Windows Analysis Report
https://ca.docusign.net/Signing/EmailStart.aspx?a=1cdabf46-ff5a-4450-ae28-4b5293077687&etti=24&acct=938a1226-4cc2-4b96-95f9-d33be464ae6b&er=5b95ae4e-7414-40c0-b9fc-e2de228fcc1b

Overview

General Information

Sample URL:	https://ca.docusign.net/Signing/EmailStart.aspx?a=1cdabf46-ff5a-4450-ae28-4b5293077687&etti=24&acct=938a1226-4cc2-4b96-95f9-d33be464ae6b&er=5b95ae4e-7414-40c0-b9fc-e2de228fcc1b
Analysis ID:	1500772

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected landing page (webpage, office document or email)

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Classification

Signatures

Phishing

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Source: https://docucdn-a.akamaihd.net/production/1ds/widgets/@ds/signing/24.6.60-5/signing-conversations.js?cs=94f18f29

HTTP Parser: /*! for license information please see signing-conversations.js.license.txt */!function(){var e,t,n={6468:function(e,t,n){"use strict";var r=n(82068);object.defineproperty(t,"__esmodule",{value:!0}),t.default=void 0;var o=r(n(36488)),i=r(n(28636)),a=r(n(12944)),u=r(n(55552)),s=function(){function e(){(0,i.default)(this,e),(0,u.default)(this,"queue",new array),(0,u.default)(this,"workingonpromise",!1)}return(0,a.default)(e,[{key:"enqueue",value:function(e){var t=this;return new o.default((function(n,r){t.queue.push({worker:e,resolve:n,reject:r}),t.dequeue()}))}},{key:"dequeue",value:function(){var e=this;if(this.workingonpromise)return!1;var t=this.queue.shift();if(!t)return!1;try{this.workingonpromise=!0,t.worker().then((function(n){e.workingonpromise=!1,t.resolve(n),e.dequeue()})).catch((function(n){e.workingonpromise=!1,t.reject(n),e.dequeue()}))}catch(e){this.workingonpromise=!1,t.reject(e),this.dequeue()}return!0}}]),e}();t.default=s},92432:function(e,t,n){"use strict";var r=n(27828);object.definepropert...

Source: https://ca.docusign.net/Signing/?ti=1c89f53b54dd4e79bb69deb1114abc6b

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.32.114.26:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.32.114.26:443 -> 192.168.2.16:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.140.118.28:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.67:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.11.168.232:443 -> 192.168.2.16:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.11.168.232:443 -> 192.168.2.16:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.11.168.232:443 -> 192.168.2.16:49825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.11.168.232:443 -> 192.168.2.16:49843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:64475 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.16:64473 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:64473 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:64473 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:64473 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:64473 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:64473 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:64473 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:64473 -> 162.159.36.2:53

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.114.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.114.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.114.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.114.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.114.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.114.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.114.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.114.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.114.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.114.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.114.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.114.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.114.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.114.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.114.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.114.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.114.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.114.26
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 52.140.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 52.140.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 52.140.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 52.140.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 52.140.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 52.140.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 52.140.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157

Source: global traffic	DNS traffic detected: DNS query: ca.docusign.net
Source: global traffic	DNS traffic detected: DNS query: docucdn-a.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: a.docusign.com
Source: global traffic	DNS traffic detected: DNS query: api.mixpanel.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cmedthai.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 64475 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64481 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64481
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64475
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 23.32.114.26:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.32.114.26:443 -> 192.168.2.16:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.140.118.28:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.67:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.11.168.232:443 -> 192.168.2.16:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.11.168.232:443 -> 192.168.2.16:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.11.168.232:443 -> 192.168.2.16:49825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.11.168.232:443 -> 192.168.2.16:49843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:64475 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@15/57@20/139

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ca.docusign.net/Signing/EmailStart.aspx?a=1cdabf46-ff5a-4450-ae28-4b5293077687&etti=24&acct=938a1226-4cc2-4b96-95f9-d33be464ae6b&er=5b95ae4e-7414-40c0-b9fc-e2de228fcc1b
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1936,i,2858316504608736229,6758583932469063561,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1936,i,2858316504608736229,6758583932469063561,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: https://ca.docusign.net/Signing/?ti=1c89f53b54dd4e79bb69deb1114abc6b

