4e67-9dd9-af8efb2162d8&c=E,1,8rygGQGA7nSApSqs8X4_zWloporzYFtMDicBZEz094bgslaJXm77ikhOfNQpp1lM-0l1ySHvOi-EfuLspM1WtYKVQcNagf_01E1SioH2KHjv-hPnAAFTAaXJ3A,,&typo=1 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 4700 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=1992,i,5855294803230811950,11171369921192132382,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6884, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Suspicious MSG / EML detected (based on various text indicators)
Source: MSG / EMLOCR Text: docusign Docusign Services sent you a document to review and sign. REVIEW DOCUMENT Docusign Services humanresources3@documentsignning.com HR has introduced a new Salary Increment Policy, effective immediately. All employees must review and complete the attached enrollment form. Currently, 25% of our employees have acknowledged receipt. Our goal is 100% acknowledgment. Please review and sign the acknowledgment section in the attached form. Do Not Share This Email This email contains a secure link to Docusign. Please do not share this email, link, or access code with others. Alternate Signing Method Visit Docusign.com, click 'Access Documents', and enter the security code: 67AD5BE8AFC447AIAD274C759A13B5DB6 About Docusign Sign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- Docusign provides a professional trusted solution for Digital Transaction ManagementTM. Questions about the Document? If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly. Stop receiving this email Report this email or read more about Declining to sign and Managing notifications. If you have trouble signing, visit "How to Sign a Document" on our Docusign Support Center, or browse our Docusign Community for more information. Download the Docusign App This message was sent to you by Docusign Services who is using the Docusign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request.
Source: unknownHTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.17:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.17:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49764 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.149:443 -> 192.168.2.17:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.181:443 -> 192.168.2.17:49767 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.189.173.14:443 -> 192.168.2.17:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49770 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.4.254:443 -> 192.168.2.17:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 150.171.74.254:443 -> 192.168.2.17:49778 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 1MB later: 30MB
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: global trafficDNS traffic detected: DNS query: linkprotect.cudasvc.com
Source: global trafficDNS traffic detected: DNS query: ca.docusign.net
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: docucdn-a.akamaihd.net
Source: global trafficDNS traffic detected: DNS query: api.mixpanel.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownHTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.17:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.17:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49764 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.149:443 -> 192.168.2.17:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.181:443 -> 192.168.2.17:49767 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.189.173.14:443 -> 192.168.2.17:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49770 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.4.254:443 -> 192.168.2.17:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 150.171.74.254:443 -> 192.168.2.17:49778 version: TLS 1.2
Source: classification engineClassification label: sus21.phis.winEML@18/31@16/159
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240827T1413120126-6884.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Salary Increment.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6BE09355-36AA-4009-9F42-BDF760F66809" "9A52AE94-82F4-480B-BC86-CBAB0F06E436" "6884" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fca.docusign.net%2fSigning%2fEmailStart.aspx%3fa%3d67ad5be8-afc4-47a1-ad27-4c759a13b5db%26etti%3d24%26acct%3d40b9d5ee-3305-4c74-9e54-3b203af8461a%26er%3d19ba4987-bc67-4e67-9dd9-af8efb2162d8&c=E,1,8rygGQGA7nSApSqs8X4_zWloporzYFtMDicBZEz094bgslaJXm77ikhOfNQpp1lM-0l1ySHvOi-EfuLspM1WtYKVQcNagf_01E1SioH2KHjv-hPnAAFTAaXJ3A,,&typo=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=1992,i,5855294803230811950,11171369921192132382,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6BE09355-36AA-4009-9F42-BDF760F66809" "9A52AE94-82F4-480B-BC86-CBAB0F06E436" "6884" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fca.docusign.net%2fSigning%2fEmailStart.aspx%3fa%3d67ad5be8-afc4-47a1-ad27-4c759a13b5db%26etti%3d24%26acct%3d40b9d5ee-3305-4c74-9e54-3b203af8461a%26er%3d19ba4987-bc67-4e67-9dd9-af8efb2162d8&c=E,1,8rygGQGA7nSApSqs8X4_zWloporzYFtMDicBZEz094bgslaJXm77ikhOfNQpp1lM-0l1ySHvOi-EfuLspM1WtYKVQcNagf_01E1SioH2KHjv-hPnAAFTAaXJ3A,,&typo=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=1992,i,5855294803230811950,11171369921192132382,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Process Injection		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Extra Window Memory Injection		1
Extra Window Memory Injection		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.250.185.164
truefalse
    		unknown
    api.mixpanel.com
    		35.186.241.51
    		truefalse
      		unknown
      linkprotect.cudasvc.com
      		3.121.135.153
      		truefalse
        		unknown
        docucdn-a.akamaihd.net
        		unknown
        		unknownfalse
          		unknown
          ca.docusign.net
          		unknown
          		unknownfalse
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://ca.docusign.net/Signing/Error.aspx?scope=e6fb5c34-17d2-4062-9499-68bfb8add554false
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              52.113.194.132
              		unknownUnited States
              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              35.186.241.51
              		api.mixpanel.comUnited States
              		15169GOOGLEUSfalse
              142.250.185.206
              		unknownUnited States
              		15169GOOGLEUSfalse
              1.1.1.1
              		unknownAustralia
              		13335CLOUDFLARENETUSfalse
              23.47.50.225
              		unknownUnited States
              		16625AKAMAI-ASUSfalse
              2.16.238.157
              		unknownEuropean Union
              		20940AKAMAI-ASN1EUfalse
              173.194.76.84
              		unknownUnited States
              		15169GOOGLEUSfalse
              142.250.181.227
              		unknownUnited States
              		15169GOOGLEUSfalse
              20.50.201.200
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              107.178.240.159
              		unknownUnited States
              		15169GOOGLEUSfalse
              108.177.122.139
              		unknownUnited States
              		15169GOOGLEUSfalse
              239.255.255.250
              		unknownReserved
              		unknownunknownfalse
              142.250.185.163
              		unknownUnited States
              		15169GOOGLEUSfalse
              142.250.185.164
              		www.google.comUnited States
              		15169GOOGLEUSfalse
              52.109.28.46
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              3.121.135.153
              		linkprotect.cudasvc.comUnited States
              		16509AMAZON-02USfalse
              52.235.63.109
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

              Private

              IP
              192.168.2.17
              192.168.2.18

              General Information

              Joe Sandbox version:40.0.0 Tourmaline
              Analysis ID:1500050
              Start date and time:2024-08-27 20:12:22 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:defaultwindowsinteractivecookbook.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:26
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • EGA enabled
              Analysis Mode:stream
              Analysis stop reason:Timeout
              Sample name:Salary Increment.eml
              Detection:SUS
              Classification:sus21.phis.winEML@18/31@16/159
              Cookbook Comments:
              • Found application associated with file extension: .eml

              Warnings

              • Exclude process from analysis (whitelisted): SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.113.194.132
              • Excluded domains from analysis (whitelisted): fs.microsoft.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtQueryAttributesFile calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Report size getting too big, too many NtReadVirtualMemory calls found.
              • VT rate limit hit for: Salary Increment.eml

              Created / dropped Files

              C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):231348
              Entropy (8bit):4.393908874368746
              Encrypted:false
              SSDEEP:
              MD5:F6B303ED098EFC81627E62E363923816
              SHA1:048E774F97765BC35A5CA53B2A0FBD490171B80E
              SHA-256:D31EC94D8B6BE13C03DA95E5D721CE35F02C2109FB977B684E1DBA3B67E3B257
              SHA-512:403923D7DBE0FD137DF9CE7B77A85C30BAD3FB62CCAEF2517697E6C06018C0D3108F8D134DBFA5F9D464EA10E28C62A7E2014B12347DEE3A550AF4B9885677A1
              Malicious:false
              Reputation:unknown
              Preview:TH02...... .p...........SM01X...,....@............IPM.Activity...........h...............h............H..h.............h.........x..H..h\tor ...AppD...h8...0... ......h&.J............h........_`.k...h..J.@...I.+w...h....H...8..k...0....T...............d.........2h...............k..............!h.............. hj......8.....#h....8.........$h.x......8....."h`~............'h..}...........1h&.J.<.........0h....4.....k../h....h......kH..hH...p........-h .......d.....+h..J.............p.p.P.r.i.v. ..............F7..............FIPM.Activity..t.Form....Standard..e.Journal Entry.v.IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000..l.Microsoft.m.This form is used to create journal entries.......l.kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

              C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\AB36553B-113B-4FC0-8717-141CCFCB4A92

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):176365
              Entropy (8bit):5.2874662940506045
              Encrypted:false
              SSDEEP:
              MD5:5C23627A7B7EE1C4C16470B7086FE504
              SHA1:4F666F7AE5336FAAF11571882FFDBACD6F4BA423
              SHA-256:78FF5F2682DBC589C807050C2AB6521AFC4D91C64FE49D5219A82E20C5337233
              SHA-512:B770A0640A3959D8B36AC69609FD826978FC8D89F1A4CDD5EB8C4982F92B20684F95DE6945A3A07F6DC60791B5E104DF661123E84F674AB138676CDC2F4611A4
              Malicious:false
              Reputation:unknown
              Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-08-27T18:13:14">.. Build: 16.0.18014.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):32768
              Entropy (8bit):0.04579732647217531
              Encrypted:false
              SSDEEP:
              MD5:3DACAD215B80FB5D7500546DF104EAE6
              SHA1:17080C4FAA1861C73BE9FDC651917D7075545912
              SHA-256:E7D091F7DF36816706652FF40FC00272D113BD4B1335142B14A1D017D2E88B2D
              SHA-512:C89B526F0302BD99AEB39530822E40F78C9680E673A1E07F3CD515087B7D41D93BEE9E559CA0C07A49455DE57A2E95D8DB632C5753D915BE4E1FBBD611A9C354
              Malicious:false
              Reputation:unknown
              Preview:..-...........................R.G...Ep.......8..-...........................R.G...Ep.......8........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:SQLite Write-Ahead Log, version 3007000
              Category:modified
              Size (bytes):49472
              Entropy (8bit):0.4815097338284978
              Encrypted:false
              SSDEEP:
              MD5:471E8E13F74052347A7AEB75FC28DA21
              SHA1:9468834F3C47086D5661C2608732797CB38C5884
              SHA-256:B61945CBEC5465C56588F7CE54CE1196B85AE00A57F52E5DC845DF83BA9D4082
              SHA-512:BECB7330037E720485A2888B389E3D1AAE88FD5970D04ED05259F6614C5B96982970CA608416D684CD049F3F6E242EF78A1DA58DE3F5EE93B1285A7BC2A93BEE
              Malicious:false
              Reputation:unknown
              Preview:7....-...........G...Ep..K.=.h5.........G...Ep.T..7..SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{2E692B08-ADC1-427A-B043-AA533C88DD47}.tmp

