Edit tour

Windows Analysis Report
https://email.email.pandadoc.net/c/eJxUkMtu2zAQRb9G3Dmghg-RCy2cxExQp4WLNCiQTTAihxH9EFWJVtN-fWGg6WM3GMwZnHtD22nRRcNC9ucTDeUlhfbb-GOyDzvX3zxunx_Pw_6jK58co7ZuwDZcW21Y3yqswRIJL41WFmVAHclyVKA8l1ax1AIHWXMQteEWmqsIBmMUmmQTa1K6kpxOmI5XIw4BQ_ZXAxWW5pcyoSfsjtSW6Uzs2PaljHMl1hW4ChyO41_E51MF7l2_ArdAJVzJBxoqcYu88

Overview

General Information

Sample URL:	https://email.email.pandadoc.net/c/eJxUkMtu2zAQRb9G3Dmghg-RCy2cxExQp4WLNCiQTTAihxH9EFWJVtN-fWGg6WM3GMwZnHtD22nRRcNC9ucTDeUlhfbb-GOyDzvX3zxunx_Pw_6jK58co7ZuwDZcW21Y3yqswRIJL41WFmVAHclyVKA8l1ax1AIHWXMQt
Analysis ID:	1541379

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)

Detected non-DNS traffic on DNS port

HTML body with high number of embedded SVGs detected

Queries the volume information (name, serial number etc) of a device

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6820 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 7044 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2012,i,572873436209937974,5048104399492535140,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6604 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://email.email.pandadoc.net/c/eJxUkMtu2zAQRb9G3Dmghg-RCy2cxExQp4WLNCiQTTAihxH9EFWJVtN-fWGg6WM3GMwZnHtD22nRRcNC9ucTDeUlhfbb-GOyDzvX3zxunx_Pw_6jK58co7ZuwDZcW21Y3yqswRIJL41WFmVAHclyVKA8l1ax1AIHWXMQteEWmqsIBmMUmmQTa1K6kpxOmI5XIw4BQ_ZXAxWW5pcyoSfsjtSW6Uzs2PaljHMl1hW4ChyO41_E51MF7l2_ArdAJVzJBxoqcYu88zFi3ShZS4LOaCsbC14Gi2S06oAboUOohGNDLikmjyXl4VIDcBmtFbRSgdNKNkQrNBBX2EkjgUOwXLI8veKQfv6BnrTBz9fXfXgzUjz0_UbfbO4km9olDWnusZL8MGQ64UWcTbSk-TepNvutfcrWPzdvX7ttcDuJqWGlfc_2z7gqOL3Sf5v5crG0wL7n6TCP6OnydL9f1l8m-tCtd026v9X3-U6R-xUAAP__azuhWA" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

Cortana.exe (PID: 1512 cmdline: "C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe" -ServerName:App.AppX2y379sjp88wjq1y80217mddj3fargf2y.mca MD5: 2474F6359B2686EBCC034214ECDA6253)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://app.pandadoc.com/document/v2?token=a0bcffa175414e2b8694792c4d9ae865b20836dd?

HTTP Parser: Total embedded SVG size: 344347

Source: unknown

HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.17:49840 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 44.225.139.105:443 -> 192.168.2.17:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 44.225.139.105:443 -> 192.168.2.17:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.17:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.177:443 -> 192.168.2.17:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.155.246.37:443 -> 192.168.2.17:49919 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.17:51049 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:51049 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:51049 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:51049 -> 1.1.1.1:53

Source: unknown

HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.17:49840 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: email.email.pandadoc.net
Source: global traffic	DNS traffic detected: DNS query: app.pandadoc.com
Source: global traffic	DNS traffic detected: DNS query: cdn.segment.com
Source: global traffic	DNS traffic detected: DNS query: d3m3a7p0ze7hmq.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: use.typekit.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: sentry.infrastructure.pandadoc.com
Source: global traffic	DNS traffic detected: DNS query: api.segment.io
Source: global traffic	DNS traffic detected: DNS query: p.typekit.net
Source: global traffic	DNS traffic detected: DNS query: ip2c.org
Source: global traffic	DNS traffic detected: DNS query: api.pandadoc.com
Source: global traffic	DNS traffic detected: DNS query: d31uqz37bvu6i7.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: grafana-agent-faro.production.pandadoc.com
Source: global traffic	DNS traffic detected: DNS query: prom-fe-gw.production.pandadoc.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51053
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51054
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 51052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900