LLM: Page with brand: 'docusign' contains button: 'CLICK HERE TO NAVIGATE TO MICROSOFT SHAREPOINT' Source: '1.1.pages.csv'

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.35	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
216.58.206.78	unknown	United States	15169	GOOGLEUS	false
2.19.126.227	unknown	European Union	16625	AKAMAI-ASUS	false
203.78.107.122	cmedthai.com	Thailand	18362	NETWAY-AS-APNetwayCommunicationCoLtdTH	false
64.233.166.84	unknown	United States	15169	GOOGLEUS	false
35.190.25.25	api.mixpanel.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.163	unknown	United States	15169	GOOGLEUS	false
52.32.246.233	arya-1323461286.us-west-2.elb.amazonaws.com	United States	16509	AMAZON-02US	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
52.235.59.100	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.186.42	unknown	United States	15169	GOOGLEUS	false
172.217.16.142	unknown	United States	15169	GOOGLEUS	false
52.235.63.109	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
cmedthai.com	203.78.107.122	true
www.google.com	142.250.186.164	true
api.mixpanel.com	35.190.25.25	true
arya-1323461286.us-west-2.elb.amazonaws.com	52.32.246.233	true
a.docusign.com	unknown	unknown
docucdn-a.akamaihd.net	unknown	unknown
ca.docusign.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ca.docusign.net/Signing/?ti=1c89f53b54dd4e79bb69deb1114abc6b	true		unknown
https://cmedthai.com/n/?c3Y9bzM2NV8xX3NwJnJhbmQ9ZW5kbFVsRT0mdWlkPVVTRVIyNjA3MjAyNFVOSVFVRTAzNDQwNzI2NTIyMDI0MjAyNDA3MjY0NDAzNTI=N0123N	false		unknown

