Edit tour

Windows Analysis Report
https://siemenshealthineerscs.na1.echosign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAApce13TZTGDlDLe0jBCCWqoS3DszWN_9GgHr-dJp53YGkgeGzhQQhZNoKCqOMFy_EiajaXXHmHU1G1sB_4DqC7H-snnlpl0QjfA2UFo8G2ukkY_Dp6ctodb6REjv344vJ&&d=DwMCaQ

Overview

General Information

Sample URL:	https://siemenshealthineerscs.na1.echosign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAApce13TZTGDlDLe0jBCCWqoS3DszWN_9GgHr-dJp53YGkgeGzhQQhZNoKCqOMFy_EiajaXXHmHU1G1sB_4DqC7H-snnlpl0QjfA2UFo8G2u
Analysis ID:	1501903

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 3564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://siemenshealthineerscs.na1.echosign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAApce13TZTGDlDLe0jBCCWqoS3DszWN_9GgHr-dJp53YGkgeGzhQQhZNoKCqOMFy_EiajaXXHmHU1G1sB_4DqC7H-snnlpl0QjfA2UFo8G2ukkY_Dp6ctodb6REjv344vJ&&d=DwMCaQ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7028 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2032,i,17075044328987245699,9808996046305581133,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://siemenshealthineerscs.na1.echosign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAApce13TZTGDlDLe0jBCCWqoS3DszWN_9GgHr-dJp53YGkgeGzhQQhZNoKCqOMFy_EiajaXXHmHU1G1sB_4DqC7H-snnlpl0QjfA2UFo8G2ukkY_Dp6ctodb6REjv344vJ&&d=DwMCaQ	HTTP Parser: No <meta name="author".. found
Source: https://siemenshealthineerscs.na1.echosign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAApce13TZTGDlDLe0jBCCWqoS3DszWN_9GgHr-dJp53YGkgeGzhQQhZNoKCqOMFy_EiajaXXHmHU1G1sB_4DqC7H-snnlpl0QjfA2UFo8G2ukkY_Dp6ctodb6REjv344vJ&&d=DwMCaQ	HTTP Parser: No <meta name="author".. found
Source: https://siemenshealthineerscs.na1.echosign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAApce13TZTGDlDLe0jBCCWqoS3DszWN_9GgHr-dJp53YGkgeGzhQQhZNoKCqOMFy_EiajaXXHmHU1G1sB_4DqC7H-snnlpl0QjfA2UFo8G2ukkY_Dp6ctodb6REjv344vJ&&d=DwMCaQ	HTTP Parser: No <meta name="author".. found

Source: https://siemenshealthineerscs.na1.echosign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAApce13TZTGDlDLe0jBCCWqoS3DszWN_9GgHr-dJp53YGkgeGzhQQhZNoKCqOMFy_EiajaXXHmHU1G1sB_4DqC7H-snnlpl0QjfA2UFo8G2ukkY_Dp6ctodb6REjv344vJ&&d=DwMCaQ	HTTP Parser: No <meta name="copyright".. found
Source: https://siemenshealthineerscs.na1.echosign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAApce13TZTGDlDLe0jBCCWqoS3DszWN_9GgHr-dJp53YGkgeGzhQQhZNoKCqOMFy_EiajaXXHmHU1G1sB_4DqC7H-snnlpl0QjfA2UFo8G2ukkY_Dp6ctodb6REjv344vJ&&d=DwMCaQ	HTTP Parser: No <meta name="copyright".. found
Source: https://siemenshealthineerscs.na1.echosign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAApce13TZTGDlDLe0jBCCWqoS3DszWN_9GgHr-dJp53YGkgeGzhQQhZNoKCqOMFy_EiajaXXHmHU1G1sB_4DqC7H-snnlpl0QjfA2UFo8G2ukkY_Dp6ctodb6REjv344vJ&&d=DwMCaQ	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.23:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49795 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203

Source: global traffic	DNS traffic detected: DNS query: siemenshealthineerscs.na1.echosign.com
Source: global traffic	DNS traffic detected: DNS query: secure.na1.echocdn.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: use.typekit.net
Source: global traffic	DNS traffic detected: DNS query: p.typekit.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.23:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49795 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@14/35@20/142

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://siemenshealthineerscs.na1.echosign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAApce13TZTGDlDLe0jBCCWqoS3DszWN_9GgHr-dJp53YGkgeGzhQQhZNoKCqOMFy_EiajaXXHmHU1G1sB_4DqC7H-snnlpl0QjfA2UFo8G2ukkY_Dp6ctodb6REjv344vJ&&d=DwMCaQ
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2032,i,17075044328987245699,9808996046305581133,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2032,i,17075044328987245699,9808996046305581133,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://siemenshealthineerscs.na1.echosign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAApce13TZTGDlDLe0jBCCWqoS3DszWN_9GgHr-dJp53YGkgeGzhQQhZNoKCqOMFy_EiajaXXHmHU1G1sB_4DqC7H-snnlpl0QjfA2UFo8G2ukkY_Dp6ctodb6REjv344vJ&&d=DwMCaQ	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
secure.na1dc1.echosign.com	3.236.206.93	true	false	unknown
siemenshealthineerscs.na1.echosign.com	3.236.206.93	true	false	unknown
www.google.com	142.250.186.36	true	false	unknown
secure.na1.echocdn.com	unknown	unknown	false	unknown
use.typekit.net	unknown	unknown	false	unknown
p.typekit.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://siemenshealthineerscs.na1.echosign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAApce13TZTGDlDLe0jBCCWqoS3DszWN_9GgHr-dJp53YGkgeGzhQQhZNoKCqOMFy_EiajaXXHmHU1G1sB_4DqC7H-snnlpl0QjfA2UFo8G2ukkY_Dp6ctodb6REjv344vJ&&d=DwMCaQ	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
3.236.206.93	secure.na1dc1.echosign.com	United States	14618	AMAZON-AESUS	false
142.250.185.99	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.250.186.36	www.google.com	United States	15169	GOOGLEUS	false
74.125.71.84	unknown	United States	15169	GOOGLEUS	false
2.16.241.8	unknown	European Union	20940	AKAMAI-ASN1EU	false
2.19.126.206	unknown	European Union	16625	AKAMAI-ASUS	false
142.250.185.227	unknown	United States	15169	GOOGLEUS	false
142.250.185.238	unknown	United States	15169	GOOGLEUS	false
142.250.185.170	unknown	United States	15169	GOOGLEUS	false
2.19.126.211	unknown	European Union	16625	AKAMAI-ASUS	false
2.19.126.198	unknown	European Union	16625	AKAMAI-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
184.25.50.136	unknown	United States	7843	TWC-7843-BBUS	false

Private

IP
192.168.2.16
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1501903
Start date and time:	2024-08-30 18:11:28 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://siemenshealthineerscs.na1.echosign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAApce13TZTGDlDLe0jBCCWqoS3DszWN_9GgHr-dJp53YGkgeGzhQQhZNoKCqOMFy_EiajaXXHmHU1G1sB_4DqC7H-snnlpl0QjfA2UFo8G2ukkY_Dp6ctodb6REjv344vJ&&d=DwMCaQ
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@14/35@20/142

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.227, 142.250.185.238, 74.125.71.84, 34.104.35.123, 2.16.241.8, 2.16.241.15
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, stls.adobe.com-cn.edgesuite.net.globalredir.akadns.net, a1815.dscr.akamai.net, clientservices.googleapis.com, clients.l.google.com, www.adobe.com, stls.adobe.com-cn.edgesuite.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://siemenshealthineerscs.na1.echosign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAApce13TZTGDlDLe0jBCCWqoS3DszWN_9GgHr-dJp53YGkgeGzhQQhZNoKCqOMFy_EiajaXXHmHU1G1sB_4DqC7H-snnlpl0QjfA2UFo8G2ukkY_Dp6ctodb6REjv344vJ&&d=DwMCaQ