Source: unknown	HTTPS traffic detected: 44.225.139.105:443 -> 192.168.2.17:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 44.225.139.105:443 -> 192.168.2.17:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.17:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.177:443 -> 192.168.2.17:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.155.246.37:443 -> 192.168.2.17:49919 version: TLS 1.2

Source: classification engine

Classification label: clean3.win@24/42@52/253

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2012,i,572873436209937974,5048104399492535140,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://email.email.pandadoc.net/c/eJxUkMtu2zAQRb9G3Dmghg-RCy2cxExQp4WLNCiQTTAihxH9EFWJVtN-fWGg6WM3GMwZnHtD22nRRcNC9ucTDeUlhfbb-GOyDzvX3zxunx_Pw_6jK58co7ZuwDZcW21Y3yqswRIJL41WFmVAHclyVKA8l1ax1AIHWXMQteEWmqsIBmMUmmQTa1K6kpxOmI5XIw4BQ_ZXAxWW5pcyoSfsjtSW6Uzs2PaljHMl1hW4ChyO41_E51MF7l2_ArdAJVzJBxoqcYu88zFi3ShZS4LOaCsbC14Gi2S06oAboUOohGNDLikmjyXl4VIDcBmtFbRSgdNKNkQrNBBX2EkjgUOwXLI8veKQfv6BnrTBz9fXfXgzUjz0_UbfbO4km9olDWnusZL8MGQ64UWcTbSk-TepNvutfcrWPzdvX7ttcDuJqWGlfc_2z7gqOL3Sf5v5crG0wL7n6TCP6OnydL9f1l8m-tCtd026v9X3-U6R-xUAAP__azuhWA"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2012,i,572873436209937974,5048104399492535140,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe "C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe" -ServerName:App.AppX2y379sjp88wjq1y80217mddj3fargf2y.mca
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: cortana.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: sharedlibrary.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: mrt100_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: wintypes.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: mrt100_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: dpapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: mrt100.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: rmclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: windows.ui.xaml.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: iertutil.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: dcomp.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: windows.staterepositorycore.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: windows.ui.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: windowmanagementapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: textinputframework.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: inputhost.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: propsys.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: urlmon.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: srvcli.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: netutils.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: dxgi.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: mrmcorer.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: windows.staterepositoryclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: d3d11.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: d3d10warp.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: dxcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: d2d1.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: dwrite.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: textshaping.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: profapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: bcp47mrm.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: windows.shell.servicehostbuilder.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: execmodelproxy.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: uiamanager.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: windows.ui.core.textinput.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: windows.ui.immersive.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: dataexchange.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: windows.globalization.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: windows.ui.xaml.controls.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: directmanipulation.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: threadpoolwinrt.dll
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: dwmapi.dll

Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe

Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Memory allocated: 1DF90000000 memory reserve \| memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Memory allocated: 1DFA8000000 memory reserve \| memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Memory allocated: 1DF8FDF0000 memory reserve \| memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Memory allocated: 1DFA8710000 memory reserve \| memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Memory allocated: 1DFAB580000 memory reserve \| memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Memory allocated: 1DFAB590000 memory reserve \| memory write watch

Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe

Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Virtualization/Sandbox Evasion	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	LSASS Memory	11 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Registry Run Keys / Startup Folder	1 Process Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Name	IP	Active	Malicious	Reputation
d3m3a7p0ze7hmq.cloudfront.net	18.239.69.82	true	false	unknown
d31uqz37bvu6i7.cloudfront.net	13.32.118.196	true	false	unknown
x4whrmz.x.incapdns.net	45.223.20.103	true	false	unknown
prom-fe-gw.production.pandadoc.com	44.235.141.70	true	false	unknown
sentry.infrastructure.pandadoc.com	44.225.139.105	true	false	unknown
grafana-agent-faro.production.pandadoc.com	54.189.220.132	true	false	unknown
ax-0001.ax-msedge.net	150.171.28.10	true	false	unknown
bm2ydo9.impervadns.net	45.223.20.103	true	false	unknown
d296je7bbdd650.cloudfront.net	99.86.8.175	true	false	unknown
email.email.pandadoc.net	108.138.26.86	true	false	unknown
www.google.com	142.250.186.164	true	false	unknown
api.segment.io	54.69.251.6	true	false	unknown
ip2c.org	188.68.242.180	true	false	unknown
api.pandadoc.com	unknown	unknown	false	unknown
use.typekit.net	unknown	unknown	false	unknown
app.pandadoc.com	unknown	unknown	false	unknown
cdn.segment.com	unknown	unknown	false	unknown
p.typekit.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://app.pandadoc.com/document/v2?token=a0bcffa175414e2b8694792c4d9ae865b20836dd?	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.67	unknown	United States	15169	GOOGLEUS	false
142.250.185.228	unknown	United States	15169	GOOGLEUS	false
54.189.220.132	grafana-agent-faro.production.pandadoc.com	United States	16509	AMAZON-02US	false
13.32.118.18	unknown	United States	16509	AMAZON-02US	false
2.19.126.206	unknown	European Union	16625	AKAMAI-ASUS	false
143.204.215.126	unknown	United States	16509	AMAZON-02US	false
45.223.20.103	x4whrmz.x.incapdns.net	United States	19551	INCAPSULAUS	false
142.250.185.142	unknown	United States	15169	GOOGLEUS	false
150.171.28.10	ax-0001.ax-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.184.227	unknown	United States	15169	GOOGLEUS	false
188.68.242.180	ip2c.org	Poland	197226	SPRINT-SDCPL	false
108.138.26.86	email.email.pandadoc.net	United States	16509	AMAZON-02US	false
142.250.186.99	unknown	United States	15169	GOOGLEUS	false
35.155.246.37	unknown	United States	16509	AMAZON-02US	false
172.217.16.200	unknown	United States	15169	GOOGLEUS	false
18.239.69.82	d3m3a7p0ze7hmq.cloudfront.net	United States	16509	AMAZON-02US	false
142.250.110.84	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
13.32.118.196	d31uqz37bvu6i7.cloudfront.net	United States	16509	AMAZON-02US	false
54.69.251.6	api.segment.io	United States	16509	AMAZON-02US	false
2.19.126.211	unknown	European Union	16625	AKAMAI-ASUS	false
44.235.141.70	prom-fe-gw.production.pandadoc.com	United States	16509	AMAZON-02US	false
44.225.139.105	sentry.infrastructure.pandadoc.com	United States	16509	AMAZON-02US	false
2.19.126.198	unknown	European Union	16625	AKAMAI-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.174	unknown	United States	15169	GOOGLEUS	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
99.86.8.175	d296je7bbdd650.cloudfront.net	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541379
Start date and time:	2024-10-24 18:48:51 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://email.email.pandadoc.net/c/eJxUkMtu2zAQRb9G3Dmghg-RCy2cxExQp4WLNCiQTTAihxH9EFWJVtN-fWGg6WM3GMwZnHtD22nRRcNC9ucTDeUlhfbb-GOyDzvX3zxunx_Pw_6jK58co7ZuwDZcW21Y3yqswRIJL41WFmVAHclyVKA8l1ax1AIHWXMQteEWmqsIBmMUmmQTa1K6kpxOmI5XIw4BQ_ZXAxWW5pcyoSfsjtSW6Uzs2PaljHMl1hW4ChyO41_E51MF7l2_ArdAJVzJBxoqcYu88zFi3ShZS4LOaCsbC14Gi2S06oAboUOohGNDLikmjyXl4VIDcBmtFbRSgdNKNkQrNBBX2EkjgUOwXLI8veKQfv6BnrTBz9fXfXgzUjz0_UbfbO4km9olDWnusZL8MGQ64UWcTbSk-TepNvutfcrWPzdvX7ttcDuJqWGlfc_2z7gqOL3Sf5v5crG0wL7n6TCP6OnydL9f1l8m-tCtd026v9X3-U6R-xUAAP__azuhWA
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean3.win@24/42@52/253