ID:	1500772
Product:	CloudBasic
Start time:	22:15:08
Start date:	28.08.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 132	ASCII text, with very long lines (65446)	1B7989FD765DEDA931AAD2AE6025CEFA	88C1D03882FCBD47AB29F1A2D988D226AB25DB83	98103079B8C610D35DDAF8B54F550C25DDF15797939DE6553B044DA6B94D955C
Chrome Cache Entry: 133	ASCII text, with very long lines (16730)	60C8891739203B222879414B5CBA6AF9	09C147BE8B2D57DE0BDF06BCD75594DDD71A33CD	3DD9262D6897F3737282A782AE68CAE5784B757101E730B7BA03902C7BF0D66D
Chrome Cache Entry: 134	Unicode text, UTF-8 text, with very long lines (62585), with LF, NEL line terminators	D3EFF99CEA04A97B224F864884EA80D0	EBC684B388229FB8C1EA58E9D3415503F09BCF44	FC150D61EAB7067FCDDAB30BB9AFC7CC000A2D2FC2D62914775228F9EB02D4AE
Chrome Cache Entry: 135	ASCII text, with very long lines (65536), with no line terminators	2C73DD9B48CB342C5FEB81C8A378B291	FA52BCA3CF57FFE2FBA82D3C923B1A3DE1E38E76	DA90AEA8421C31DDAB9FADDF17FC9D1F7EE9B466786C8113F0C523DB8CB3F00C
Chrome Cache Entry: 138	ASCII text, with very long lines (65440)	852210D74F502D66AF3BE57676CDA2EC	696FAF513EB62175A4FEC68B2F62A3309F9A5E40	259F02A9050C3CF45821C617AD729221A6B71187EC0377BF5BEEF807BB24ED47
Chrome Cache Entry: 140	ASCII text	ECE7A224F69AB2205D90900589AE1D05	3D861B816A5DA892C8A88D5755A5537C036239DE	FFA8C6A4CE199BFD9E32B05E0E4DECE330C6A577FB3A0E8518291619C658C486
Chrome Cache Entry: 143	ASCII text, with no line terminators	C9785540787087E135E2E3256D4128E6	41BD40CDDBF7127B59A6D093F72D6EF7AC2E45D4	ADB38815ED6BC0240FFD0E7299D9CFA5860D5C662C7C2B4DAE11EF97EC951B05
Chrome Cache Entry: 145	Unicode text, UTF-8 text, with very long lines (16131)	54535F95F9A2B4FBCAA312D0009D5A33	307E809D3EB6F78643B1B97C16E52E2D4C744C25	F37BBDA737AD9A929644E6F3690A551BF21F5FAE1AB34EC3EA91BD83578A27D8
Chrome Cache Entry: 146	ASCII text, with no line terminators	AC1973A0D0A8259BFC641E1C7561C35D	C19B707A68A800CAA6A2A675496CBA77971601FB	6D18E47404C7F4578E06B80CAF2B72D93FF7BF0540161CE4ACB9E165B6D43703
Chrome Cache Entry: 147	ASCII text, with very long lines (65438)	CE9A5364A6A9D4903A98E2CCEE06CB8E	A8017DE482C013610AE0F760E7914AF09956B50D	27798DEE45F195858D9586B7DE5F9C1631C77BC46F0B4D9F99E35559EC3477E1
Chrome Cache Entry: 148	ASCII text, with very long lines (65443)	B5C1E5EFA1FA3706185A150B443597CD	8A1D8F663DFD31F3B9C40A6E8477C3ACBB09408B	8158F3FACF88CD58D10651AF31D2B365A8D5CCFB7CE2B508221A213BA873328E
Chrome Cache Entry: 151	Unicode text, UTF-8 text, with very long lines (65442)	E14F30B6C763B6E62AB14A1540876EB1	120B6A07473FB6B97C9AAC67A20146D79A4DD2E9	513E5B7C27D8AA321C51E177AA7165637BABE3F4A8777BE44082C8A59A30AE16
Chrome Cache Entry: 155	HTML document, ASCII text, with very long lines (65448)	EF54A9EF929AACF2FE9E11506E6666E2	82C066E9E8F16A49AA9BF4EBF94BF219C50DD34D	21D34320CA4ABEB159B8C46D9B51D7C9A9AC6A4679C721A63896BA17E4DF2BFD
Chrome Cache Entry: 157	Unicode text, UTF-8 text, with very long lines (63904), with LF, NEL line terminators	198911767F56FC76CD8F2F38099CA82C	2CA51A2B949D25390F8A3B69EDC717068BEE9FB4	29921AC92372BE5C4E11DEB55530550B846E7804A21628327BF56E4BB548E692