LLM Input / Output

Input	Output
URL: https://siemenshealthineerscs.na1.echosign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAApce13TZTGDlDLe0jBCCWqoS3DszWN_9GgHr-dJp53YGkgeGzhQQhZNoKCqOMFy_EiajaXXHmHU1G1sB_4DqC7H-snnlpl0QjfA2UFo8G2ukkY_Dp6ctodb6REjv344vJ&&d=DwMCaQ Model: jbxai	{ "brand":["Siemens", "Adobe"], "contains_trigger_text":false, "prominent_button_name":"unknown", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://siemenshealthineerscs.na1.echosign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAApce13TZTGDlDLe0jBCCWqoS3DszWN_9GgHr-dJp53YGkgeGzhQQhZNoKCqOMFy_EiajaXXHmHU1G1sB_4DqC7H-snnlpl0QjfA2UFo8G2ukkY_Dp6ctodb6REjv344vJ&&d=DwMCaQ Model: jbxai	{ "brand":["SIEMENS", "Healthineers"], "contains_trigger_text":false, "prominent_button_name":"continue", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://siemenshealthineerscs.na1.echosign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAApce13TZTGDlDLe0jBCCWqoS3DszWN_9GgHr-dJp53YGkgeGzhQQhZNoKCqOMFy_EiajaXXHmHU1G1sB_4DqC7H-snnlpl0QjfA2UFo8G2ukkY_Dp6ctodb6REjv344vJ&&d=DwMCaQ Model: jbxai	{ "brand":["SIEMENS", "Adobe Healthineers", "Acrobat Sign"], "contains_trigger_text":false, "prominent_button_name":"Continue", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 15:11:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9922622456433654
Encrypted:	false
SSDEEP:
MD5:	015ABFE1BF65F2DED6BEFC9CC52DFD11
SHA1:	CA2EB82822D189EC5F2F3019F8B312925883C85C
SHA-256:	AFF8882804952134AFB6FE2D1B3A3B50BA9633EEFA550EEB6CF1D6896068629F
SHA-512:	2FDDDB6DF4B22BB4952A121015406202908E56529E07A503DABCAC7F2EFEE73671337BD1FD3103C99F399FB0AC10D477D0A76E441BDB0D47F74AE3275ED37425
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....c.V....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Ys.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y\|.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y\|.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y\|............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y}............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............._l.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 15:11:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.006375382067005
Encrypted:	false
SSDEEP:
MD5:	65E3FC2394400D97F80A7D238C8D8AFD
SHA1:	10A6CD1099AD04DA1006F5454E5F462B724E6F2E
SHA-256:	D6FD1CFE01EF7190169550744F8E72EC698070A3F6BC9C41B53D502B1058217F
SHA-512:	EB117FE345057DC6663A649F6A73839F1B8B918CB77FB934CB139830715289822069F8700EE21EB08CE81CFFE0FCDA721E7CD5F7667F38B18698972A2FC644D2
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....r?.V....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Ys.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y\|.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y\|.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y\|............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y}............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............._l.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.013148697620898
Encrypted:	false
SSDEEP:
MD5:	B3A09B548201CA95E7B88D9451EA2659
SHA1:	307B704D8D2BF0FB88EFB597665306118A4E6204
SHA-256:	DDB13E8CFE3D861A91BF2FEB0AD66B605C12540966AC6533A0EAFA5C3FE08453
SHA-512:	8E96246CC824C02CB890D5E4750F3AECF195BC455D7474C9CA00D61796272610D420FBDAE4E7539BBB5572645D38C3742D0A16C456F0021196163779870680BD
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Ys.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y\|.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y\|.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y\|............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............._l.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 15:11:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.005930597326883
Encrypted:	false
SSDEEP:
MD5:	D439AE8AF24D3CFEC206125C430C12DF
SHA1:	0133188FA512199678CCBD301464E55EB3C964B9
SHA-256:	2702412A5A1E1D41E92DEFD8F9DFB19D1F4EF4BBCBF17E6E52037A3EDFBB6351
SHA-512:	BEF507F9155ECA649A5D9A5D49B13980B05F8137480996B7E5D4A116A77AF00922B240B97368996355E401A257AD2CC1A00F3317B13B1AC9980D6BDC9AC776FC
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....X.V....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Ys.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y\|.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y\|.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y\|............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y}............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............._l.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 15:11:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.994336887328219
Encrypted:	false
SSDEEP:
MD5:	6D655778A151ECAB54954A40541C6DF7
SHA1:	571AB83CFA139113A658E10CA63D5D10D467BF2C
SHA-256:	084FC9BA75D986E39EE6F1829215ADEA335573858A600314477AE64BBBBEC75F
SHA-512:	62E53F40C3F3302C99EA083FC3B60B8F39DFAEC463AFCAC7D3481535D7181AD96C7A79B162BDF6CEB97830F63DA1AC7AAB99864BDC0C5B300C326A0534339548
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......V....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Ys.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y\|.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y\|.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y\|............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y}............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............._l.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 15:11:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.00542849205677
Encrypted:	false
SSDEEP:
MD5:	50534BA63F4F451D2F7CD0EEE53C48B9
SHA1:	50FA3FDC8D89CD16F6B7628366E590FDB76F3859
SHA-256:	1F613BB1EF6074E838A3CB70E0328713339BB01B54A5B30E6928E7F1A0421B51
SHA-512:	9DBC2BB86A4B638E5540D3D3584B552F2A1156AD0FB19EB0FD294CF6E34E71B3402221C84780B3E9940EF4B2CEAF8C58475C358FDB3BB0CC1301951E29F1F513
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......V....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Ys.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y\|.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y\|.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y\|............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y}............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............._l.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	12155
Entropy (8bit):	4.605846476683318
Encrypted:	false
SSDEEP:
MD5:	D0489EB5346EA1250203C8F4F24167C9
SHA1:	D441CED10523BB7F37D996ADE2D858C18A108C0D
SHA-256:	FA2631ACD9C9234C357BBF0FEA1C8E707D2DBA7A6C8D769C48725A63CFC57F65
SHA-512:	F472C61878266D0D63C36B01AC207232C44BE4C92E7D20A32D31A866BD7520867D78B1DDB63BF04A69A682EAA5D781B264BC65DE2D728687546B7D41D90FF614
Malicious:	false
Reputation:	unknown
URL:	https://secure.na1.echocdn.com/packages/as-ui-bootstrap4-spectrum/dist/images/spectrum_spinner.svg
Preview:	<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="4080px" height="68px"... viewBox="0 0 4080 68" style="enable-background:new 0 0 4080 68;">..<style type="text/css">....st0{fill-opacity:0;stroke:#000000;stroke-width:4;stroke-opacity:0.1;}....st1{fill-opacity:0;stroke:#1473E6;stroke-width:4;}..</style>..<path class="st0" d="M34,4c16.6,0,30,13.4,30,30S50.6,64,34,64S4,50.6,4,34S17.4,4,34,4z"/>..<path class="st1" d="M34,4L34,4c16.6,0,30,13.4,30,30"/>..<path class="st0" d="M102,4c16.6,0,30,13.4,30,30s-13.4,30-30,30S72,50.6,72,34S85.4,4,102,4z"/>..<path class="st1" d="M102.8,4C119,4.4,132,17.7,132,34c0,3.4-0.6,6.7-1.6,9.8"/>..<path class="st0" d="M170,4c16.6,0,30,13.4,30,30s-13.4,30-30,30s-30-13.4-30-30S153.4,4,170,4z"/>..<path class="st1" d="M171.6,4C187.4,4.9,200,18,200,34c0,6.8-2.3,13.1-6.1,18.2"/>..<path class="st0" d="M238,4c16.6,0,30,13.4,30,30s-13.4,30-30,30s-30-13.4-30-30S221.4,4,238,4z"/>..<path class="st1" d="M24

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), CFF, length 29980, version 1.0
Category:	downloaded
Size (bytes):	29980
Entropy (8bit):	7.991242817341188
Encrypted:	true
SSDEEP:
MD5:	864FC6D95444FD085441968A712F6C9F
SHA1:	7E54F060DF28A16E146AB1EB15AB3A59D3D9BE06
SHA-256:	371F06319FA71DE555AEBEFCFFBE3C1F755E5761D90AACD9BBA0C64C6CF40090
SHA-512:	7CADDDDCD35910BC04D80EB10F0776BBF7C770AFCF960FBBDFCC8E8DB1BACD694883A3E9A1540552B544AE639FA42C9B79690ADB81F7D5210467B6494BA25880
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/af/eaf09c/000000000000000000017703/27/l?subset_id=2&fvd=n7&v=3
Preview:	wOF2OTTO..u........0..t..........................F...D?DYNA.i?GDYN.y..H.`..N...6.$..H...... .5...H..V.CDE....}........W.?@..................o.9.%r.xtl%V.H9I....{..;.3..._..Km...LL..5...$..d.-0.b(...;I $..Vc3.d..\|....9..=f..,....4../......-..J..z...r...C.%....U.V,....T.l......q%...A..]I....E..$.......s...N...p.(4Is.K.r.C.v.L.a...(.e..{............m!...\&p.T2S.O..e...?....#...ylj..!....d....W..E...Q....y..z...!X..^QY..W_9..x...?...M...!.......,+`YV.e]........?V.{.jd..+krf.3K?.9...,.8....CREr...YLf..?.3.dqv..\...pU...H`!..+...l}..)....J.....M.P.;.......;w.....Zw...(.....lM..zj....`X.:.CqL.L..?.....d./...l.y9..xy;. ...P.X .I.l....Y......5'.0S'..L../...p.....+.B.. ....eb..:3.ns..B..a........~L.....R.w..!E.9{.}..dB%.zxq.5.F. ..q0.f.\|X..\|.o.m..+w.....<&...k9{..&......+...s..."..d2.u.UC..q.K..8....VC'qr.....j[.qb2NZ!.N.O.:._...e..*.C.u..5.8....t.h+...:..!Lv>8......<J......R......A:B.Gg...:.6K.J.N... ......uIl.V.C....{....X..uS.2.)..=..s