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):17676
              Entropy (8bit):4.197364241082389
              Encrypted:false
              SSDEEP:
              MD5:171437773F57ECAA687D1E0C39220AF8
              SHA1:F4AD2DDA038103EE79C46A4A5B5FDAD35D617D93
              SHA-256:32ADD193466EDCDB4FE56B887E3C95D790388866E8260A509B7009CA2CBECB79
              SHA-512:EFF41BC9E6BA69E36DF613E19AAC5E003B69647EE88F4129F94804F3383E188E587039A7A3A9E64B997E8CBA287CEB3B17ADE2FC3DA802508B5D742EBB5D438A
              Malicious:false
              Reputation:unknown
              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................B...............P...R...T...V...X...Z...\...^..........................................................................................................................................................................................................................................................................................d........$..$.If....:V.......t.....6......4........4........a.........$.a$.*...$..$.If........!v..h.#v....:V.......t.....6......5.......4

              C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1724782392370735200_49B920F3-1C52-40CE-93C5-B72621957C81.log

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:ASCII text, with very long lines (28758), with CRLF line terminators
              Category:dropped
              Size (bytes):20971520
              Entropy (8bit):0.17630120186845433
              Encrypted:false
              SSDEEP:
              MD5:A8540C54CC2ED5399E605CBC4A38A964
              SHA1:830ACF674316F921B50B91550FBE69A020C0232A
              SHA-256:96BD02C22B468E3826619A4CAD34DA50851D697EF5CE02286D0B5B952859FFDD
              SHA-512:DCCC0152247AB5B783CB3E9517A58D141BCD01AE9333F77CCE66985EDEBA6889200042EBAA6EDED07F6142C7A27BDA6F14A412DFBB85049A060BE50D194B387D
              Malicious:false
              Reputation:unknown
              Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..08/27/2024 18:13:12.461.OUTLOOK (0x1AE4).0x1AE0.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-08-27T18:13:12.461Z","Contract":"Office.System.Activity","Activity.CV":"8yC5SVIczkCTxbcmIZV8gQ.4.9","Activity.Duration":15,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...08/27/2024 18:13:12.492.OUTLOOK (0x1AE4).0x1AE0.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-08-27T18:13:12.492Z","Contract":"Office.System.Activity","Activity.CV":"8yC5SVIczkCTxbcmIZV8gQ.4.10","Activity.Duration":13345,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

              C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1724782392372650800_49B920F3-1C52-40CE-93C5-B72621957C81.log

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):20971520
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:
              MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
              SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
              SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
              SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
              Malicious:false
              Reputation:unknown
              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240827T1413120126-6884.etl

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:modified
              Size (bytes):102400
              Entropy (8bit):4.515710588769001
              Encrypted:false
              SSDEEP:
              MD5:68DC2B5C5D62C2D26BDF5193E348E2D4
              SHA1:8C58A63CE3EF26BBBBEFDA04F33E82C2B0685F01
              SHA-256:1C46AEE0D5723AE52E0EBE683FA871E2B6D2EAC4F832A70A51A91BAA366D326B
              SHA-512:1783DC8F6071918C08DDEC13558C153454DD6C8F3E1937F808768482974C6A5EC332168410C6FEDBAD18036FEA7FFCC701A77529E6EAE9E942993BEB348E980C
              Malicious:false
              Reputation:unknown
              Preview:............................................................................d............48....................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................@..-.Y...........48............v.2._.O.U.T.L.O.O.K.:.1.a.e.4.:.2.6.0.b.c.6.e.4.6.6.e.9.4.1.9.0.b.8.2.b.a.8.e.6.5.2.c.4.d.b.b.8...C.:.\.U.s.e.r.s.\.t.o.r.r.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.8.2.7.T.1.4.1.3.1.2.0.1.2.6.-.6.8.8.4...e.t.l...........P.P..........48....................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):30
              Entropy (8bit):1.2389205950315936
              Encrypted:false
              SSDEEP:
              MD5:888AFFD982AAF976FD868919011A393A
              SHA1:7AB6F76795B9641B1241A5B237FD7EAFE0650B32
              SHA-256:B2CE365E7E3AF170EF432DAF8E68D7F575730C92E4DE3CD5319953C790CB35D8
              SHA-512:314A138D69CDDD54E4628183E38883CB0B9DE1ED55A94ADEB885A758D18113FFD3AFFEBEDC6454ADE599320A08D53298C671F2B24D6BFC4A66D93EB10FEB67A4
              Malicious:false
              Reputation:unknown
              Preview:....n.........................

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:13:27 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2677
              Entropy (8bit):3.9975445622461137
              Encrypted:false
              SSDEEP:
              MD5:5CD47EA14F92B877C75E721D2CA18ED7
              SHA1:B16A24E815A7C1194B2B13AD30FBD68CD0295428
              SHA-256:A63686EEC7EBBCC432C728D9055822955858A23D1053C51EA51EEC90C6F78524
              SHA-512:3A3CB6209A04D17AD9B104DA086BC5EE40179985CCDE72DDB80F562F6F1DEBE7165A6CA13CE9EEA19440A2E7865B9D28993217785CA1C891F777335E46FE8786
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,....7..........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........W..l.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:13:27 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2679
              Entropy (8bit):4.013266357750657
              Encrypted:false
              SSDEEP:
              MD5:3C3926A3F791888E361A9E6B1C222A75
              SHA1:99EA3258F8BE07BE7159C1CE1EDA6BAE6D2E2655
              SHA-256:E05E903F959E1C915B2BFB9C3D9042626C9622C2F9B526B9526F9B01EE603F05
              SHA-512:4EAF291002FB341669DC385C2461F8D47D656706568C0353C8E18A0704C5BC8A7B2786BC49440BEAA5D70D56C9FF02DF0B15B92BA52978A4BAE3D8EFD0200636
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,..............y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........W..l.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2693
              Entropy (8bit):4.018519164477826
              Encrypted:false
              SSDEEP:
              MD5:935DD1FD38CADA386278305FB644A874
              SHA1:8D9F6FAE092A55B587CFA15DB3D05112D6DDF7CB
              SHA-256:B3B4016F6CF48ACDC988D0B2321658E3DBB7140FB7A23C06AA0198FBFE74D323
              SHA-512:611984293E77A31194158BDFCA0B5BC1AE93928D75B7CE886D32EBFC74B7D413915F660B3A63E607517781797E456820A3E5E9DFEFDCF618F78EDDE3D30B7D0E
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........W..l.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:13:27 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2681
              Entropy (8bit):4.012452441726907
              Encrypted:false
              SSDEEP:
              MD5:B378B4B194FE44EFCCE14E389C1F0B7F
              SHA1:4D66E11803C6C0FABA2585624ADD04B9E5BE690B
              SHA-256:0D744BB06AC9A4BDA78A19675017A23B6DCB23E3A182C64B0F538FC0C3CD3D6E
              SHA-512:416A667F0FC0CB740BEDBDFE30A17B8A5CBB470B6B36887F58280BBBBD0D41E53858981BB705E34F58762611DB8F90A644838BC5711984D1E291C4AEB92BA4C7
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,..............y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........W..l.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:13:27 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2681
              Entropy (8bit):3.9957475328256113
              Encrypted:false
              SSDEEP:
              MD5:4A25D9ED91581EC16D820595E46CC56F
              SHA1:3DD9B53646D8EC458BEA055291D79AA8D0D62996
              SHA-256:AC37F854A60213944AE87C0779738EDA90BF1EE693EF423508F5190C4C6B3371
              SHA-512:034B9ACBA8229A9DC8D5201B6ACCBC7179B38218518F2C0319233459D153301900E551D63948EDFE03D931D46F960158B7B3B57A766701ED0888284E81291D96
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,....le.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........W..l.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:13:27 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2683
              Entropy (8bit):4.010283795276836
              Encrypted:false
              SSDEEP:
              MD5:42DEA661B7B5F6C8CE6858E6B473288E
              SHA1:856405538DF1FDB58DB20F5B0A4730515EC654F5
              SHA-256:E866F40388167363CE1AE5AC8B6208F19CF4AEEBA193A1C0E7DAD38527C22C55
              SHA-512:BEDD3D6DDDB8CF7F6B215C474E982260640583B371092B3CAD5E76F0ED6620B39B2AB5A7F24EFDC7831E3E818CB854996A85298F4CCBD5ADCA99BB563B382E90
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,.....Iy........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........W..l.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:Microsoft Outlook email folder (>=2003)
              Category:dropped
              Size (bytes):271360
              Entropy (8bit):2.812670747876369
              Encrypted:false
              SSDEEP:
              MD5:9951609D72F28ED614202E0908EBAE21
              SHA1:9C994192381BEB3D8ADFD0DB744B9AFB009BAF58
              SHA-256:7E7851A28619E943604F32C03CF4A04423E6A9D87001A3F96F9BFB2CB692CB0A
              SHA-512:6D525C0892AD02B78A53D608C9281E58EC30F2486203E01469D9169193AB3CA933BDC5483607B28597E3AE4803DAE82288A0F156279E2E07A8DD9F24192F0299
              Malicious:false
              Reputation:unknown
              Preview:!BDN.~.SM......\.......................Y................@...........@...@...................................@...........................................................................$.......D..................................................................................................................................................................................................................................................................................................................................`........y.4&#.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):131072
              Entropy (8bit):3.7751692181334473
              Encrypted:false
              SSDEEP:
              MD5:2DC329404194AAEEA42DACF9531DE3A5
              SHA1:4A17F87D41C65991A966ADB458367F2033A15B58
              SHA-256:ACB2433E11F858F27042686477C6C9FE86C9F9B9E157546B6CBE57746CBDDDE3
              SHA-512:94D2C5DC21060633FE55A38CB00B1EDEE5FCAAFBA68431E14F6FB879A4FA280400F93553E94DF1B5BF9640CBD29324233180E64E8EF4E1DEA4431DA514ECA417
              Malicious:false
              Reputation:unknown
              Preview:7...0...t......................D............#...........o......x........................................|.........................................................................................................................................................................................................................................................................................................................................................................................................................................................z;7..D........G.0...u......................B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