Chrome Cache Entry: 158	Unicode text, UTF-8 text, with very long lines (48118)	A040035476A2B60E44EA5FCE3ABEC6F1	8AFC11869389A7B6388081697DD409697BFA4626	E08DB0F6694E8F14BDF43E0512E5EF37BC2029934D6E56157A621B8BE5B22BB0
Chrome Cache Entry: 159	Unicode text, UTF-8 text, with very long lines (65448)	6F56C62836C5E9E69A447616672859BA	2138E7DE065D6ECCA168DBDF8072B5D0EB0AB720	D9736066410FF7A76D6ADB988CDE16EBAF644C8089BD70AE54651FC97B3C5948
Chrome Cache Entry: 160	ASCII text, with very long lines (7936)	6EC29971784F9A06CDF12DAA86F42375	FC3B66E4370196AA15B76D093CDC713BD188B30F	2BDE3D06D8D6B160477B53B1930EF10FFC6549B612F875800EC28096864A76EA
Chrome Cache Entry: 161	ASCII text, with very long lines (21531)	6B077BEC64EC774E3456B9CDAC4709F5	B30A4395905C805892E050178ECC7952D3F21639	4AE2BB8C65B424E36B0A7E1C5210ADCBCA347A7CF1F548B972E116EBDE5401DF
Chrome Cache Entry: 163	HTML document, ASCII text, with very long lines (332), with CRLF line terminators	6C4A686B33781D836C78A1CC5EEDCAA4	C940CC751C8B8F8B8D83C05CD7C38DBAA156DA01	A89489ED5D3027A77138C5605A678A0A83375AA0FDAC3C4B48D5535645A9175F
Chrome Cache Entry: 165	Web Open Font Format, TrueType, length 47748, version 1.0	4A573FAC9111D6ADCB3994983539BD75	69BEBEFE9EDEAC85CC27516DBE0EA176C1C2C25C	DAC5803D6CBE40244DFD39661406239F83E94E86C976E7229A4E35305A9B5EFE
Chrome Cache Entry: 166	ASCII text, with very long lines (10743)	082CFA3E88EA53034FCD415CBFFF8601	5018B890ECE5622286820434C3D90AFB8E24D03E	305406FCED7CF63C394822DDFCC1B2A903DE51CC62541D3C063968E679055FA0
Chrome Cache Entry: 167	Web Open Font Format, TrueType, length 13780, version 1.0	D2793531447C140874B62B7448EF7191	1CE36AA9C6445DACDFA8B597BD79A34514CC9F60	2B1A1F78DF06385464750F48AED402C315164D51FD9475E8B5A47D897CF9C084
Chrome Cache Entry: 168	ASCII text, with very long lines (65448)	03D024911E01707E0AD2BEC395CDD027	D9EA554C09F29213CE9A8089AFD841AA070531F8	AE6AEF1E390899192206E5D4AF71539CFF9083BD661A5514F84D25BDE7C8DB4D
Chrome Cache Entry: 169	ASCII text, with very long lines (10456)	832C9C4105E76D6E6D295DBF62F76D53	F417990EE78F3B3F9C80FEE16E742587BC1B2B5C	0597914CEC39C80E2678AF387900A4A7ABB1BE7D2A6D0C94860903B935FAB0CC
Chrome Cache Entry: 170	Unicode text, UTF-8 text, with very long lines (65456)	9E0C8579CC1C52BB6CAA9E6692B7CAED	D07B9C8CB93DCB4EE70CA0E96028545F5022EE52	E32BEEC367CA173B960545FE1C540FA932D7183C6A1C34C90D4F5361924B6027
Chrome Cache Entry: 173	ASCII text, with very long lines (16402)	68161CACDFD7F74EBB7AF7597DD8E850	7ACEFEB295AB703650F9EE1182D528620D8C28AC	473FDF13AE0C2DEEF522C62100A6B208E7C5AF87B1264CC9F5EA6181B6319423
Chrome Cache Entry: 174	PNG image data, 79 x 79, 8-bit/color RGB, non-interlaced	C87DA3413DAD0BC57D3F6C42C3848657	5F307E843AE7B61DBB541B55CC159386664A40F4	AE8E67BAA196F0D1A50103804DA7CC8EA1B30F97A3878F044D2EE03902D9925E
Chrome Cache Entry: 176	ASCII text, with very long lines (65443)	7D068C25364FDC0E099825417D40EB5B	E7976A9C3E25499E6931EC842B75111896FD2E55	D268565FF8CD325ECDF48AB579150D1540271DB7B2F59EFEA43B747D5EAD541A
Chrome Cache Entry: 177	very short file (no magic)	68B329DA9893E34099C7D8AD5CB9C940	ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC	01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