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1215)
Category:	downloaded
Size (bytes):	162116
Entropy (8bit):	4.992534661953849
Encrypted:	false
SSDEEP:
MD5:	55B3DE8C965B36683CCAF792FDB6F2EC
SHA1:	FEB8F996B75D12552BE4D622C01E0AABAC868ABF
SHA-256:	EBEFA0049242869709CA78F3769F0D017EF7978792E74A041E319A477AEE5318
SHA-512:	9D9D3D3DA1815235E6452B73F53CDC30CD4C9E72F2458CC00CAE468FD9A0E1241DF88EAD446CDE4E9CCDBA159529B76B67885D1CB17FC7A4E6FCDC6C1D1BF164
Malicious:	false
Reputation:	unknown
URL:	https://secure.na1.echocdn.com/resource/N764981603/bundles/dcSignPanel.css
Preview:	/!. ADOBE CONFIDENTIAL. * ___________________. * . * Copyright 2017 Adobe Systems Incorporated. * All Rights Reserved.. * . * NOTICE: All information contained herein is, and remains. * the property of Adobe Systems Incorporated and its suppliers,. * if any. The intellectual and technical concepts contained. * herein are proprietary to Adobe Systems Incorporated and its. * suppliers and are protected by all applicable intellectual property. * laws, including trade secret and copyright laws.. * Dissemination of this information or reproduction of this material. * is strictly forbidden unless prior written permission is obtained. * from Adobe Systems Incorporated.. /./!. * / /. _________________________________. * < DO NOT UPDATE THIS FILE DIRECTLY. >. * ---------------------------------. * \ ^__^. * \ (oo)\_______. * (__)\ )\/\. * \|\|----w \|. * \|\| \|\|. * . * . * INSTEAD USE https://git.corp.adob

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	4112
Entropy (8bit):	4.951266360531354
Encrypted:	false
SSDEEP:
MD5:	5F0B516146F975EDDE992B6FEB2861F6
SHA1:	38675BEF0695B8331DCAC0E7A800F895AF75010F
SHA-256:	7209E0294356022B18D4754BB85B77802436BD7FBBE9B1425B7F9BBE102FA8B2
SHA-512:	2306C17D7D7202867F94A8359237E8AD33CCB1F9A4F2D854FC4661A5824F3F579E59F281612E66C8E9E285698B1E1B527888545ED51B0FC01A1C10FB45B5DAA4
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 600 100" width="600" height="100">. <g id="es_icons.1">. <path id="s_page_down_hud_18" fill="#ffffff" d="M8.29,16.8a1.026,1.026,0,0,0,1.412,0l8.051-7.712A.941.941,0,0,0,17.7,7.72a1.037,1.037,0,0,0-1.364,0L10,13.792V1.179a1.007,1.007,0,0,0-2.013,0V13.792L1.661,7.728a1.033,1.033,0,0,0-1.415.156.936.936,0,0,0,0,1.2Z" transform="translate(15.972 16.788)"/>. <path id="s_page_up_hud18" fill="#ffffff" d="M8.29.5A1.026,1.026,0,0,1,9.7.492L17.754,8.2A.941.941,0,0,1,17.7,9.571a1.037,1.037,0,0,1-1.364,0L10,3.5V16.112a1.007,1.007,0,0,1-2.013,0V3.5L1.661,9.563A1.034,1.034,0,0,1,.247,9.407a.936.936,0,0,1,0-1.2Z" transform="translate(65.972 16.788)"/>. <path id="s_page_down_hud_18-2" data-name="s_page_down_hud_18" fill="#707070" d="M8.29,16.8a1.026,1.026,0,0,0,1.412,0l8.051-7.712A.941.941,0,0,0,17.7,7.72a1.037,1.037,0,0,0-1.364,0L10,13.792V1.179a1.007,1.007,0,0,0-2.013,0V13.792L1.661,7.728a1.033,

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	807
Entropy (8bit):	4.923430589348439
Encrypted:	false
SSDEEP:
MD5:	B0086A45A9489BCD3ACF4769F37B52AA
SHA1:	8C9400C4A17DB8C47D609B9C7AC3D4EE2E70ADB1
SHA-256:	FF489AAD06B35701434AF93561E529DA4316811981798E0C3277FBBE62DF5EF9
SHA-512:	0E5359C741A80998CEF11B779E805AC24B8C932384BFAD006BCCCAFDF704C90B77BF35A783497AAB190CE306AB50FFC13AB0C2B756C7FD075CD60C5E530D243F
Malicious:	false
Reputation:	unknown
URL:	https://secure.na1.echocdn.com/images/transparent-spacer.gif
Preview:	GIF89a...............+..........ws.p.a.c.e.r...g.i.f....\|@.......m..\| ...@........6..x...........2..\|$...H........s......@.........\|8..\|....2..\|...\|...\|......@.8.H....\|XM......Q..\|x...m..\|.M..`M..4...x...2%.\|......\|.$.\|....x...h....L..E..\|N..\|`...$...D........A.\|X..........\|d..........\|....0...Q..\|....m..\|4... ...............8.H.............O.....................\|p..\|....m..\|b..\|...\|...\|p..\|.M..8...4...............(.....\|x..\|....p..\|.......\|4... .......h]..........t.......t.....\|p..\|....m..\|[.\|........g.\|...w..@.................(... ...........D..............\|p.\|....g.\|\WC. ......w$... .....q.=_..h.V!.g....q.=_......+..........w.....s..if..*..w ...0...............4.....\|...\|.......\|..\|.........\|...w................D.D..t...E.. t....H......s....D..t..s.D..s..!.......,........@.......;

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (2258)
Category:	dropped
Size (bytes):	17476
Entropy (8bit):	5.5562021281521154
Encrypted:	false
SSDEEP:
MD5:	80AA1425E8422CAEF6A4DEFFDA2F5A38
SHA1:	BCADA77A87D8F10F1CA4ADE8D393B2AD9988AD13
SHA-256:	1B3329DED46F847B991CE76CBD6252FC0322BED2ADA2535143B58543109E271D
SHA-512:	9DD29547A084858ACD7ADA9E451185983F8BD1B5C1D35DDA15A6BB52CA7D3B65DD8A604BDAE580B000748481DC71A224A0EAE7006C576F50F5EE8087C3B1DF2D
Malicious:	false
Reputation:	unknown
Preview:	/. The Typekit service used to deliver this font or fonts for use on websites. * is provided by Adobe and is subject to these Terms of Use. * http://www.adobe.com/products/eulas/tou_typekit. For font license. * information, see the list below.. . adobe-clean:. * - http://typekit.com/eulas/000000000000000000017701. * - http://typekit.com/eulas/000000000000000000017703. * - http://typekit.com/eulas/0000000000000000000176ff. * adobe-hand-b:. * - http://typekit.com/eulas/0000000000000000000149e7. . . 2009-2024 Adobe Systems Incorporated. All Rights Reserved.. */.if(!window.Typekit)window.Typekit={};window.Typekit.config={"a":"717200","c":[".tk-adobe-clean","\"adobe-clean\",sans-serif",".tk-adobe-hand-b","\"adobe-hand-b\",sans-serif"],"fi":[7180,7182,7184,22766],"fc":[{"id":7180,"family":"adobe-clean","src":"https://use.typekit.net/af/cb695f/000000000000000000017701/27/{format}{?primer,subset_id,fvd,v}","descriptors":{"weight":"400","style":"normal","stretch":"normal","dis