              Chrome Cache Entry: 101

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:Web Open Font Format, CFF, length 34820, version 0.0
              Category:downloaded
              Size (bytes):34820
              Entropy (8bit):7.982902826695778
              Encrypted:false
              SSDEEP:
              MD5:FD117C9EB999E35D64BE1515D5B2192D
              SHA1:B0FAE4091AC17A28C47AF531A9D5B73B4C35F6BD
              SHA-256:553582BE8A5D2779D1A9E9C3A6698FD4D365E01353D8876A7204DB68FCD1D12D
              SHA-512:24D51DBAFDE7E5B7B1486BA3800BC8ECBAF369A2D28BBBF15096C723DC565247F9B956E8D0F28EDB535313E1B26934DFC30AF0AF700B8CB57F02926B889B2177
              Malicious:false
              Reputation:unknown
              URL:https://docucdn-a.akamaihd.net/production/1ds/widgets/@ds/signing/24.6.60-5/fonts/maven-pro/MavenPro-Regular.woff
              Preview:wOFFOTTO...........<........................CFF ......S....{..."FFTM............Z...GDEF..X4....... ....GPOS..Xt..-....DiP}7GSUB..XT... ... l.t.OS/2.......I...`.[.8cmap.......|....#G..head...0...3...6.h..hhea...d.......$....hmtx.......Q...X.xm.maxp..............P.name.......=...1.E.Lpost........... .j.fx.c`d```d8R!.0...+.7.....|Y...o.....v...``....MM...x.c`d``../.H.....1.F..............P.....x.c`b..8.....u..1...<.f........p...).,*fp`P...._......u05..X.......,......x.m.1O.@....aP.......K.B.N..&.......^...\......G../.Dc....{....\.......c.....p...u.c.W..q....q...2...gY.g.k.8...w.u.c...9n.Vu.7q..1...[.H.`...6..p."@...L.&.X....Cfg.I}..+..[.4G.q..>..Yn.4Y..v.....[...L...~.I..Rh.......Q%..Qh...u...8.N....q.c......z.9.9.....&/O...h..mR=..........ljr.. ......T....Sw`....x.c```f.`..F..8..1..,..........P..a)........L..(.(H).)().)X).QTz..........@....1.AU.+H(.UZBU2.................n...}.`...V=X.`.I...Q8.z..*..#..A.L.,.l...\.<.|...B.".b...R.2.r...J.*.j...Z.:.z...F.&.f...

              Chrome Cache Entry: 102

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (65446), with CRLF line terminators
              Category:dropped
              Size (bytes):89797
              Entropy (8bit):5.291128696884303
              Encrypted:false
              SSDEEP:
              MD5:954F70F07F05742168ADCEBA796DDA72
              SHA1:EDF8A6A066F201B1FFAD32C585BD79C9982D4433
              SHA-256:4DA87C258ECA460D39CDB0F6158CBF69AF539D05A1D14F1BC011518511D02228
              SHA-512:66EE57172810E0002C308C1FD5FC008C1C64573602627CA0313D97742D830C72BB7D26DD3B069E1835C5E3D6F8721F856809EB9CCEF18CE8934FF7758F645717
              Malicious:false
              Reputation:unknown
              Preview:/*! jQuery v3.6.4 | (c) OpenJS Foundation and other contributors | jquery.org/license */..!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),v={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}func

              Chrome Cache Entry: 103

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
              Category:downloaded
              Size (bytes):2048
              Entropy (8bit):4.886793296383126
              Encrypted:false
              SSDEEP:
              MD5:3165AF715E6BA5CA2B00F9AB5277CC8C
              SHA1:99697540AAC85B979624E1A09483418A4C30BD11
              SHA-256:08034C30A67418DD7BFF599A0EA4ECB87315D485ADB3BD1774AFC36B33705317
              SHA-512:9B62C145664DA8EE0C6B8C719B7468848F1E1F87CBD9DAFBBF878FCCE9F72E5569A7FCA13C01FC408ADB6B8C5B4F2393BBB93B5077BA02CA816C2DE7937EFA5E
              Malicious:false
              Reputation:unknown
              URL:https://ca.docusign.net/Signing/StyleSheetsDev/ErrorExpired.css
              Preview:..btn {.. background: #111;.. border: 1px solid #111;.. border-radius: 2px;.. cursor: pointer;.. color: #fff;.. display: inline-block;.. font-family: "Maven Pro","Helvetica Neue",HelveticaNeue,Helvetica,Arial,sans-serif;.. font-size: 12px;.. letter-spacing: .6px;.. line-height: 1;.. min-width: 55px;.. margin: 0;.. padding: 7px 14px;.. position: relative;.. text-align: center;.. text-decoration: none!important;.. text-transform: uppercase;.. font-weight: bold;..}.....btn-main, .btn-main.disabled:hover, .btn-main[disabled]:hover {.. background: #ffc820;.. border-color: #ffc820;.. color: #333;..}.....btn-lg {.. font-size: 14px;.. padding: 9px 18px;..}.....expireActionDiv {.. float: left;.. width:50%;..}.....expireActionDiv .newLink {.. margin-left: 50px;..}.....expireActionAccountless{.. text-align: center;..}.....expireActionAccountless .newLink{..}.....freshLink {.. margin-top: 10px;..}.....expireActio

              Chrome Cache Entry: 104

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (13479), with CRLF line terminators
              Category:dropped
              Size (bytes):13579
              Entropy (8bit):5.27337657330958
              Encrypted:false
              SSDEEP:
              MD5:2779F5D2F1F22353C726240E530016CC
              SHA1:2B3F380F212C8C64E79DB1F47FA25C114AFE6FBB
              SHA-256:16496529F57AC8915F194E00479B04AF942C33D7897BCFD9A55DD072BBEC1411
              SHA-512:14F4E6DB8D21EFA0A01DFE6AC5C6941807B3DA8875864D736476D480167A9C7B02E60E8BE19CC2F9526B3027684661F5B11D36D3A9D44096DF86B120AF8904E6
              Malicious:false
              Reputation:unknown
              Preview:/*! jQuery Migrate v3.4.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */.."undefined"==typeof jQuery.migrateMute&&(jQuery.migrateMute=!0),function(t){"use strict";"function"==typeof define&&define.amd?define(["jquery"],function(e){return t(e,window)}):"object"==typeof module&&module.exports?module.exports=t(require("jquery"),window):t(jQuery,window)}(function(s,n){"use strict";function e(e){return 0<=function(e,t){for(var r=/^(\d+)\.(\d+)\.(\d+)/,n=r.exec(e)||[],o=r.exec(t)||[],a=1;a<=3;a++){if(+o[a]<+n[a])return 1;if(+n[a]<+o[a])return-1}return 0}(s.fn.jquery,e)}s.migrateVersion="3.4.1";var t=Object.create(null);s.migrateDisablePatches=function(){for(var e=0;e<arguments.length;e++)t[arguments[e]]=!0},s.migrateEnablePatches=function(){for(var e=0;e<arguments.length;e++)delete t[arguments[e]]},s.migrateIsPatchEnabled=function(e){return!t[e]},n.console&&n.console.log&&(s&&e("3.0.0")&&!e("5.0.0")||n.console.log("JQMIGRATE: jQuery 3.x-4.x REQUIRED"),s.migrateWarning

              Chrome Cache Entry: 105

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
              Category:downloaded
              Size (bytes):326
              Entropy (8bit):6.860674885804344
              Encrypted:false
              SSDEEP:
              MD5:AFE00DB89CE086B91A541C227EDBF136
              SHA1:961B2EE6FB39C4D515BDC49EC1BA688B0916F104
              SHA-256:E11827C678AF8519E702F364E525AC34509CAD49F8D839677E089949EDDA060E
              SHA-512:85F265A917E83BA92FEDB2152FBFADA273FCFF2937A85B080641307FD2E61D0138493162883E016796C9F68062A01D79DA60F546EFC2CB1FB4078760EB3451F0
              Malicious:false
              Reputation:unknown
              URL:https://docucdn-a.akamaihd.net/olive/images/2.63.0/global-assets/ds-icons-favicon-default-16x16.png
              Preview:.PNG........IHDR................a....pHYs.................sRGB.........gAMA......a.....IDATx.....0...Uq...UP.|..v.K.>.O`.$.[.B....'pvJ}..B..P.h...I.!.rs.%.$....O"r!.I.m....J..........U.. ..F[.....j4<...6.b6.T!x..Y..]..;._.,..........K.F..b.~.$..M.......M....,...i....*.z...x8."C.r.{.2~.~........x...B.G.6.....IEND.B`.