Chrome Cache Entry: 178	Web Open Font Format, CFF, length 33752, version 0.0	4DE7535F6F5DF8D5437C21C068DDB0EC	3553204B4624CA41CF1C4F3BD9B37D8C968CBA23	8F6A520A392FF62149E5FC5AA87BFAB9B3816CD6010D4D4FCA194E8683CA498B
Chrome Cache Entry: 180	SVG Scalable Vector Graphics image	6E132855B6DDD5C7A1FA7DAD2C9FE964	0342D3665682749F7C312B8B1EE6A169FA4C68C5	06DADA60F95EF29D2483D66D0412FF1EE698503F7E29DAE26403F6C5E071507F
Chrome Cache Entry: 181	ASCII text, with very long lines (9326)	23BE5CFF2821F8D7F3749013DC2DFCA9	07420EF522FBCA8008F7807DAB871D56CEDBE76A	11430376395B3C507EFC133CF27109FFC692235FA8DDCBC0AE1C16FBE031CE44
Chrome Cache Entry: 182	ASCII text, with very long lines (65448)	96A6CA2FAD4913CCC810608A6789B283	6A60895DE82573CE53E281B53BE66E7E39E84707	06B71875FB07BB0F9CE3FFFA882FCFA185C2982D7345D616BC2F06581433F3B8
Chrome Cache Entry: 183	ASCII text, with no line terminators	1000A6CAF7299F030F5C73974CCD617E	44C1943894BE0A43D5F1176C085F82A9CF75DAAA	BB107868145E022BC860243BF8E7144DB9F5350D02F73F9EF56F70C3B89A2BEB
Chrome Cache Entry: 184	ASCII text, with very long lines (65448)	E61C5E5782F97137D6CC54E74D59AA7A	D1BD23EE53A26036D6D786E8C97BAA6B50DBE1DD	33BD6901B4CABB45992F8945171751902D18CE06F9E81F8CEDF6E2595E109154
Chrome Cache Entry: 185	ASCII text, with very long lines (24945)	D2FB34EB8AB20068AB52DE6E23CEBA2B	F295782A4CA5F31625D03D1D8E801F10AB904C9D	0DCCFCEAD2A43D687FB2BF50C4AAF7DC98F8EE1FE8546692A58012919489C319
Chrome Cache Entry: 186	PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced	F4B52A4EB3D0CDD585A73EADE7CC734A	00BD17DB2EA7F845910C713CBFF3A6719D59A1EC	94BACE793EA5F351B65F5B2948BEB949B01FB811274A3F8EB8D52B9719A149BB
Chrome Cache Entry: 190	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	AFE00DB89CE086B91A541C227EDBF136	961B2EE6FB39C4D515BDC49EC1BA688B0916F104	E11827C678AF8519E702F364E525AC34509CAD49F8D839677E089949EDDA060E
Chrome Cache Entry: 191	GIF image data, version 89a, 44 x 44	DEBD77E543E64173837073B5751ABB08	71577CA453893F08A57A63953B836E8198D878AF	ECDF09E611F9FC3875113D06E39110DE786C9A46BB7F596F7F8AFEE1C0D75A3D
Chrome Cache Entry: 194	Unicode text, UTF-8 text, with very long lines (31005)	58EE2E9200D8E5DEEF5E96C19AC2E44C	3DD92699CAAC2FD9C5A69F47DEF56824B6A785F5	EFEA1BB1B887ADCC7BF14BD81FC4C67A485FA1B3B040832356FAADC7685CF8FA
Chrome Cache Entry: 196	Unicode text, UTF-8 text, with very long lines (62224)	0D77390DB4F86D1A7DFF4D711CF35932	AF011992FE908654AE5069A8A6559872AFDEBCA1	A2C25445BC94892982FB11324EE5736F067583739E25153184104969864E195A
Chrome Cache Entry: 202	ASCII text, with very long lines (58219)	DF87EE676A0565955D5BE9B7C2C19A76	FFD96563BBC70F4C5678945A6291DC49E4DE05A1	B2D95C0BBD4618E1F2354B2019DE010A759B572408060395580CB6AD90A77544
Chrome Cache Entry: 207	ASCII text, with very long lines (631), with no line terminators	4031E2BDD72440544E738FA4C2ADAF35	C21723AA362968775CA4CBDB5657834F4986CF8A	AE389D3B0EF0A9FF4CBCE4D7E49FB348832C00D36CE377D2E818A4B7174FD36D
Chrome Cache Entry: 209	ASCII text, with very long lines (8950)	792F7D4F8BCF143362C77BB2C396D073	9E36AF43287B38953DB32A3DB3F1FB9C5ADBA012	2D1AE53665B5B3D1CD77576AEAA9E7B81BCECD3E82B5E61AD17B61445F1BBC55
Chrome Cache Entry: 212	ASCII text, with very long lines (65448)	3990278F369C84213D5E8294E4619243	182100807062CEA5087B0681761F57EA8A7611FF	04D3B6BDF7F912023B45FDECA0BAC6B01725E9EED18830FABBD3BED1775C1D46