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Category:	downloaded
Size (bytes):	369898
Entropy (8bit):	5.444067718216014
Encrypted:	false
SSDEEP:
MD5:	7B93CB3E0C0AB7D630A02BD546EF3C61
SHA1:	145DFE7D1798748642368B43223D777DD190E085
SHA-256:	B7C3BC8F0BC9E480B961FBE22361A08905FF434FF73FE687E9A383EC3C927A7D
SHA-512:	3818833CFF472245FB7BD967EF54A1886F6CCC620032FE55781ADBB6592E281A8DE56F8EF3ECE44FB0EEB892A51543E56B877310B77A2383D141CE9992BEA87A
Malicious:	false
Reputation:	unknown
URL:	https://secure.na1.echocdn.com/resource/N1614084111/bundles/app-theme.css
Preview:	.slider{display:inline-block;vertical-align:middle;position:relative;}.slider.slider-horizontal{width:210px;height:20px;}.slider.slider-horizontal .slider-track{height:10px;width:100%;margin-top:-5px;top:50%;left:0;}.slider.slider-horizontal .slider-selection{height:100%;top:0;bottom:0;}.slider.slider-horizontal .slider-handle{margin-left:-10px;margin-top:-5px;}.slider.slider-horizontal .slider-handle.triangle{border-width:0 10px 10px 10px;width:0;height:0;border-bottom-color:#0480be;margin-top:0;}.slider.slider-vertical{height:210px;width:20px;}.slider.slider-vertical .slider-track{width:10px;height:100%;margin-left:-5px;left:50%;top:0;}.slider.slider-vertical .slider-selection{width:100%;left:0;top:0;bottom:0;}.slider.slider-vertical .slider-handle{margin-left:-5px;margin-top:-10px;}.slider.slider-vertical .slider-handle.triangle{border-width:10px 0 10px 10px;width:1px;height:1px;border-left-color:#0480be;margin-left:0;}.slider input{display:none;}.slider .tooltip-inner{white-space:n

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5238
Entropy (8bit):	2.8892430767283317
Encrypted:	false
SSDEEP:
MD5:	81822B8989D79BF953BFFCF6E33A2F5C
SHA1:	37A2CD5435845717982A1F1CB7C1EC1A9C50C881
SHA-256:	9927F1F6E0A5E225CF5063D553A8A915509E9D3C953C5E40BF907800188E742D
SHA-512:	102FAD12F2FEC63E1806969B465BD3B628D7ADDDCCE40B8BECAD173D70101FCF3FD096F13E6C53669D0525FC1A12598F6342F08D7B104916ED35BB5E31C67A09
Malicious:	false
Reputation:	unknown
URL:	https://siemenshealthineerscs.na1.echosign.com/images/favicon.2.ico
Preview:	............ .(...&... .... .(...N...(....... ..... ..........................................................................................LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..............Wb..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX......Wb..........Wb..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..bm...............LX..LX..LX.............nw..LX..LX..LX..LX..LX..LX..bm.........................LX.........LX..LX..LX..LX..LX..LX..LX..bm......Wb.....................Wb..LX..LX..LX..LX..LX..LX..LX..LX..............nw..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX...........LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX............LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX.............LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX......bm......LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX.........nw..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..LX..L

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Category:	dropped
Size (bytes):	488483
Entropy (8bit):	5.103301328584705
Encrypted:	false
SSDEEP:
MD5:	98A817534F0F0F177A8A416874648772
SHA1:	6AC8710EFAA2E244278818560887FB5B5D067CBC
SHA-256:	CC08600BDBD65E788ECFC790FA9D51ADF1D4489915980E3B2A762E319250FE88
SHA-512:	C1F144C5537EE8E5C20A90E34C446EEF39B8BD1C443FBFA497E6197DB85168A294561170F6C3E86CA97BDF438DBC2B665A811078891F442D730548D85B104D47
Malicious:	false
Reputation:	unknown
Preview:	(function(){function a(e,d){for(var c=0;c<d.length;c++){e=e.replace("{"+c+"}",d[c])}return e}function b(){var f=arguments[0];var e;if(f.indexOf("{0}")!=-1){e=function(){return a(f,arguments)}}else{e=function(){return f}}for(var c=1;c<arguments.length;c++){for(var d in arguments[c]){e[d]=arguments[c][d]}}return e}window.i18n=({country:{PS:b("Palestinian Territory"),PT:b("Portugal"),PY:b("Paraguay"),QA:b("Qatar"),AD:b("Andorra"),AE:b("United Arab Emirates"),AF:b("Afghanistan"),AG:b("Antigua and Barbuda"),AI:b("Anguilla"),AL:b("Albania"),AM:b("Armenia"),AN:b("Netherlands Antilles"),AO:b("Angola"),AQ:b("Antarctica"),AR:b("Argentina"),RE:b("R.union"),AT:b("Austria"),AU:b("Australia"),AW:b("Aruba"),AZ:b("Azerbaijan"),RO:b("Romania"),BA:b("Bosnia and Herzegovina"),BB:b("Barbados"),RS:b("Serbia"),BD:b("Bangladesh"),RU:b("Russia"),BE:b("Belgium"),BF:b("Burkina Faso"),RW:b("Rwanda"),BG:b("Bulgaria"),BH:b("Bahrain"),BI:b("Burundi"),BJ:b("Benin"),BM:b("Bermuda"),BN:b("Brunei"),BO:b("Bolivia"),SA:

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4938)
Category:	downloaded
Size (bytes):	77493
Entropy (8bit):	5.781608461985365
Encrypted:	false
SSDEEP:
MD5:	DC8D34966443C527E00358DFF0772799
SHA1:	34ACCA8C275A61A80350038A6F0C92C6489692E7
SHA-256:	9BEB3A18B34136438721D95B3FCB843BAA524B9031B5E770028E93DE9C9ACC7B
SHA-512:	808A65C7A124695A6D5A94C438AF051F0993ADBA4A74F9675ACE704F02DDD46130D14533BD848166878EE49F3D8D9533CEF1031177281010E23D9FCC2EB1230E
Malicious:	false
Reputation:	unknown
URL:	https://secure.na1.echocdn.com/resource/1715228063/bundles/esignResponsive.css
Preview:	.disabled-opacity {. opacity: 0.5;. -ms-filter: "progid:DXImageTransform.Microsoft.Alpha(Opacity=50)";.}..no-box-shadow {. box-shadow: none;. -webkit-box-shadow: none;.}./**** MODALS *****/.html.mobile #contentSubHeader .agreement-header .dark-mode {. background: #2d2d2d !important;.}.html.mobile #contentSubHeader .agreement-header .dark-mode .agreement-container {. align-items: center;. display: flex;. height: 56px;.}.html.mobile #contentSubHeader .agreement-header .dark-mode .agreement-container .lastsave .lastsave-info-icon {. margin: -11px 0 0 0;.}.html.mobile #contentSubHeader .agreement-header .dark-mode.agreement-band.navbar {. height: 56px;. border: 0;.}.html.mobile #contentSubHeader .agreement-header .dark-mode.agreement-band.navbar .agreement-req-info {. padding-top: 8px;. padding-left: 0;.}.html.mobile #contentSubHeader .agreement-header .dark-mode.agreement-band.navbar .agreement-req-info .completed-info {. margin-top: -6px;. float: right;. margin-right:

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	329
Entropy (8bit):	6.7539656689897365
Encrypted:	false
SSDEEP:
MD5:	1DE6CDACF8963C2A0AF02507130C9543
SHA1:	C7B728B5B5C654431482F8D829A71984C238807F
SHA-256:	5821F8705F72BA79BA155B84DD84A59F7D9B7CBC8D8CB1D25179F75B9E50F17C
SHA-512:	F27464C2BCD7A01961ABCADD98F03A7EA21D41925D8FE0A177EC9A5081BAE23EFD09BD0E564AF92BC3FB2730576B6E26317401996EFB3D49DC289C0B0FBC0F2C
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............r..\|....sBIT....\|.d.....pHYs...........~.....tEXtCreation Time.11/5/13......tEXtSoftware.Adobe Fireworks CS6......IDAT(......1.E."9.`.ZB..=.%X.`.k.z....A.@!.\.eV..]..`H.?...@%)%V.!`>.....C.[/4\|....t.@.i-p..r..&m....M..(L.\...p..3....<`..T+.R......d....^..w.B...>\|O...?b.7^.'..9......IEND.B`.