              Chrome Cache Entry: 107

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:SVG Scalable Vector Graphics image
              Category:downloaded
              Size (bytes):3728
              Entropy (8bit):4.718277261919778
              Encrypted:false
              SSDEEP:
              MD5:EC396047518A7FEF11D53D1B4F6BE65B
              SHA1:E3BEC4CDAF5567641517A23019ADBFA2328B0A7F
              SHA-256:8F77CFC832517C619BC1B8D82A6A478EE18D97442B4C78B006B0286CEC91E1A8
              SHA-512:34AD62B5CC5EE5C950F340D65800102AE1CD06D34D24A611E7AC2CB9F23308AC96AC669D3B226C258DC6F862D985030EC3D5BB29609ECFEDF34E14F8F48529EB
              Malicious:false
              Reputation:unknown
              URL:https://docucdn-a.akamaihd.net/olive/images/2.63.0/global-assets/ds-logo-default.svg
              Preview:<?xml version="1.0" encoding="utf-8"?>. Generator: Adobe Illustrator 28.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->.<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px".. viewBox="0 0 1200 241.4" style="enable-background:new 0 0 1200 241.4;" xml:space="preserve">.<style type="text/css">...st0{fill:#4C00FF;}...st1{fill:#FF5252;}.</style>.<g>..<g>...<g>....<path d="M1169.2,109.7v78.7h-28.9v-73.5c0-17.9-7.7-27.9-22.7-27.9s-24.9,10.5-27.7,28.1c-0.8,4.2-1,10.7-1,24.4v48.8H1060v-125.....h25.6c0.1,1.1,0.7,12.3,0.7,13c0,0.9,1.1,1.4,1.8,0.8c10.6-8.4,22.3-16.2,38.6-16.2C1153.5,60.9,1169.2,79,1169.2,109.7z"/>....<path d="M1013.4,63.4l-0.9,14.3c-0.1,0.9-1.2,1.4-1.8,0.8c-3.5-3.3-16.4-17.5-38.3-17.5c-31.4,0-54.5,27.1-54.5,63.9l0,0.....c0,37.3,22.9,64.5,54.5,64.5c21.1,0,34-13.7,36.4-16.7c0.7-0.8,2-0.3,2,0.7c-0.3,3.8-0.8,13.3-4,21.4c-4,10.2-13,19.7-31.1,19.7.....c-14.9,0-28.1-5.7-40.6-17.9L920,217.3c13.7,15.5,35

              Chrome Cache Entry: 87

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:SVG Scalable Vector Graphics image
              Category:downloaded
              Size (bytes):3896
              Entropy (8bit):4.786686051422741
              Encrypted:false
              SSDEEP:
              MD5:855476199961A10981ADCA7432CEC048
              SHA1:7995725A0CAC73EB6A2A1B5A8D5B162DBF47988E
              SHA-256:6DD60FAA0E35F2DFE342C452ED414A084D384D11793BD0F0EB03C2B1C6F1405C
              SHA-512:A9E61582FA18BCC1DD57DE8A7C194BAB0D6F733897F541A6E13B94906ADC115D65004F5A2649919FA8B8545F0C67C9313A14EAEAF42C34F630DA13CD38E17994
              Malicious:false
              Reputation:unknown
              URL:https://docucdn-a.akamaihd.net/olive/images/2.63.0/global-assets/ds-logo-inverse.svg
              Preview:<?xml version="1.0" encoding="utf-8"?>. Generator: Adobe Illustrator 28.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->.<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px".. viewBox="0 0 1200 241.4" style="enable-background:new 0 0 1200 241.4;" xml:space="preserve">.<style type="text/css">...st0{fill:#FFFFFF;}...st1{fill:#4C00FF;}...st2{fill:#FF5252;}.</style>.<g>..<g>...<g>....<path class="st0" d="M1169.2,109.7v78.7h-28.9v-73.5c0-17.9-7.7-27.9-22.7-27.9s-24.9,10.5-27.7,28.1c-0.8,4.2-1,10.7-1,24.4.....v48.8H1060v-125h25.6c0.1,1.1,0.7,12.3,0.7,13c0,0.9,1.1,1.4,1.8,0.8c10.6-8.4,22.3-16.2,38.6-16.2.....C1153.5,60.9,1169.2,79,1169.2,109.7z"/>....<path class="st0" d="M1013.4,63.4l-0.9,14.3c-0.1,0.9-1.2,1.4-1.8,0.8c-3.5-3.3-16.4-17.5-38.3-17.5c-31.4,0-54.5,27.1-54.5,63.9.....l0,0c0,37.3,22.9,64.5,54.5,64.5c21.1,0,34-13.7,36.4-16.7c0.7-0.8,2-0.3,2,0.7c-0.3,3.8-0.8,13.3-4,21.4.....c-4,10.2-13,19.7-31.1,19.7

              Chrome Cache Entry: 88

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with CRLF line terminators
              Category:downloaded
              Size (bytes):4739
              Entropy (8bit):4.736490039075709
              Encrypted:false
              SSDEEP:
              MD5:4B86605C4B80FA75342703878E7DFF13
              SHA1:6EF59F904C58E88B3E143BA3DA464AFE63FDC188
              SHA-256:2F186CDFA13B6CA51F69D44BAC8A7D5B69E1D5409A68D21F5768A87C6DFDB3A1
              SHA-512:B493241426AB5A1B75D1455720E84AB27A2B7E176FDF782ECB14B26004F5553FD306DCAE14C17CE788891FDBCAE9A32A5E22CB187C6BCE66486B89A0E5028AD9
              Malicious:false
              Reputation:unknown
              URL:https://ca.docusign.net/Signing/StyleSheets/Framework.css
              Preview:/*-----------------------*/..../* needs brackets to swallow error on dev */..{..}..../* This file contains the styles needed for the 2014 rebrand */..html {.. /* Prevent font scaling in landscape while allowing user zoom */.. /* Use 100% here, NEVER none. See http://blog.55minutes.com/2012/04/iphone-text-resizing/ */.. -webkit-text-size-adjust: 100%;..}..body {.. margin: 0;.. background-image: none;.. background-color: #EAEAEA;.. font-family: "Helvetica Neue", Arial, sans-serif !important;..}...Header {.. display: none;..}...scroll-area {.. position: absolute;.. overflow: auto;.. overflow-x: hidden;.. top: 0;.. left: 0;.. right: 0;.. bottom: 0;.. min-width: 1024px;..}...scroll-area, .Border.scroll-area {.. overflow-x: auto;..}...scroll-container {.. border-bottom: none;.. position: static;..}...clear {.. clear: both;..}..../* site content - centered w/ max-width and padding */...site-content {.. margin: 0 auto;.. max-wid

              Chrome Cache Entry: 90

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:Web Open Font Format, CFF, length 33752, version 0.0
              Category:downloaded
              Size (bytes):33752
              Entropy (8bit):7.984139047245452
              Encrypted:false
              SSDEEP:
              MD5:4DE7535F6F5DF8D5437C21C068DDB0EC
              SHA1:3553204B4624CA41CF1C4F3BD9B37D8C968CBA23
              SHA-256:8F6A520A392FF62149E5FC5AA87BFAB9B3816CD6010D4D4FCA194E8683CA498B
              SHA-512:E2A9B45F69BD1CBCF0D5F3710BECFACF6A28AF0A9FD034262F6AF4803628DADCE4C2FCC385758F88130AB68D362F3694ED786D0971CF7FD7E8FAF6CD1C2860DE
              Malicious:false
              Reputation:unknown
              URL:https://docucdn-a.akamaihd.net/production/1ds/widgets/@ds/signing/24.6.60-5/fonts/maven-pro/MavenPro-Bold.woff
              Preview:wOFFOTTO...........x........................CFF ......Om......FFTM...h........Z...GDEF..T........ ....GPOS..TH..-....DiP}7GSUB..T(... ... l.t.OS/2.......H...`...Ccmap.......|....#G..head...0...3...6....hhea...d... ...$.U.>hmtx.......Q...X.Xl7maxp..............P.name.......4....N...post........... .j.fx.c`d```d8...l<..W.n...8..2.F.../..)...:..&.(..v...x.c`d``../........g.2.EP.5.......P.....x.c`b.......u..1...<.f........p...).,*fP`P...._....N.u05..X.@r.L.GP..x.m.1O.A.....(...XL...K...*.+.[...-..@.A....6..K...e#.x..|.......^.p..PzV...s...=7q.O..z..+.xn.R=Q.....m.Y.......s..><........6n..c.lq@..klPC.....!".,AJ.`N.e.&.L....F..7g..&..w<.J...P..M-..@.Q.Kz.yn.)dRg...B..J...v:....gR.vFC..N.2....PF0..=.)V.,..{..LY.g"...;9..]p..2n!f....IW67..a.%.mO..-......iXax.c```f.`..F..8..1..,..........P..a)........L..(.(H).)().)X).QTz..........@....1.AU.+H(.UZBU2.................n...}.`...V=X.`.I...Q8.z..*..#..A.L.,.l...\.<.|...B.".b...R.2.r...J.*.j...Z.:.z...F.&.f...V.6.v...N...n...

              Chrome Cache Entry: 92

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text
              Category:downloaded
              Size (bytes):119869
              Entropy (8bit):4.18401975910281
              Encrypted:false
              SSDEEP:
              MD5:ECE7A224F69AB2205D90900589AE1D05
              SHA1:3D861B816A5DA892C8A88D5755A5537C036239DE
              SHA-256:FFA8C6A4CE199BFD9E32B05E0E4DECE330C6A577FB3A0E8518291619C658C486
              SHA-512:EEF4BDD54AF95BE42224FFE605BB627293DAEA0C58A50B328ACC8B56040C81FDCB5EC8406F56856FC617A552E4D6DD28BB892467666889D27F03EE8BFCD16D7B
              Malicious:false
              Reputation:unknown
              URL:https://docucdn-a.akamaihd.net/v/static/mixpanel-2-2-1b.js
              Preview:/*. * DocuSign modified version of Mixpanel JS Library v2.2.1. * $initial_referer and $referer have been removed, as not to send any senstive information. * $initial_referring_domain and referring_domain have been retained.. *. * Mixpanel JS Library v2.2.1. *. *. * Copyright 2012, Mixpanel, Inc. All Rights Reserved. * http://mixpanel.com/. *. * Includes portions of Underscore.js. * http://documentcloud.github.com/underscore/. * (c) 2011 Jeremy Ashkenas, DocumentCloud Inc.. * Released under the MIT License.. */..// ==ClosureCompiler==.// @compilation_level ADVANCED_OPTIMIZATIONS.// @output_file_name mixpanel-2.2.min.js.// ==/ClosureCompiler==../*.Will export window.mixpanel.*/../*.SIMPLE STYLE GUIDE:..this.x == public function.this._x == internal - only use within this file.this.__x == private - only use within the class..Globals should be all caps.*/.(function(mixpanel) {. /*. * Saved references to long variable names, so that closure compiler can. * minimize file size.. */. var