Chrome Cache Entry: 214	ASCII text, with no line terminators	84100B349395F367D41A8B44D0020355	676BB250F143F6C863C58C79B4CA1ABF7312DF00	5EAE3F71BE133111621E17FEE9DC04578D885A74EAF4D40AAC9634B7DB4B5459
Chrome Cache Entry: 216	Unicode text, UTF-8 text, with very long lines (65447)	B85B19147350596C738FEA6A37E9C50A	C899EDF96EA9FF7931A46C74A8D1103FEDE2CB43	54D7BE13484155900ED015357365B7765F06F2DCB6E3AFF3A83DF2B441439E61
Chrome Cache Entry: 217	ASCII text, with very long lines (11685)	CB73CB7F782B1532DCF34D9FAFA39CF2	9D460DCABFAC4A234F090E123E7DEA54E7851988	3EC96F4AA7C1ACD06F6E797490A1BB7902A957B968B7FD7DC9E3B6A5C2F4A622
Chrome Cache Entry: 219	SVG Scalable Vector Graphics image	C97430373AB9005C3A90AF1A0BE778CA	C9AF625A22C3A2A367AEE01205899BAF147596B2	5E674F5B96257920F3E7609E564B1AA0B06A9770422C9AD06D9D5E0D651608A0
Chrome Cache Entry: 223	Web Open Font Format, TrueType, length 37560, version 1.0	B9D0556A2C620A939D54C63BE3DF6C6C	97968884D4C5A93C46AB1334CE9E9156C694EA4D	90973DB3F26FE86B648EC735F3183B44902E5CEDF2B1A042402BAC39DA70404F
Chrome Cache Entry: 224	HTML document, ASCII text, with very long lines (420), with no line terminators	F01D22B84EB2B1435D2CE0B19DB40343	13B006A09153BF773A243CFD874F172AFAD6CC37	D04C071AB03032C7CB0C67FB9042D38A80BF05A319696B3D9C0F695C58C4EC2D
Chrome Cache Entry: 226	ASCII text, with very long lines (11764)	B914B1D7EBCAD8C6F1FD758D6434F551	501A512F5535C6C13B10993BF562421340C48539	824164E4FFAF8BD4C002127509121DFE423FC9FD26AD71CF29F193C7B1D081C0
Chrome Cache Entry: 227	ASCII text, with very long lines (35598)	EC65499A452C50D052C49D446C880DFA	7374D806B5D0B00D3C322EDB405045D2E7A72DE6	449B7195CF8D3584FA1D72BDE4E193630437C0A6EA118E77151433E8848947B8
Chrome Cache Entry: 228	ASCII text	7363E1A92A77C2F6AB0332C9A64CC051	B424892E6298C96B00A63BF7B3244AFC93EFDEAB	4E640814854B6E878309D5B3ADD69C450D0995CF83617BBFAFBA63EA2043CF2F
Chrome Cache Entry: 229	GIF image data, version 89a, 145 x 60	097D652B65DEC6E954C335739754FC61	83155314927200EC3B9951246D0C1C3B631B088A	00E709E22EA18FB242C2F41290179522537ABEC841EEF2655D17E02B36CFDC7A
Chrome Cache Entry: 233	Unicode text, UTF-8 text, with very long lines (65169)	9D573F17AC4EF3AECCDD53D39BF2E1F6	C699BA3A1A6C8B3B9C6D8E2F829FBBAA9D5B63AB	2277D58106DD775B052D1DB0417FC615B3312F6E7BCD2ED46349FC6FD9A997D6
Chrome Cache Entry: 234	SVG Scalable Vector Graphics image	EC396047518A7FEF11D53D1B4F6BE65B	E3BEC4CDAF5567641517A23019ADBFA2328B0A7F	8F77CFC832517C619BC1B8D82A6A478EE18D97442B4C78B006B0286CEC91E1A8

Windows Analysis Report
https://ca.docusign.net/Signing/EmailStart.aspx?a=1cdabf46-ff5a-4450-ae28-4b5293077687&etti=24&acct=938a1226-4cc2-4b96-95f9-d33be464ae6b&er=5b95ae4e-7414-40c0-b9fc-e2de228fcc1b

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://ca.docusign.net/Signing/EmailStart.aspx?a=1cdabf46-ff5a-4450-ae28-4b5293077687&etti=24&acct=938a1226-4cc2-4b96-95f9-d33be464ae6b&er=5b95ae4e-7414-40c0-b9fc-e2de228fcc1b

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://ca.docusign.net/Signing/EmailStart.aspx?a=1cdabf46-ff5a-4450-ae28-4b5293077687&etti=24&acct=938a1226-4cc2-4b96-95f9-d33be464ae6b&er=5b95ae4e-7414-40c0-b9fc-e2de228fcc1b