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (39221)
Category:	downloaded
Size (bytes):	1209546
Entropy (8bit):	5.437077273372954
Encrypted:	false
SSDEEP:
MD5:	510888A2DDD6B08436D57C6795757B9A
SHA1:	181879EFCC559D3891D2BD51C20F14741E12A1A9
SHA-256:	1E1443CCF1166DE99CE40CD9F1A6336C836557E62A9F89CCBD9D38FDDF02CBE4
SHA-512:	9ACA851DAF595A32F13BBF4CAC1D864CD36461C77EB9DD98D5F866F7FE32D5B31AF2005524C5B6EDD5273C612FEF619FFB2CC96AC79CEC309794BE13E39A8CD0
Malicious:	false
Reputation:	unknown
URL:	https://secure.na1.echocdn.com/resource/N1436369179.en_US/bundles/app-esign.js
Preview:	/!. backgrid. http://github.com/wyuenho/backgrid.. Copyright (c) 2014 Jimmy Yuen Ho Wong and contributors <wyuenho@gmail.com>. Licensed under the MIT license../.(function(a){if(typeof exports=="object"){module.exports=a(module.exports,require("underscore"),require("backbone"))}else{a(this,this._,this.Backbone)}}(function(v,Q,E){var P="\x09\x0A\x0B\x0C\x0D\x20\xA0\u1680\u180E\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200A\u202F\u205F\u3000\u2028\u2029\uFEFF";if(!String.prototype.trim\|\|P.trim()){P="["+P+"]";var x=new RegExp("^"+P+P+""),p=new RegExp(P+P+"$");String.prototype.trim=function a(){if(this===undefined\|\|this===null){throw new TypeError("can't convert "+this+" to object")}return String(this).replace(x,"").replace(p,"")}}function F(X,U,T){var W=U-(X+"").length;W=W<0?0:W;var V="";for(var S=0;S<W;S++){V=V+T}return V+X}var C=E.$;var R=v.Backgrid={Extension:{},resolveNameToClass:function(T,V){if(Q.isString(T)){var U=Q.map(T.split("-"),function(W){return W.sl

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	69374
Entropy (8bit):	4.940095405378546
Encrypted:	false
SSDEEP:
MD5:	5D8073432A5C1C7106A3C848B9237D4C
SHA1:	E4A1423332EB4227C88A1B52E1E332B6F7E28CF3
SHA-256:	C21A6B8534FDC14F3686AF733FD1364127AED44DC88CA70152841A0E946E1E8D
SHA-512:	3433F7D6D944BD2BF38E542C39932682FF563275A25302F657B38604F500C1CFA429C14B04F5329F1D82FA4E16B19A62FB0C81B9203C1307CAADB3AC98E28BC0
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="800" height="381" viewBox="0 0 800 381">. <defs>. <clipPath id="clip-path">. <path id="path-1" d="M9.294,24v-.027a1.434,1.434,0,0,0,0-2.865,2.483,2.483,0,0,0-.315.028l-1.595.015c-2.394,0-4.731-2.863-4.731-5.4,0-2.275,1.293-4.81,3.355-5.169a4.081,4.081,0,0,1,.756-.072,4.184,4.184,0,0,1,2.365.817c.109.086.219-.043.192-.157a8.627,8.627,0,0,1-.234-2.249A7.251,7.251,0,0,1,9.282,7.61c.672-2.734,3.588-4.7,6.407-4.783,3.231-.1,6.517,2.235,7.2,5.184a7.369,7.369,0,0,1,.192,1.547,8.327,8.327,0,0,1-.3,1.976.147.147,0,0,0,.22.157,4,4,0,0,1,3.231-.788c2.063.359,3.521,2.822,3.521,5.055a5.71,5.71,0,0,1-4.84,5.169l-1.871-.015a1.434,1.434,0,0,0,0,2.865V24h1.939c4.154,0,7.356-3.881,7.356-8.262,0-4.122-2.627-7.416-6.435-7.817a.132.132,0,0,1-.11-.114A10.03,10.03,0,0,0,14.974.064,9.789,9.789,0,0,0,6.49,7.538c0,.029-.069.114-.111.114C2.571,8.054,0,11.62,0,15.715,0,20.123,3.3,24,7.481,24Z" transform="translate(0

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 21 x 21, 4-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	464
Entropy (8bit):	6.527515766093433
Encrypted:	false
SSDEEP:
MD5:	1D52501B76AB47E1F5CC292B7BE5A180
SHA1:	09344A38FC2D1F62D1EE7183D92BCAF94255E522
SHA-256:	FC327614AC13390740045897584DF4D985C35B1478884F94336A65E0CF79AC47
SHA-512:	5F42BB987DA011F51DE7198652470371F6161ABBC2935F21528B37CC49E306F489B0F7EEDD1585A02EC52324A5F08D40F9314BB601BB8A11F998F9700D520D7E
Malicious:	false
Reputation:	unknown
URL:	https://secure.na1.echocdn.com/images/doc-cloud/A12_help.png
Preview:	.PNG........IHDR.............[9......sBIT.....O....0PLTE...fffffffffffffffffffffffffffffffffffffffffffff.l......tRNS.."3DUfw........v.......pHYs...........~.....tEXtCreation Time.1/29/15.......tEXtSoftware.Adobe Fireworks CS6......IDAT..c```............./.....5....O@... R.............<...3Z...~20._`.................@.. .......@..O``.?........;......`...<P=.A ;~.C...U..........`......l?.....&.........N..."Y...V....l... x.5Ml...@....Ew.FS.....IEND.B`.

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), CFF, length 29924, version 1.0
Category:	downloaded
Size (bytes):	29924
Entropy (8bit):	7.990737514218301
Encrypted:	true
SSDEEP:
MD5:	FCFE600FE9BF0239A8C3CD48738EC2DA
SHA1:	C735EDEB5AC056F41E063A46B2F508057C9DBDAB
SHA-256:	62517736E6872FB13CE951C67D689DEF5F6AC4AC222299BFE1E37AC5F05C37AD
SHA-512:	2829D0BE5E38771D56D92371DD9A4131ECDEC577C50481043914A525DE1F0EB9197C731E549F67625EB954EE611377C771126A2A764F0E68B5928476DE05543A
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/af/cb695f/000000000000000000017701/27/l?subset_id=2&fvd=n4&v=3
Preview:	wOF2OTTO..t........(..t..........................F...s?DYNA.i?GDYN.y..r.`..N...6.$..H...... .)...H........Q..aDA.........U...~..?../.....?B...w..{....:`v...9?/y'I..9@I...@..3V@....%WX{'...T@...`./Q...V.Tz....g( .... .....sFO...2..j.n..R....HBI.!.r[n.VR ...JhM.Aj.HI.~....o.&...q..\Gr..8T7..I!(1.0.t..B...Mq....)c....7..Mk)!..]....1k;.d....6..y..N4z...L.B).....'..T...Q..?......N>.\|...+...V....K..e...I.#..b.j.................BN....B.#.T.._\|.....V.:...E.\v./y...$.h....H.Y...;.L..h..Y.}I.C..U!tR%.pS...i......STU\|..).y...P.Y..4`...c.].w..E.>.[.u.R.._..2 )....}.R......... ..Cc!S......).$....4#hC...5O....``....0......O....&W..`....d..."...a(....4CP..d..(\|.wY.n.I......a..x....0..xO...~..}.._E.i.3....0k..i@....p.F. ...a....0..a._....w...Z.s...c..&.3.h.wY.W../_~.6.J...H...+......k...D.NKi_..}....K(q^;o}.v..&.>.+...b...m......x..R....B.....\|I)Mn1..'.R/..t..Yb4..~.M.C.L.+.....[.......W.A..jc.n...........T3.qyow*..1....+7..K.p.v.^.LU'Z.\|....