              Chrome Cache Entry: 93

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:Web Open Font Format, TrueType, length 37560, version 1.0
              Category:downloaded
              Size (bytes):37560
              Entropy (8bit):7.986336222628645
              Encrypted:false
              SSDEEP:
              MD5:B9D0556A2C620A939D54C63BE3DF6C6C
              SHA1:97968884D4C5A93C46AB1334CE9E9156C694EA4D
              SHA-256:90973DB3F26FE86B648EC735F3183B44902E5CEDF2B1A042402BAC39DA70404F
              SHA-512:37B59878D38EC5E9CEFB9877E53D616696FE430298CE4F26D61DBBD7402F2867554E25DBD78BA95C445BC145EA469895BE43E2BD30C1906B8D27D8AF14E84EDA
              Malicious:false
              Reputation:unknown
              URL:https://docucdn-a.akamaihd.net/production/1ds/widgets/@ds/signing/24.6.60-5/fonts/helvetica-neue/HelveticaNeue-Bold.woff
              Preview:wOFF..............=4........................LTSH............F.jOS/2...8...V...`e<..VDMX.......m....sPz.cmap...............cvt .......>...>....fpgm...........b2Msfgasp................glyf......m'...h/z..hdmx..u@.......(..'.head.......6...6..2.hhea....... ...$...Ghmtx...(.......x.j..kern...$.......<...loca.............i.vmaxp....... ... ....name.......e.......post........... ...2prep... ............x.5.!..0.....6.....y......"d...H8.....;...vg."3.v../..^.,...m...c.d[.N5.. ..x...xSH...I.*...H...g.,(.....[J.80.#.a...M<.......n.....)..}J.F.qc_1N....iD?....x.c`f.a.........................9X.@....A_......|<...........N0.g...3..X.N1(.!...J.h..x...c`.....w.....m.p..m..k..Zm............@..#..N..N...d...$3.Yf!.."..ld....s....IN..\27.e....4.O.'.,@.Y.....,....E(".RT....P...%dIJ.R...)m...,KYY.r.<.e.*X...(+QIV..T...J...Ue5...2..T.5.!kQS...Cm...ud=.....R_6.....a#...4.Mh,...biFS.f...eKZX...R...lMk.FF.6..me{.......`Qt...L'..+]d7.Z$..&{.]....EO.^.A.z.....+.....@.9..r...

              Chrome Cache Entry: 94

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:Web Open Font Format, TrueType, length 47748, version 1.0
              Category:downloaded
              Size (bytes):47748
              Entropy (8bit):7.989435227374723
              Encrypted:false
              SSDEEP:
              MD5:4A573FAC9111D6ADCB3994983539BD75
              SHA1:69BEBEFE9EDEAC85CC27516DBE0EA176C1C2C25C
              SHA-256:DAC5803D6CBE40244DFD39661406239F83E94E86C976E7229A4E35305A9B5EFE
              SHA-512:6ADF6B31AE697E2CFF767BD613E2F787EBB088749EA5D8263044188EA020336ED1368C9EA9C39A19C70B7D96226B018F50C0E319EED1E6A6DBD9F32BCFA2E064
              Malicious:false
              Reputation:unknown
              URL:https://docucdn-a.akamaihd.net/production/1ds/widgets/@ds/signing/24.6.60-5/fonts/helvetica-neue/HelveticaNeue.woff
              Preview:wOFF........................................LTSH............._gOS/2.......V...`e8..VDMX...l...g....r.z$cmap...............cvt .......F...F.C..fpgm...........b2Msfgasp................glyf..........MlS...hdmx...|...~...(...vhead.......6...6..1yhhea...4... ...$...Fhmtx...T.......x.h"fkern...L........v.v.loca.......g...|....maxp...8... ... ....name...X...b........post........... ...2prep...........*...\x.].1..0.E....l...*....z.w..\.....q...)....o+.K)...4...n\Y.....A.J8.%6.4..6[.1.{...f.?.#.?..<...c..sA>Q..g.L......z....N3!x.c`f.e..........................X.@....A_......|<...........N0.`...3..X.N1(.!...D.4..x...ex...F..?....%.AB:......)..FB..s06V,...m.........d!.....FV..w..Mf'..A......\..-.G.%..G>.J~.....) .Q.P.B...eQ..b...)f.)AqY....%...)%.PZ...,GYY.r...eE*X&..(+SIV...J...Ueu...T.5.!kQ..M-Y...u,.z.......eC..F4..id.4..l...Md3...4..Z.\......-ekZY2?.Z.qlK....H;......h/;:.B.K...eg:..t.]......NW.n.'.e/zX...)..K.....>..}....'.._.t...9..........1D..q.g...09...wF.Q2...c.%.2

              Chrome Cache Entry: 95

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:PNG image data, 10 x 10, 8-bit/color RGBA, non-interlaced
              Category:downloaded
              Size (bytes):2961
              Entropy (8bit):7.876188909726169
              Encrypted:false
              SSDEEP:
              MD5:C863DB426897325CB4805B2C20F51F30
              SHA1:A426FE43F0CE1A489CE091CC27768CDCC2991210
              SHA-256:2A5179B8851C8E3DFC77D7DCB33B3963AFA037608336D6AE412ACAA38AD59D22
              SHA-512:90DA76303CDE0B81F183709D94DC96B5C3EA7B7766948AF5B81E1EBE4B887012FC611F6A0CFC50873E80AF7B73077F7CB8BD5F254A4F4848C632A68733522A68
              Malicious:false
              Reputation:unknown
              URL:https://ca.docusign.net/Signing/Images/controls/btn_arrow_u.png
              Preview:.PNG........IHDR..............2.....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0..z..0... ..Q.f......Ml..@D...E......H..b!(.`.H.Pb0...dF.J|yy.......g.s..{....$O../... .'..z8.W.G....x....0Y.A..@$/7.z........H..e..O...O.T...._..lN:K.."N.....3"..$..F../JP.rb.[.}..Q..d.[..S..l1..x{..#b.G...\N..o.X3I....[ql2.....$..8.x.......t..r.p../8...p...C...f.q....K.njm.{r2.8...?......).L^6..g.,.qm."[.Z[Z....~Q....7%.."....3......R..`.j...[.~.:.. w....!.$E}k...yh.y...Rm..333..........:..}.=#.v.....e...tq.X)I)B>==......<..8..X....9<QD.h..8Q.yl....sy....0.OZ.k.(...5..H....>.....yP..........:.8......p.........Lg....k.k...$.......t.!0.V..8.7....`.........2A....@.....JP..A#h.'@.8.....:....`....`......a!2D..!UH.2.. .d..A>P ..ECq...B.....*.*.Z....:.]..B..=h...~....L...2...........5p.......N..........:|......@...QC.....!.H,.G6 .H9R.. ]H/r..A..w(......Q.(OT...JCm@..*QGQ...-.(j...MF+...6h/.*t.:.]..G7....w...7......Xa<1..

              Chrome Cache Entry: 96

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text
              Category:downloaded
              Size (bytes):1560
              Entropy (8bit):4.907629248595504
              Encrypted:false
              SSDEEP:
              MD5:94EFE1DF326362EF2423F447B0E07A42
              SHA1:C20C4A130A6C2BDF8D513FD82FDDF7EBE7050519
              SHA-256:FF2A6FD9F9B72C4D8292FD00F48D8BE351FFA3F81C0A25D0A4ED5D5296092765
              SHA-512:4E800BB76B3E3A84780700107456833394D7ABA46574C4619AFD694AF19D28CD1D88710F02C74DBF7054276C3B9E426277B0DF00C50C7B257F493185B631D36B
              Malicious:false
              Reputation:unknown
              URL:https://docucdn-a.akamaihd.net/production/1ds/widgets/@ds/signing/24.6.60-5/css/font-faces.css?cs=94f18f29
              Preview:/** mix ins **/..list-no-style {. list-style: none;. padding-left: 0;.}.@font-face {. font-family: 'Maven Pro';. src: url('../fonts/maven-pro/MavenPro-Regular.eot');. src: url('../fonts/maven-pro/MavenPro-Regular.eot?#iefix') format('embedded-opentype'), url('../fonts/maven-pro/MavenPro-Regular.woff') format('woff'), url('../fonts/maven-pro/MavenPro-Regular.ttf') format('truetype');. font-weight: normal;. font-style: normal;.}.@font-face {. font-family: 'Maven Pro';. src: url('../fonts/maven-pro/MavenPro-Bold.eot');. src: url('../fonts/maven-pro/MavenPro-Bold.eot?#iefix') format('embedded-opentype'), url('../fonts/maven-pro/MavenPro-Bold.woff') format('woff'), url('../fonts/maven-pro/MavenPro-Bold.ttf') format('truetype');. font-weight: bold;. font-style: normal;.}.@font-face {. font-family: 'Helvetica Neue';. src: url('../fonts/helvetica-neue/HelveticaNeue.eot');. src: url('../fonts/helvetica-neue/HelveticaNeue.eot?#iefix') format('embedded-opentype'), url('../fonts/hel

              Static File Info

              General

              File type:RFC 822 mail, ASCII text, with very long lines (2605), with CRLF line terminators
              Entropy (8bit):5.972257819565934
              TrID:
              • E-Mail message (Var. 5) (54515/1) 100.00%
              File name:Salary Increment.eml
              File size:20'112 bytes
              MD5:fa447e06a2d08f74dd246032658c73ec
              SHA1:454ba3b070fe26a4258fe19b2bcf80762d22964d
              SHA256:e60547863731636c6693d7b74f14f4424e381db16f48f9d1d84c34603d887f6c
              SHA512:19ebbea1d70240c02b862c565c80dba66f467a164a4fd9b576e7a5b3f1f896be91b4c74dc5d1a5c4c03fd9a118169b5505e9ead00452b11cbe71b0a93710bf78
              SSDEEP:384:29C0zG6op26bN17bzE65GGXpof7OmcGsC1fE7G8kL6eE:29C0i267/RpofxNTQReE
              TLSH:D7922BB1415014EB2DB66349B0117DC6B5A10CCF4AF1E8E9F82BA5146CEFD732B1A78E
              File Content Preview:Received: from SJ2PR16MB5891.namprd16.prod.outlook.com.. (2603:10b6:a03:577::8) by CYYPR16MB5508.namprd16.prod.outlook.com with.. HTTPS; Fri, 23 Aug 2024 14:18:53 +0000..Received: from PH7P220CA0153.NAMP220.PROD.OUTLOOK.COM.. (2603:10b6:510:33b::15) by SJ