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), CFF, length 29752, version 1.0
Category:	downloaded
Size (bytes):	29752
Entropy (8bit):	7.991259791890674
Encrypted:	true
SSDEEP:
MD5:	B45F7B0B58EA5CD543323A5E4BA4724B
SHA1:	03E815A2FA7461F31FC8ECC18A7063930FC87475
SHA-256:	9ABA873D54C84D8D56CFE572AB802BB34322DE6FD945C286D278FABE29A9F3F0
SHA-512:	0726643B1B961B3A2E67380A6CED69030E5E97E99C938EBA29830638CC0CA7CF0C42E22DFC6AC77553B21B4E71FF8E3C6BDB8004168449C182A88C9A380D3422
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/af/40207f/0000000000000000000176ff/27/l?subset_id=2&fvd=n3&v=3
Preview:	wOF2OTTO..t8..........s..........................F...]?DYNA.i?GDYN.y..r.`..N...6.$..H....7. ............y..h.0....UUU.&.w... .._..w..._..........s..;.L.xJ.%..4w....{I>le-.pU....[Y.B......_v.....a\|.%8Jj"4...I..O.O..d}.A.8P......a.f..S.Oh[...{w....M"...[.,`.B2...`.K=Ql.S...&;....M.C...Z*)..P..S..[;........7.K....h...%..jIC....-.N...n....P....%9.Le.....pT..Z..vk..........:..hvP.Q..h;.....i^__.N.@9.O...G...d...i.D_.6...3..<c..Hw.=...m.. .i...:..m0.H....\......<........4... ..'"<qQ....C.S..A.J.,2.... .2_.....s......[......\|.@.6);.O....w6.&[x..7.z.\|....if..XDE..].Mp.).I.i.'..H....PW..[c..oUOe...5....^.sJB.(^b.... fL.[..>.J.4.y.....0{QN...4.....E..Qdf....5b....d,.3.^.Z.UD.!..y.....i77.$.S........F.2.8.:.h....az.........:....`x........S_. ..$.q{J..Z2..iWqG`[f.M...p&...3..w....{......:h.....i.qg.%...x...a(...0...2...>...^.w..\.w..e.....]..S;..b..d....+...ld..w....r.k.1QJ...y.a_..\+.g^Vp....v.3[r..+...B>$w....}....u...+8...x..U..6..1Ln!zS..w..h

Chrome Cache Entry: 126

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 119064, version 2.20
Category:	downloaded
Size (bytes):	119064
Entropy (8bit):	7.991506803878922
Encrypted:	true
SSDEEP:
MD5:	090C51D750041A6DA7041AD2F8510CB5
SHA1:	54EA3C86DFEC251280EFA2464A8B620412C784A1
SHA-256:	0AB72D9EE658B0EE28C414ECF5A304421A14F1BDB585AB17C034C037CD215AB7
SHA-512:	8E60C824244305D0B76710368DC4F7A15E11CCF446F2BB4D08A3F0822F94B9CB4F6B8242AC6E517631DFA56DF68070D5955FF89E4C26F054A05B18FB5FF41E58
Malicious:	false
Reputation:	unknown
URL:	https://secure.na1.echocdn.com/font/SourceSansPro/SourceSansPro-Regular.ttf.woff
Preview:	wOFF..............\|D........................BASE.......F...Fe.].DSIG.......!......>.GDEF..[....Z.....zGPOS..^...H......,$.GSUB..........<Z...+OS/2... ...Y...`]..cmap.......[..6^.<.5cvt ..(X......."..fpgm..'........s.Y.7gasp..[.............glyf..7....m..R\.<0.head.......6...6....hhea....... ...$...Xhmtx...\|...(...X.f.\loca..(........\.gD$maxp....... ... ...zname..;........!..2.post..@$......K...Hrprep..(....S...V.c..........CX.9_.<...................{k.:...o..............x.c`d``...=....V..8."(.}...\|.............v...............s....x.c`f.b..........................,.LL,..L....P..........?..l...7.........1M.R....1E.....x..s..........A..:.y....m.m..b..5..K&{..........I....e...%.....v.*..hc.7s.._J:..T.[.N.....n..w.~h+u.m.k....IQ3..F..ql..,.]7U..Ul{...W....E.ZKT...f..X.. U.BH....3...(.T..}.7...\m..j...!..z..D....NP"......+..s3.v....Fa.R<.<...b.vD...0.VS.]M...N....>'a.w.....x.....l..'.<e..^.......]/.h...uBL..\.n.9I.....Rm\|.m...V.{..H..y.L.oJ....'.\d'.tm. ..

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (60557)
Category:	downloaded
Size (bytes):	935941
Entropy (8bit):	5.519184404772904
Encrypted:	false
SSDEEP:
MD5:	0FC0FC6D71A507F19A69C7597017CB4D
SHA1:	B93722366D48EAB221B6A74A3B13E8CF31A0C2D2
SHA-256:	7DFEA066AB7F86D36C0A57EDC011952CCC2BF6C1EF15141587DCBD652394BF3C
SHA-512:	AD8C81679BFF25E16208B0DE4A0B360A225FB955CC5A5FE9CD3E0AC30A2C26059B2CCCF7A7E5B7C8D1B46BB5229320142C3B23079A0CF9959A65AEA91FB45A0F
Malicious:	false
Reputation:	unknown
URL:	https://secure.na1.echocdn.com/resource/N66420078.en_US/bundles/app-main.js
Preview:	/!. jQuery JavaScript Library v3.5.1. * https://jquery.com/. . Includes Sizzle.js. * https://sizzlejs.com/. . Copyright JS Foundation and other contributors. * Released under the MIT license. * https://jquery.org/license. . Date: 2020-05-04T22:49Z. */.(function(b,a){if(typeof module==="object"&&typeof module.exports==="object"){module.exports=b.document?a(b,true):function(c){if(!c.document){throw new Error("jQuery requires a window with a document")}return a(c)}}else{a(b)}})(typeof window!=="undefined"?window:this,function(a1,ay){var m=[];var aP=Object.getPrototypeOf;var aa=m.slice;var bV=m.flat?function(b1){return m.flat.call(b1)}:function(b1){return m.concat.apply([],b1)};var x=m.push;var bR=m.indexOf;var aj={};var z=aj.toString;var U=aj.hasOwnProperty;var aB=U.toString;var bk=aB.call(Object);var J={};var y=function y(b1){return typeof b1==="function"&&typeof b1.nodeType!=="number"};var aE=function aE(b1){return b1!=null&&b1===b1.window};var l=a1.document;var be={type:tru

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 39 x 105, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1229
Entropy (8bit):	6.982400317117547
Encrypted:	false
SSDEEP:
MD5:	7D316DD586C855E2FD53147E06CB9679
SHA1:	96C500C1C6EFA703C3E06AFD405533A37445FEF6
SHA-256:	A207CB77946A064A765A2E5950398FDF19330F7B078BD5CCE3D1DBF1E2FCC19D
SHA-512:	F25BB00B3B1A8A7877667F502921D84927F40A9A42F1BBCD800ADE55F658CFE8E674E5F0C7A1894881F04C3B8DF0BE0EB6FD3E71080EA07DC8DAB5F99CDE3602
Malicious:	false
Reputation:	unknown
URL:	https://siemenshealthineerscs.na1.echosign.com/images/esignJS/AdobeSign_Tag.png
Preview:	.PNG........IHDR...'...i....../......sBIT.....O....>PLTE............................................................................................................................................................................................}.{y.xv.rp.pn.mk.jh.db.b`._].\Z.WU.TR.RP.OM.LJ.HF.EC.B@.@>.><.97.:8.75.33.20.0...,.-*.+(.&#.# . ..................................-P.....jtRNS.."3DUfw....................................................................................................o.....pHYs...........~.....tEXtCreation Time.12/19/14..e.....tEXtSoftware.Adobe Fireworks CS6.....fIDATX...ks.@.....\N..B...6..T...h.B.`m.R...........T.nv...3}.$0....@R(...b.W.....XS.K.~...\.....]..&4$.`.Zb.%,....v\|.hF.w...8.....e.G...[.[.%....;b...8(..].j.N.T.>.r......'.[.n.+.&.{.....\|.t.l..W.....,?.x.M......2.Y.V^....v....>T(..^....\|>.......4Jo.`?\|...h.Zx..(6v.;}l..+p'^......F...<P.v4........._..\|[PN.+w....-o-9..>......B...&4,h.......?.f.....yo6."...5/.{e.^..\|.A.`...5.9.1.~...n..

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 700 x 300, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	10404
Entropy (8bit):	7.889246476508816
Encrypted:	false
SSDEEP:
MD5:	A6BC96F13C6B20295AE34A23C3E7BE40
SHA1:	8FF8CF318D33E270F1421CDACABEB370D83C67EF
SHA-256:	C145C0E997837FED4A0792BEDE157B121C64F4CE61AAC96F93FA8D20055B5E2C
SHA-512:	6A2D1007A743D40CCD364A9E6864B825099D643B5E080569F68DCA979891CB8F7DBD452211ADF43155AA8795D44C32F9EF0AF4CA62DC538CC9107BE65FC64E48
Malicious:	false
Reputation:	unknown
URL:	https://secure.na1.echocdn.com/packages/as-ui-bootstrap4-spectrum/dist/images/core_icons.png
Preview:	.PNG........IHDR.......,...........sBIT.....O.....PLTE..............~~~\|\|\|..Gvuv.J@!v. u..t.fff.s..p..v..w..q..o..u.OOODDDCDD@@@>>>......~~~vuv!v..t. p..q..u.OOODDDCDD...........~~~\|\|\|..Gvuv.J@!v..t. r.fff.q..u.OOODDD........~~~..Gvuv!v..t.fff.u..q.OOODDD..........~~~\|\|\|..Gvuvppp.J@!v..t..q.OOODDD.........~~~vuv.J@!v..t..t.fff.t..q.DDDCDD............~~~..Gvuv!v..t..q.OOODDD........~~~..Gvuv!v. t..t.fff.q.OOODDD.............~~~\|\|\|..Gvuv.J@.y.!v. t..t.fff.w..q.OOODDD..........~~~\|\|\|..Gvuv.J@!v. t..t.fff.q.OOODDDCDD......~~~\|\|\|vuv.J@!v. t..t.fff.q..u.OOODDD...............~~~\|\|\|..Gvuv.J@!v. t..t.fff.w..v..q.OOODDDCDD...............~~~..Gvuv.J@!v. t..t.fff.q.OOODDDCDD...........~~~\|\|\|..Gvuv.J@!v. t..t.fff.v..q.OOODDD......................~~~\|\|\|..Gvuv.J@!v. t..t.fff.w..v..q.OOODDDCDD..D.....tRNS.........................."""""""""""""33333333333333333DDDDDDDDDDDDUUUUUUUUUUUUUUUffffffffffffffwwwwwwwwwwww......................................................................

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	35
Entropy (8bit):	2.9302005337813077
Encrypted:	false
SSDEEP:
MD5:	81144D75B3E69E9AA2FA3E9D83A64D03
SHA1:	F0FBC60B50EDF5B2A0B76E0AA0537B76BF346FFC
SHA-256:	9B9265C69A5CC295D1AB0D04E0273B3677DB1A6216CE2CCF4EFC8C277ED84B39
SHA-512:	2D073E10AE40FDE434EB31CBEDD581A35CD763E51FB7048B88CAA5F949B1E6105E37A228C235BC8976E8DB58ED22149CFCCF83B40CE93A28390566A28975744A
Malicious:	false
Reputation:	unknown
URL:	https://p.typekit.net/p.gif?s=1&k=fqg8osp&ht=tk&h=siemenshealthineerscs.na1.echosign.com&f=7180.7182.7184.22766&a=717200&js=1.21.0&app=typekit&e=js&_=1725034347416
Preview:	GIF89a.............,..............;

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1020 x 1320, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	12753
Entropy (8bit):	6.693580355979805
Encrypted:	false
SSDEEP:
MD5:	508C3E36E670753056AFD5AB15074D47
SHA1:	3DD3F11AF694F46A1DDC59517101D1B111103D7A
SHA-256:	00A00CE53D8803B8B832B481816674FE0D8C1687E0D9D98ED9B1C565686E09B1
SHA-512:	13DE984C7A9846578AB03340BA3FEBF7B350E4ADD3011D678F4E2575C7CD5A6C85BFCF361D9E939A86047C47597595319375BEB6D0B0C36E24CBB4B4C3B7CF8E
Malicious:	false
Reputation:	unknown
URL:	https://siemenshealthineerscs.na1.echosign.com/images/thumbnails/default_image_z125.png
Preview:	.PNG........IHDR.......(.......I.....gAMA......a....IiCCPsRGB IEC61966-2.1..H..SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m....... ......O.

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (39523)
Category:	dropped
Size (bytes):	313049
Entropy (8bit):	5.276784878048583
Encrypted:	false
SSDEEP:
MD5:	DF6327E7CDDB0E253BE53EC0DD82C1AF
SHA1:	A70599F6D88C6F6CF836A8CE1B9F4C49668697C1
SHA-256:	EDA068B17687F4BF358146687BB3ADC185DF38743BE67493B84306A4889E33E4
SHA-512:	9062DA492956CF8784753E69C97E62F8C6794D10BBB7A4B8CBFC505C7F7398E489C33DF811D9F9E5BDDD66437C3F957A181C331827FD55DDCD593AC2BDD0C448
Malicious:	false
Reputation:	unknown
Preview:	(function(){var b=Backbone.PageableCollection,a=b.extend({mode:"client",useDWR:true,hasResults:false,serverErrorText:null,initialServerResponse:null,hideLoadingText:false,state:{pageSize:15},initialize:function(){this.service=this.getDWRService();this.model=this.getModelClass()},getDWRService:function(){return undefined},getModelClass:function(){return undefined},sync:function(i,e,d){switch(i){case"read":var g=this,h=function(j){g.hasResults=true;g.loadingData=false;if(d.success){d.success(j)}},c=function(j){g.serverErrorText=j;g.loadingData=false;if(!g.initialServerResponse){g.initialServerResponse=j}if(d.error){d.error(j)}if(g.callbackGrid){g.callbackGrid.collection.fullCollection.reset();g.callbackGrid.body.refresh()}},f=this.useDWR?App.Service.getDWRHandler(e,{CRUD:true,success:h,error:c}):undefined;this.serverErrorText=null;if(f){this.hasResults=false;this.loadingData=true;if(this.callbackGrid){this.callbackGrid.body.refresh()}this.doSyncCollection(f,d);return}this.hasResults=true

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (52838)
Category:	downloaded
Size (bytes):	85569
Entropy (8bit):	5.476687934706804
Encrypted:	false
SSDEEP:
MD5:	23A212CCF2F478148E48DA00D8344C0D
SHA1:	85778F6949B487D29FCF2BDB7B7B5903F4EA7C84
SHA-256:	17F1B12A7B2ACAE123E896F54CA7A12A42A36B966D4134F669BD298443BC8327
SHA-512:	D63967C19D54EDC80054E9BD390BB8D02B72A40336A4A53303A7CF7243C4C907F73F39C559FA9B2C907A633811FD642817D3F521C3095A4CB9F48247CE35E082
Malicious:	false
Reputation:	unknown
URL:	https://secure.na1.echocdn.com/resource/1679050799.en_US/bundles/dcsignpanel.js
Preview:	/!. ADOBE CONFIDENTIAL. * ___________________. * . * Copyright 2017 Adobe Systems Incorporated. * All Rights Reserved.. * . * NOTICE: All information contained herein is, and remains. * the property of Adobe Systems Incorporated and its suppliers,. * if any. The intellectual and technical concepts contained. * herein are proprietary to Adobe Systems Incorporated and its. * suppliers and are protected by all applicable intellectual property. * laws, including trade secret and copyright laws.. * Dissemination of this information or reproduction of this material. * is strictly forbidden unless prior written permission is obtained. * from Adobe Systems Incorporated.. /.;./!. * */.(function webpackUniversalModuleDefinition(a,b){if(typeof exports==="object"&&typeof module==="object"){module.exports=b()}else{if(typeof define==="function"&&define.amd){define([],b)}else{if(typeof exports==="object"){exports.DCSignaturePanel=b()}else{a.DCSignaturePanel=b()}}}})(typeof self!=="undefined"?s

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	135603
Entropy (8bit):	5.0525316522612975
Encrypted:	false
SSDEEP:
MD5:	FC10AE72F01A3D4F15B9A9D60B07495F
SHA1:	4FB4161E6816D2FEA126F210A44F1718DA1AF5BA
SHA-256:	90CED62783A04B68240908E558DD4A4F58B71A4B307F04D0B4D72F64E7D5507A
SHA-512:	21CD535BAAEEA47EB58BBDEF479B35904B30D339F9176B8F797CCCC741A8455F905E4648A1D85E3D9240BF97407BE1C27C5F8CFF4D3450F39BECF7D925C7FFBB
Malicious:	false
Reputation:	unknown
URL:	https://secure.na1.echocdn.com/resource/1097130768/bundles/esignJS.css
Preview:	.disabled-opacity{opacity:0.5;-ms-filter:"progid:DXImageTransform.Microsoft.Alpha(Opacity=50)";}.no-box-shadow{box-shadow:none;-webkit-box-shadow:none;}.wrapLongText{white-space:pre;white-space:pre-wrap;white-space:pre-line;white-space:-pre-wrap;white-space:-o-pre-wrap;white-space:-moz-pre-wrap;white-space:-hp-pre-wrap;word-wrap:break-word;}.has-error-color{color:#D83742;}.has-error-border{border:1px solid #D83742;}.has-error-background{background-color:#ffffff;}.has-error-common{border:1px solid #D83742;color:#D83742;box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);-o-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);}.has-error-font{font-size:16px;font-weight:normal;}.has-error-token-background{background-color:#ffffff;}.has-error-token-background:hover{background-color:#fae3e0;}.has-error-token-background:active, .has-error-token-background:focus{background-color:#fccdc7;}.disab