              Static Mail

              General

              Subject:Salary Increment
              From:Docusign Services via Docusign <dse@camail.docusign.net>
              To:Mauricio Ramirez <mramirez@murexltd.com>
              Cc:
              BCC:
              Date:Fri, 23 Aug 2024 07:18:44 -0700
              Communications:
              • EnvelopeActivationDocusign Services sent you a document to review and sign. REVIEW DOCUMENT Docusign Services humanresources3@documentsignning.comHR has introduced a new Salary Increment Policy, effective immediately. All employees must review and complete the attached enrollment form. Currently, 25% of our employees have acknowledged receipt. Our goal is 100% acknowledgment.Please review and sign the acknowledgment section in the attached form.Do Not Share This EmailThis email contains a secure link to Docusign. Please do not share this email, link, or access code with others.Alternate Signing MethodVisit Docusign.com, click 'Access Documents', and enter the security code:67AD5BE8AFC447A1AD274C759A13B5DB6 About DocusignSign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- Docusign provides a professional trusted solution for Digital Transaction Management. Questions about the Document?If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly.Stop receiving this emailReport this email or read more about Declining to sign and Managing notifications.If you have trouble signing, visit "How to Sign a Document" on our Docusign Support Center, or browse our Docusign Community for more information.Download the Docusign App This message was sent to you by Docusign Services who is using the Docusign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request. EnvelopeActivation EnvelopeActivation Docusign Services sent you a document to review and sign. REVIEW DOCUMENT Docusign Services humanresources3@documentsignning.comHR has introduced a new Salary Increment Policy, effective immediately. All employees must review and complete the attached enrollment form. Currently, 25% of our employees have acknowledged receipt. Our goal is 100% acknowledgment.Please review and sign the acknowledgment section in the attached form.Do Not Share This EmailThis email contains a secure link to Docusign. Please do not share this email, link, or access code with others.Alternate Signing MethodVisit Docusign.com, click 'Access Documents', and enter the security code:67AD5BE8AFC447A1AD274C759A13B5DB6 About DocusignSign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- Docusign provides a professional trusted solution for Digital Transaction Management. Questions about the Document?If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly.Stop receiving this emailReport this email or read more about Declining to sign and Managing notifications.If you have trouble signing, visit "How to Sign a Document" on our Docusign Support Center, or browse our Docusign Community for more information.Download the Docusign App This message was sent to you by Docusign Services who is using the Docusign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request. Docusign Services sent you a document to review and sign. REVIEW DOCUMENT Docusign Services humanresources3@documentsignning.comHR has introduced a new Salary Increment Policy, effective immediately. All employees must review and complete the attached enrollment form. Currently, 25% of our employees have acknowledged receipt. Our goal is 100% acknowledgment.Please review and sign the acknowledgment section in the attached form.Do Not Share This EmailThis email contains a secure link to Docusign. Please do not share this email, link, or access code with others.Alternate Signing MethodVisit Docusign.com, click 'Access Documents', and enter the security code:67AD5BE8AFC447A1AD274C759A13B5DB6 About DocusignSign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- Docusign provides a professional trusted solution for Digital Transaction Management. Questions about the Document?If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly.Stop receiving this emailReport this email or read more about Declining to sign and Managing notifications.If you have trouble signing, visit "How to Sign a Document" on our Docusign Support Center, or browse our Docusign Community for more information.Download the Docusign App This message was sent to you by Docusign Services who is using the Docusign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request. Docusign Services sent you a document to review and sign. REVIEW DOCUMENT Docusign Services humanresources3@documentsignning.comHR has introduced a new Salary Increment Policy, effective immediately. All employees must review and complete the attached enrollment form. Currently, 25% of our employees have acknowledged receipt. Our goal is 100% acknowledgment.Please review and sign the acknowledgment section in the attached form.Do Not Share This EmailThis email contains a secure link to Docusign. Please do not share this email, link, or access code with others.Alternate Signing MethodVisit Docusign.com, click 'Access Documents', and enter the security code:67AD5BE8AFC447A1AD274C759A13B5DB6 About DocusignSign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- Docusign provides a professional trusted solution for Digital Transaction Management. Questions about the Document?If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly.Stop receiving this emailReport this email or read more about Declining to sign and Managing notifications.If you have trouble signing, visit "How to Sign a Document" on our Docusign Support Center, or browse our Docusign Community for more information.Download the Docusign App This message was sent to you by Docusign Services who is using the Docusign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request. Docusign Services sent you a document to review and sign. REVIEW DOCUMENT Docusign Services humanresources3@documentsignning.comHR has introduced a new Salary Increment Policy, effective immediately. All employees must review and complete the attached enrollment form. Currently, 25% of our employees have acknowledged receipt. Our goal is 100% acknowledgment.Please review and sign the acknowledgment section in the attached form.Do Not Share This EmailThis email contains a secure link to Docusign. Please do not share this email, link, or access code with others.Alternate Signing MethodVisit Docusign.com, click 'Access Documents', and enter the security code:67AD5BE8AFC447A1AD274C759A13B5DB6 About DocusignSign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- Docusign provides a professional trusted solution for Digital Transaction Management. Questions about the Document?If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly.Stop receiving this emailReport this email or read more about Declining to sign and Managing notifications.If you have trouble signing, visit "How to Sign a Document" on our Docusign Support Center, or browse our Docusign Community for more information.Download the Docusign App This message was sent to you by Docusign Services who is using the Docusign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request. Docusign Services sent you a document to review and sign. REVIEW DOCUMENT Docusign Services humanresources3@documentsignning.comHR has introduced a new Salary Increment Policy, effective immediately. All employees must review and complete the attached enrollment form. Currently, 25% of our employees have acknowledged receipt. Our goal is 100% acknowledgment.Please review and sign the acknowledgment section in the attached form.Do Not Share This EmailThis email contains a secure link to Docusign. Please do not share this email, link, or access code with others.Alternate Signing MethodVisit Docusign.com, click 'Access Documents', and enter the security code:67AD5BE8AFC447A1AD274C759A13B5DB6 About DocusignSign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- Docusign provides a professional trusted solution for Digital Transaction Management. Questions about the Document?If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly.Stop receiving this emailReport this email or read more about Declining to sign and Managing notifications.If you have trouble signing, visit "How to Sign a Document" on our Docusign Support Center, or browse our Docusign Community for more information.Download the Docusign App This message was sent to you by Docusign Services who is using the Docusign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request. Docusign Services sent you a document to review and sign. REVIEW DOCUMENT Docusign Services humanresources3@documentsignning.comHR has introduced a new Salary Increment Policy, effective immediately. All employees must review and complete the attached enrollment form. Currently, 25% of our employees have acknowledged receipt. Our goal is 100% acknowledgment.Please review and sign the acknowledgment section in the attached form.Do Not Share This EmailThis email contains a secure link to Docusign. Please do not share this email, link, or access code with others.Alternate Signing MethodVisit Docusign.com, click 'Access Documents', and enter the security code:67AD5BE8AFC447A1AD274C759A13B5DB6 About DocusignSign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- Docusign provides a professional trusted solution for Digital Transaction Management. Questions about the Document?If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly.Stop receiving this emailReport this email or read more about Declining to sign and Managing notifications.If you have trouble signing, visit "How to Sign a Document" on our Docusign Support Center, or browse our Docusign Community for more information.Download