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), CFF, length 41556, version 1.0
Category:	downloaded
Size (bytes):	41556
Entropy (8bit):	7.98872215025426
Encrypted:	false
SSDEEP:
MD5:	5C74846199D1B1DB5480B24370AE24A4
SHA1:	24A0AECDB2964254F28E9B30BD3A05D2E3D333EF
SHA-256:	0835AC845EA08E0E2E91347843377D229AC72184F6593DAC81D3EA2557F6567D
SHA-512:	5BCACB0980EF39ACD34BC3C74EAA9F5919C0F56F37CD281188483DA3F76FB1F18C7E4DDC5C861D2E6B3B7928C6FB45CAE00C7EBA411D6252DBCBDA9C38E24F8C
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/af/e301c6/0000000000000000000149e7/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Preview:	wOF2OTTO...T....................................:...c?DYNA..?GDYNa.R.`..2...6.$..D....{. ...5...~.8....<.....M.../....?......K.u2..}H.....o._.....-<.P.........q.=.l.T...L...@..>b.<....W...:..XT..7...L.....p..xF...1.....}y...J...IHH.......\|.........^.Nb....A..?pITgTr..HF.OK....j.y.Nw..J..E..!..,...]..~a...e;vx..v.q..C..rf........8&.L.I.`.}..}..S..r..x...\.....Tb.:..-iWd..9$H.....\|.N..N...hW...YDh]...X.E/.i...W.+.O1......(e...DL.hR}...N.v...QEK%..F...t......1..y......3}.r....`....`,..Y..$06k..xK...^.B.2........!...l.....!9 Z..P^..z..#.~...G...1..3.......W.%...._2@.m..zIH..F.......\|0.V..UY.%Y.\...'..).(...J.D..E..T."....2.ZB.......:\.E.FZKAY-.U?!C.H"z. ..DQW.....PEY%....K.Z$....-.8.I.%,..........3.1U.$X..;._8.9?.ox~z~.6..8.y+.Y...;....K...J:.. eq...?.xFy...J..3.dn..y3.Uv......r..v.Ui5....h1.D.....K.....}.*.Zl([.6.-l.....#....n.;.%{.>.........h...L.ldX..`........6...`..~.8...J..........7n....).....Z.%o...B^..>...c.X>...........^...._..N..(u

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5632)
Category:	downloaded
Size (bytes):	5633
Entropy (8bit):	5.321851327578031
Encrypted:	false
SSDEEP:
MD5:	47ABD389245817A0D1CCCDFD635987DA
SHA1:	66B03EEDC907A2FE86222E8350CF32AF0B236F0D
SHA-256:	44A61F3D32524D8EA20D06249621C69673F76FBD13D6201F6F4A107923FDE580
SHA-512:	800F125614E63EFA04A0421B4FE161B4B998B7A2563A192C9578D7E6EB7F21C3FDAA97EBB18D5DF65529820CD1126637CE7D4179146D99D5DC2AAF19EE942035
Malicious:	false
Reputation:	unknown
URL:	https://secure.na1.echocdn.com/resource/1730650309/bundles/toast-message.css
Preview:	#toast-container{display:flex;position:fixed;right:0;z-index:100050;-ms-flex-direction:column;flex-direction:column;-ms-flex-align:center;align-items:flex-end;}#toast-main-view{display:none;-webkit-animation:fadein 0.3s, fadeout 1s 6.5s;animation:fadein 0.5s, fadeout 1s 6.5s;}.toast{box-sizing:border-box;line-height:1.5;display:inline-flex;-ms-flex-direction:row;flex-direction:row;-ms-flex-align:stretch;align-items:stretch;border-radius:4px;padding:8px 8px 8px 16px;font-size:14px;font-weight:700;-webkit-font-smoothing:antialiased;margin:8px;}.toast--success{background-color:rgb(18, 128, 92);color:rgb(18, 128, 92);}.toast--error{background-color:rgb(232, 9, 28);color:rgb(232, 9, 28);}.toast--info{background-color:rgb(9, 90, 186);color:rgb(9, 90, 186);max-width:415px;}.toast--top-right{right:0;}.toast--top-middle{right:40% !important;top:66px;}.toast--button-secondary{border-color:white !important;}.toast--button-primary{}.toast--button-secondary-center{border-color:white !important;floa

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 353 x 60, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	6227
Entropy (8bit):	7.945990114270415
Encrypted:	false
SSDEEP:
MD5:	C5C647B3D9972990B097AEE1590AF097
SHA1:	06C54FDE9C2076E7B92658F6C439BEEF7D7D2913
SHA-256:	B3BDACD989EB2B56C03857834DE7BF2A6CC98BCDB1F20ACDBA791C930314E50B
SHA-512:	E1B25654C9A508866172FD2B0F877616683FDF492C3EDE938463087662DC33A3D410FAAFB65F88BF0E733B10CEB744CD51CD9D676B7E07BA20B2B8654BABFCE3
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...a...<.....8.......IDATx^..X.....2.4..x..........j..n................2.A..-s.H..0A..C....DP.....=...;..4W...g.}....u...3..h```........(..0..[..?w...5..0<.@w....P6j..ax...pl.........G..a.;..nx.wl.................4iRLL...!.....\|.....QI)..}FA..^.x.zV....X....[..s....=.=b..].vm.e.6m.....:.*../..t...."~~~t..G..;]T.).....+.......=...Q...F...{D...O.6n...x.M.6.#...`xx8..!t.....r.kO).u=..#x...E]O.WB#.T..&....u..f...t....J....Aj..c....w.=h''g......}.......T..H~~>l/^....e.i...7.FGG.....qqq.&L.......... nz#.&..O......m..h.N.:.....NNN. .[..y.5....Hqq1]Q'..#B..K..W.$.S.0z.......d.[..gU\|D.Ud.:.R..s'..P.6.n..p\!...u..5.MJJ..+W..\]]q..\..;w.>H............c.`....;..,X@g.K.....i..~..U.T.k..=z...AE.....+U...L%%..._....m.K="888++.........Z.j.?~...5j....6m.........C....`c...'N...___..\....{...~B....7o............/..0...lT.Zu.........@.I.G.(.....:t(l.h..`...^.Z..d.......o..T$..bc.dt.o...B.>..,}..@.G.....0!!!a.=..3..@.].......]z.Q.k.

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	64
Entropy (8bit):	4.54995172071332
Encrypted:	false
SSDEEP:
MD5:	024C6BF635CB8A7A6B04872CE8EA58C2
SHA1:	C757B31A82A7E14C0DA3A3E7EBCE3BC93420C026
SHA-256:	FF22FEC848411681BAA2C3B7EA07DEB79373A239F15BCA2F751AD60610268B5A
SHA-512:	C99354A767E5AB5C1000ACCDAF0EA771491F341463842521299B29D00BBE8FC28EFF42B54E27CC2DD1FBF1A5546602B33A334C607E1988F6F90E0FB856211D3A
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISLAmBVUtHlDMVTBIFDWCdwP4SBQ0ySriIEgUNkWGVThIFDaCi8-ASBQ2Yfh69?alt=proto
Preview:	Ci0KBw1gncD+GgAKBw0ySriIGgAKBw2RYZVOGgAKBw2govPgGgAKBw2Yfh69GgA=

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://siemenshealthineerscs.na1.echosign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAApce13TZTGDlDLe0jBCCWqoS3DszWN_9GgHr-dJp53YGkgeGzhQQhZNoKCqOMFy_EiajaXXHmHU1G1sB_4DqC7H-snnlpl0QjfA2UFo8G2ukkY_Dp6ctodb6REjv344vJ&&d=DwMCaQ

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 119

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Chrome Cache Entry: 131

Chrome Cache Entry: 133

Chrome Cache Entry: 88

Chrome Cache Entry: 90

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Static File Info

Windows Analysis Report
https://siemenshealthineerscs.na1.echosign.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAApce13TZTGDlDLe0jBCCWqoS3DszWN_9GgHr-dJp53YGkgeGzhQQhZNoKCqOMFy_EiajaXXHmHU1G1sB_4DqC7H-snnlpl0QjfA2UFo8G2ukkY_Dp6ctodb6REjv344vJ&&d=DwMCaQ