the Docusign App This message was sent to you by Docusign Services who is using the Docusign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request. Docusign Services sent you a document to review and sign. REVIEW DOCUMENT Docusign Services humanresources3@documentsignning.comHR has introduced a new Salary Increment Policy, effective immediately. All employees must review and complete the attached enrollment form. Currently, 25% of our employees have acknowledged receipt. Our goal is 100% acknowledgment.Please review and sign the acknowledgment section in the attached form.Do Not Share This EmailThis email contains a secure link to Docusign. Please do not share this email, link, or access code with others.Alternate Signing MethodVisit Docusign.com, click 'Access Documents', and enter the security code:67AD5BE8AFC447A1AD274C759A13B5DB6 About DocusignSign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- Docusign provides a professional trusted solution for Digital Transaction Management. Questions about the Document?If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly.Stop receiving this emailReport this email or read more about Declining to sign and Managing notifications.If you have trouble signing, visit "How to Sign a Document" on our Docusign Support Center, or browse our Docusign Community for more information.Download the Docusign App This message was sent to you by Docusign Services who is using the Docusign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request. Docusign Services sent you a document to review and sign. REVIEW DOCUMENT Docusign Services sent you a document to review and sign. REVIEW DOCUMENT Docusign Services sent you a document to review and sign. REVIEW DOCUMENT Docusign Services sent you a document to review and sign. REVIEW DOCUMENT Docusign Services sent you a document to review and sign. REVIEW DOCUMENT Docusign Services sent you a document to review and sign. REVIEW DOCUMENT Docusign Services sent you a document to review and sign. Docusign Services sent you a document to review and sign. Docusign Services sent you a document to review and sign. Docusign Services sent you a document to review and sign. REVIEW DOCUMENT REVIEW DOCUMENT REVIEW DOCUMENT REVIEW DOCUMENT REVIEW DOCUMENT REVIEW DOCUMENT REVIEW DOCUMENT REVIEW DOCUMENT REVIEW DOCUMENT REVIEW DOCUMENT https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fca.docusign.net%2fSigning%2fEmailStart.aspx%3fa%3d67ad5be8-afc4-47a1-ad27-4c759a13b5db%26etti%3d24%26acct%3d40b9d5ee-3305-4c74-9e54-3b203af8461a%26er%3d19ba4987-bc67-4e67-9dd9-af8efb2162d8&c=E,1,8rygGQGA7nSApSqs8X4_zWloporzYFtMDicBZEz094bgslaJXm77ikhOfNQpp1lM-0l1ySHvOi-EfuLspM1WtYKVQcNagf_01E1SioH2KHjv-hPnAAFTAaXJ3A,,&typo=1 REVIEW DOCUMENT Docusign Services humanresources3@documentsignning.comHR has introduced a new Salary Increment Policy, effective immediately. All employees must review and complete the attached enrollment form. Currently, 25% of our employees have acknowledged receipt. Our goal is 100% acknowledgment.Please review and sign the acknowledgment section in the attached form. Docusign Services humanresources3@documentsignning.comHR has introduced a new Salary Increment Policy, effective immediately. All employees must review and complete the attached enrollment form. Currently, 25% of our employees have acknowledged receipt. Our goal is 100% acknowledgment.Please review and sign the acknowledgment section in the attached form. Docusign Services humanresources3@documentsignning.com Docusign Services humanresources3@documentsignning.com Docusign Services humanresources3@documentsignning.com Docusign Services humanresources3@documentsignning.com Docusign Services humanresources3@documentsignning.com HR has introduced a new Salary Increment Policy, effective immediately. All employees must review and complete the attached enrollment form. Currently, 25% of our employees have acknowledged receipt. Our goal is 100% acknowledgment.Please review and sign the acknowledgment section in the attached form. Do Not Share This EmailThis email contains a secure link to Docusign. Please do not share this email, link, or access code with others.Alternate Signing MethodVisit Docusign.com, click 'Access Documents', and enter the security code:67AD5BE8AFC447A1AD274C759A13B5DB6 About DocusignSign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- Docusign provides a professional trusted solution for Digital Transaction Management. Questions about the Document?If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly.Stop receiving this emailReport this email or read more about Declining to sign and Managing notifications.If you have trouble signing, visit "How to Sign a Document" on our Docusign Support Center, or browse our Docusign Community for more information.Download the Docusign App This message was sent to you by Docusign Services who is using the Docusign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request. Do Not Share This EmailThis email contains a secure link to Docusign. Please do not share this email, link, or access code with others.Alternate Signing MethodVisit Docusign.com, click 'Access Documents', and enter the security code:67AD5BE8AFC447A1AD274C759A13B5DB6 About DocusignSign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- Docusign provides a professional trusted solution for Digital Transaction Management. Questions about the Document?If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly.Stop receiving this emailReport this email or read more about Declining to sign and Managing notifications.If you have trouble signing, visit "How to Sign a Document" on our Docusign Support Center, or browse our Docusign Community for more information.Download the Docusign App This message was sent to you by Docusign Services who is using the Docusign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request. Do Not Share This EmailThis email contains a secure link to Docusign. Please do not share this email, link, or access code with others. Do Not Share This Email Alternate Signing MethodVisit Docusign.com, click 'Access Documents', and enter the security code:67AD5BE8AFC447A1AD274C759A13B5DB6 Alternate Signing Method Docusign.com https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fDocusign.com&c=E,1,adudGrRhrGdQu3B1I_XZ6HszDMeuZewZ8AWOZ3CaXjAwwwgH2QWu-qZQlxOnlZl4c_W5ZOKFySYHuhbXEXuu7VXmjoVE3JUyJTAMqMnhQhf-MUzi-EY,&typo=1&ancr_add=1 About DocusignSign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- Docusign provides a professional trusted solution for Digital Transaction Management. About Docusign Questions about the Document?If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly.Stop receiving this emailReport this email or read more about Declining to sign and Managing notifications.If you have trouble signing, visit "How to Sign a Document" on our Docusign Support Center, or browse our Docusign Community for more information. Questions about the Document? Stop receiving this email Report this email https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fprotect.docusign.net%2freport-abuse%3fe%3dAUtomjpFak9GlbPL0zFFi12TQS2OsCxTE_Yv6Ir1XWCe3sTrqUchE1Ud6A_TTBOjP9RbaS25_svU7TuhCaWz6VrYzRttYCM2OjYjbrKHerMLfPL4LhPQFxwmQNcOcfE3tutUC7AY69WB7s6jverxNJXc4P4VwqeGj7fY-Ih-58ksPdRebkE1syB6XBZ4YK7QlBl30usPSXetspKkCvceH5V3vnED7zf89AM__nfZAUTBgulNdL0kQSxnye3jrquEp7k_MErsczmRINcRA0Rkn4Ik1ZrKIf45s_vRg4PlhDC7l6IbSy7oY7K4dgKOJ2mAfniWDZfp2HbQBn2vOfrP5vZxrqGNAKLWEZWGB7g13coaOLVUhNOxgFQkd8kKfM9TFh4_aIBvkREwDvK0kWFqASHZjg1h0hpFyfPhRRO5yIgG4CM--H77_M-nm6q8SLs3Xg%26lang%3den&c=E,1,Vt7LrLzTt0FdD0g9ITRTnzWkwhvtZb0UGUmbiCChQkbkxGUvwRg-RpSL8-dp-JJw0sKyxDSTp8ifL_9cZ3uEa_46WNtPLySVLPKYQCq22H6tq4BY&typo=1 Declining to sign https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fsupport.docusign.com%2fen%2fguides%2fDeclining-to-sign-DocuSign-Signer-Guide&c=E,1,mszaO5JF98JXV9UyIaNvBbMk5oTaFECPH-x68ffdJsRQm95ZzP98NyTWzwog0pigkB8e7Tgy70kQCxvUyv72nr4KzofGtIyKDw_OHA3dYecI-Dg4&typo=1 Managing notifications https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fsupport.docusign.com%2fen%2farticles%2fHow-do-I-manage-my-email-notifications&c=E,1,XA7fTF4BTqu0VEmo-GeOyWZtbcmlgvstkkidzZMk5mzARW6mMK8spPP1ajwXle-wlqCwJ6R4qVoXsGM9quBD9jMJyAdN0ZH_9-R0eQBALGyLmdo,&typo=1 How to Sign a Document https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fsupport.docusign.com%2fs%2farticles%2fHow-do-I-sign-a-DocuSign-document-Basic-Signing%3flanguage%3den_US%26utm_campaign%3dGBL_XX_DBU_UPS_2211_SignNotificationEmailFooter%26utm_medium%3dproduct%26utm_source%3dpostsend&c=E,1,cXSsm7NpPAog6MkewrDjTJqcKxiaFQXla9c_KrxFc8X94xCarvJZD-NMefDqEfvOCbQPceuS-ew6M48gZySjzgCN849pI4lv1eE-pw4ntHohqaecTbv9VKlaqg,,&typo=1 Docusign Support Center https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fsupport.docusign.com%2f&c=E,1,WHCLMzkACVC4LP_qxjji1XvhGp6AjJ9B8Wu3RjSuxpzHDEr7bSzS2_uXnADl4PnbA-Ql0yn95jJOXvX6P-xb5g66D57-6wu3U-4l4zaIA1J_pMfDWrKwVCUxrg,,&typo=1 Docusign Community https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fcommunity.docusign.com%2fsigning-7&c=E,1,voiwZ_Gm5-7YOHqDkuO2-lUYCabfFqIfXS2tnR8Rd3U9kK1VGJKWH1T2K4ZzlaZmV-Qg8izJq0rDVy8DDS8nZnWLLIuF0qaXQmKFHSNqmCg-nUXNsVg1&typo=1 Download the Docusign App Download the Docusign App https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.docusign.com%2ffeatures-and-benefits%2fmobile%3futm_campaign%3dGBL_XX_DBU_UPS_2211_SignNotificationEmailFooter%26utm_medium%3dproduct%26utm_source%3dpostsend&c=E,1,Ehcz4WTU9IWGiWfDkt7SrBn3lP40seNxGC7TtJriK1YSjGBA6_RXLFC3RJbvPKndyXPoNbjMx_dULSnyNNwEBprZOG3NmfolnzgxOxkD80f1UdyA&typo=1 This message was sent to you by Docusign Services who is using the Docusign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request.
              Attachments:

                Headers

                Key Value
                Receivedfrom camail.docusign.net ([127.0.0.1]) by QC1FE134.CAAD.docusign.net with Microsoft SMTPSVC(10.0.17763.1697); Fri, 23 Aug 2024 07:18:44 -0700
                Authentication-Resultsspf=fail (sender IP is 209.222.82.239) smtp.mailfrom=camail.docusign.net; dkim=fail (body hash did not verify) header.d=camail.docusign.net;dmarc=fail action=oreject header.from=camail.docusign.net;compauth=none reason=451
                Received-SpfFail (protection.outlook.com: domain of camail.docusign.net does not designate 209.222.82.239 as permitted sender) receiver=protection.outlook.com; client-ip=209.222.82.239; helo=outbound-ip62b.ess.barracuda.com;
                Dkim-Signaturev=1; a=rsa-sha256; c=relaxed/simple; d=camail.docusign.net; s=mail1; t=1724422725; bh=82U+4wdIgsgKxWVyMVbS09D9ACJd/l+CzNLsJOKDkt0=; h=From; b=rucRkpIR5/ff87QghS4slG4hu+gOURon4nLRO0tYFlXwiyVdqz1dvKBey6HAO7UmZ cWmYbHgk0L8DRF+plr9XY3R3VNIkVtk17IQsTQi6F2i4kqcYOYUK5/1/Bnt85asISc sw4z6Bunfnu4b86LIIAWsGTXMHN6PFpYuXQLkUa93B5+2c1OjgjhLd5pDuusW/X/84 beWosmwdHXVK51AT92ykk3Z+Ajko1sFGIWhSh6SICvB3ffeFbtlBAwdkQ9EIdwvj2s oVbdMv9UnCpdtXe9ZfirSvahPQLLcDqGRm5XTZoFtdaYAoUkIR1HJMt6poLr4CgBcK fJoGUyqB/GMWg==
                SenderDocuSign CA System <dse@camail.docusign.net>
                Reply-ToDocusign Services <humanresources3@documentsignning.com>
                Recipient-Id19ba4987-bc67-4e67-9dd9-af8efb2162d8
                X-DebugFalse
                X-Email-Rejection-ModeLearningMode
                X-Api-Hostca.docusign.net
                Site-Id6
                X-Bounceemailversion1
                FromDocusign Services via Docusign <dse@camail.docusign.net>
                ToMauricio Ramirez <mramirez@murexltd.com>
                Message-Id<1c8f7f89b27e49e2837f2434275f1e9c@camail.docusign.net>
                DateFri, 23 Aug 2024 07:18:44 -0700
                SubjectSalary Increment
                MIME-Version1.0
                Content-Typemultipart/mixed; boundary="----sinikael-?=_1-17244290137480.6486141822597888"
                X-Originalarrivaltime23 Aug 2024 14:18:44.0759 (UTC) FILETIME=[5CC34A70:01DAF567]
                X-Bess-Id1724422726-111167-12661-1666-1
                X-Bess-Ver2019.1_20240812.1719
                X-Bess-Apparent-Source-Ip64.207.219.136
                X-Bess-Parts H4sIAAAAAAACAzXLuwqDQBCF4XeZ2mJu7oy+iqTYKzYhRbYQxHfPCqY5/Bz4th Pq0WGFPnaCzxdW5llH7eMM2HwJVpRJ2C2lsJALlhkxu2qFa/r7vb8f7+L8eCNCExWJrb SiUqtlxxRzo2jx9q8fs9TyMoEAAAA=
                Return-Pathdse@camail.docusign.net
                X-Ms-Exchange-Organization-Expirationstarttime23 Aug 2024 14:18:47.4632 (UTC)
                X-Ms-Exchange-Organization-ExpirationstarttimereasonOriginalSubmit
                X-Ms-Exchange-Organization-Expirationinterval1:00:00:00.0000000
                X-Ms-Exchange-Organization-ExpirationintervalreasonOriginalSubmit
                X-Ms-Exchange-Organization-Network-Message-Id f8c0dc13-6402-4458-ede5-08dcc37e80d6
                X-Eopattributedmessage0
                X-Eoptenantattributedmessaged5ea0ba6-3c9e-43c2-9d1e-fffeb0d842e5:0
                X-Ms-Exchange-Organization-MessagedirectionalityIncoming
                X-Ms-PublictraffictypeEmail
                X-Ms-Traffictypediagnostic SN1PEPF0002BA4B:EE_|SJ2PR16MB5891:EE_|CYYPR16MB5508:EE_
                X-Ms-Exchange-Organization-Authsource SN1PEPF0002BA4B.namprd03.prod.outlook.com
                X-Ms-Exchange-Organization-AuthasAnonymous
                X-Ms-Office365-Filtering-Correlation-Id f8c0dc13-6402-4458-ede5-08dcc37e80d6
                X-Ms-Exchange-Organization-Scl-1
                X-Ipw-GroupmemberFalse
                X-Microsoft-Antispam BCL:0;ARA:13230040|31092699021|12012899012|13102899012|5062899012|13012899012|69100299015|4092899012|5073199012|2092899012|4123199012|35002699018|3072899012|3092899012|5063199012|1032899013;
                X-Forefront-Antispam-Report CIP:209.222.82.239;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:NSPM;H:outbound-ip62b.ess.barracuda.com;PTR:outbound-ip62b.ess.barracuda.com;CAT:NONE;SFS:(13230040)(31092699021)(12012899012)(13102899012)(5062899012)(13012899012)(69100299015)(4092899012)(5073199012)(2092899012)(4123199012)(35002699018)(3072899012)(3092899012)(5063199012)(1032899013);DIR:INB;
                X-Ms-Exchange-Crosstenant-Originalarrivaltime23 Aug 2024 14:18:47.2757 (UTC)
                X-Ms-Exchange-Crosstenant-Network-Message-Id f8c0dc13-6402-4458-ede5-08dcc37e80d6
                X-Ms-Exchange-Crosstenant-Idd5ea0ba6-3c9e-43c2-9d1e-fffeb0d842e5
                X-Ms-Exchange-Crosstenant-Authsource SN1PEPF0002BA4B.namprd03.prod.outlook.com
                X-Ms-Exchange-Crosstenant-AuthasAnonymous
                X-Ms-Exchange-Crosstenant-FromentityheaderInternet
                X-Ms-Exchange-Transport-CrosstenantheadersstampedSJ2PR16MB5891
                X-Ms-Exchange-Transport-Endtoendlatency00:00:06.0094390
                X-Ms-Exchange-Processed-By-Bccfoldering15.20.7897.007
                X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
                X-Microsoft-Antispam-Message-Info tXHoQkqqwRyuG73gYH2x2MDCrB5H1hAWKL9RjhQFQlN9RmrhXEr01w6Q/Q+OTVZFIpowJxKBiHgLQkiyZaLHyaEGTuCxsUSzTXHjLDc8MvNHnlPH1IPu3RKp1RP/Nmfgtuj/Z6Yk54noTwyCe84Ug0mH6nKoHD5I+ei7ZfgBI9NjpcleSiOfPsxmPG5exTdjEtTVtaihDGiClbJHnHerVBBWcw80gMMCzxI5hAtCcN4Tii6ThS2mlJuZNAt+ODsyWeuHD3oMAEAE52Vb1tvR59zjZ+z2VqJ265jBxkqEB9Re1r/uUDkUP0Bw8gVEgqis3pw9E+A4r2wMNUEmQBp4oFccAf/RLLt7F75q92srN8Fl4xZPHXr3JIeJHwIa9d+zgFnsw7xyNyVfGSrsJxEWD5mva9F6oe47Iessj7TDIIbNk36HR35tY1/hju3P1i9IdW0qwgpEkfG6KcKfcUggxlkLmicWJZnx0y+2lFAHSb4E1vK5J5YpLv0CTrEfZI0YYcmEBKLdZcpKlvLw6SEhYog32KwPMqU0bM4q2i1HGmbLXwlTngFTQ3ja8ngxpjUa8bPbYxdgfiWc/lEMBPbJsHrniEUqylYF9U3Su1CdjuY12tMk2hvGeIT/FgTmMTrKQF1UyHfCFN7g/RDUFC4Ni1No6tLW1TiKgJL5j3k6RirBIvhTYWlEM4fCaTIzes+Y+urDSUTtUJvD4OLI59rBsixscTGfvVykuGdnTq2jbNHHIIjpJTseBGwbKSTB+cJFBdSM18oV/IVmJduC2sNnRJAcOxV2MUO3nbwrlMl2N5ucpTW4kqRz00t/910HhFn5yV0Yc4Eg2kjpVISN8QR9tIhp9aVj4ChVl5fpJEGtppGeE6FxGiV4HJLBg67zUtLhqzxQD109oDG2pHl/MDCZj95tz8d3GymRAomvZNl2fUKQUUO4EIXQyDTZVpXF2oEW7oH2Lz6rKlyFszNZJrxbBq3rcWqzspQ1h3BUJ2/VlkkkrwCCDMBBJC6uL3vR4zg2pPqkk5+R25Wh+yUB4qsgrhRkLfffWmU/X9DhBL3qT8Ci9uP8PZ+sYY5vuIOs6ghWPiQPARkMjDoQ9rOSXr6ZcXBYDF2Z3F/7I1AYEe9mNu+6DPaBOrfyIkM41lFyS+H0rhTuq43/8jWpmpnVeXBOfX4Btocvj/3T8lw9LLqKMm8omoUlZIYkQc868HCw9GNiQLi4G/C4kjhKONAZQlhdhi0onT49TpfxH7zoBvbZOUfEtWUrSMh7dIbDPwpabfCe5woksF5SAxGYieRSRq53Xlsa02E+WjSqyxaAWQJCSpkLJhfcNL3uta95cWATkCqb/SGfnhltA9tR9L3cH0QIzzKG5Nq0VpB1C+BhE7Rl9W2Nqhi8c8YcyLZU3SdWuAn2Lk4nGBSIyjzjxvJbTCa0nfyd9qDpaqjHLmL2844K6wfagDNTczv06/SY8Csxxf82DmJaecoX5aJgrHByRi2xKIaMMf6teFNFe4zFdrSuM/9bANe7bTflb4L0FcSR19ANwWCAxqUm4YYPTJxJ2J9YqxA6FzCDe2q+rm7RrSzulzsRo9z2acIFmN0vgol8CE/f0bbO9L11dpNGfGb2zNRIOgVa9nKvaSdIIIQmCvmpowKcginbDyReIYgIrrGmpV4UV0IqnY3RCVAs9cnN2JXKB+36HTXghhr4cVAFRmzBYnL41Fy4bay1bdgte2wLs7a8Gvs5kf+wziQlIf7hIJaKmEhC8d6vuC0fHM4eL+fWX2FZv/8tXOnJ6YvgZssYgG9hW9uobKjf/x1gm7WYj3iyPqUF7hz8fz7E8bX9nestQp6o+6tgeDbSjg0kJK5vq8z9Wka5vpNlm4tOTOdXxz4DISXuzQETUWtDJI6FfU0Hw5zlhMg1shS2KFM7qMncB7k052da92/RxLJepnlZiO8jaRgTlLX6jinUi4Ap4BxwvQjihlLV12oxqsdHXUgURe9xZ/t4UWm/ELBWRDNI3Yh4q2pQLopHOZ3DmLqnN+zneT/3rRGen8rEDONbiGBDKIp8ZGKKOa6RNlj8qqfEMD92e2YwaqDvNqvwWg21ZWLipl1WgCXMhL95WrqsHSrtStZI6+JbPEWgjo859Ywwj3YX5KNWzIAmcspFcmO5++AGY5Uz4b3yi0af5qKHFyGA3SbR8CHjkc7jsbwdfg2K6HL/p0L6Gk/oCXchyLMddh2jfNoQGm8+H1C/LZ3bqwQQeosY6LXiwk+mAcCoDQBThtrVE5qjeQvkonJBzixQ2grWYafNIHjRTq94ThG9JxQ5NGcpX1Hg0F2bQs4wKBFjd8kdWGcZEOSGzpU2DCdo6BJM6OyxObaQi47YgmjS52pfBQrGAydtWj7Re1e9xOTqaYogD4H2KEYBebvZ2UKI11YcNM86W95XjNRXgpVT5nFvn3upkeTHTPj64RtW7ZJ8blra0gUdPowI4LaP8xj6dco4IPd4ZmtCmytP+FSAY5S5ooCYs3GsaM98/WUG6oYlPwtz7gVj3qxJDiY3jexa2IwAAl1hqCbWqU0Py7MX8XS013RrccfQrghJWDs3ODegyPO+ES7Xg6fGSliZjVbZ8Sis0LI=
                Content-Transfer-Encoding7bit

                File Icon

                Icon Hash:46070c0a8e0c67d6