Warnings

Exclude process from analysis (whitelisted): TextInputHost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.67, 142.250.185.174, 142.250.110.84, 172.217.16.200, 2.19.126.198, 2.19.126.206, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, use-stls.adobe.com.edgesuite.net, edgedl.me.gvt1.com, www.googletagmanager.com, clientservices.googleapis.com, clients.l.google.com, a1988.dscg1.akamai.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: https://email.email.pandadoc.net/c/eJxUkMtu2zAQRb9G3Dmghg-RCy2cxExQp4WLNCiQTTAihxH9EFWJVtN-fWGg6WM3GMwZnHtD22nRRcNC9ucTDeUlhfbb-GOyDzvX3zxunx_Pw_6jK58co7ZuwDZcW21Y3yqswRIJL41WFmVAHclyVKA8l1ax1AIHWXMQteEWmqsIBmMUmmQTa1K6kpxOmI5XIw4BQ_ZXAxWW5pcyoSfsjtSW6Uzs2PaljHMl1hW4ChyO41_E51MF7l2_ArdAJVzJBxoqcYu88zFi3ShZS4LOaCsbC14Gi2S06oAboUOohGNDLikmjyXl4VIDcBmtFbRSgdNKNkQrNBBX2EkjgUOwXLI8veKQfv6BnrTBz9fXfXgzUjz0_UbfbO4km9olDWnusZL8MGQ64UWcTbSk-TepNvutfcrWPzdvX7ttcDuJqWGlfc_2z7gqOL3Sf5v5crG0wL7n6TCP6OnydL9f1l8m-tCtd026v9X3-U6R-xUAAP__azuhWA

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 15:49:22 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9941729507631676
Encrypted:	false
SSDEEP:
MD5:	60DBDD04D631870292FA15470F0925CC
SHA1:	23F3FB0037DCA7D1B47D9E06C5F4EA3C1D64AC38
SHA-256:	6951C9DFD05B89CD7E6A33766BA05FF522ADC451D16037011715741D05441508
SHA-512:	D7263F8952E364FD761942E93BDD18514F179ECA7768032877B11E627F29A563A1A1CD9D7A79D0E2193EA38DA700661FEDF2413C0C2BEE996A044C8848FB2AB2
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......S.4&......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IXY#.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VXY.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VXY............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VXY,............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Y.>......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 15:49:22 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.009193869598559
Encrypted:	false
SSDEEP:
MD5:	258A41BB94D2485EEF25690ADAF3F5C5
SHA1:	57DD9998CA00B3B247D055F1EED92F28695FC69F
SHA-256:	547062F2B6DDD66004649D3FFB09B7F09F3346ECE2D91DACA46811FB24EB96EE
SHA-512:	24D3375C2CC402D68B664A2F464CC58B018E241F2F19F5097715A6FD3BA36AEB0E112A338AFC166E52E24D8D686A88C452CD6E612A22D4087EFFD0F6FF2B7407
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....@H.4&......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IXY#.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VXY.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VXY............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VXY,............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Y.>......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.020678557631992
Encrypted:	false
SSDEEP:
MD5:	8765FF3250F538043DB195B568E82F68
SHA1:	65FC76B22B3ABF9C2A128B324A71B6AE1FEFCC25
SHA-256:	6EDDB501E4CB9CE7E0BA8FF00A1A87CF540A0089D346AB274015B21D526F5F55
SHA-512:	71F05A500FDF843F6631BB263D2B0B03971D7F361FE0997AD551381A5D6BEE58078D5500CB182CB2690FDD9EBF1BDEDBD8900F83332E70818E662F87EF857EB9
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IXY#.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VXY.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VXY............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Y.>......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 15:49:22 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.0086392550891885
Encrypted:	false
SSDEEP:
MD5:	4534DEBF60E54BFD908429DE595112D1
SHA1:	DEDC848B2B158311BDE0B3598783FED38BA57DDB
SHA-256:	8690F576DB178664E25BA450F71EB2BA9A95CFDAB0576A7F47E5D2736C733F2D
SHA-512:	5B3BCD396CEB9449280C8087A97C01E9C2F3EB2DDB4C861E380FA91A2770811178CBC0BB1E65B8052281012904015F887A78CCACC138C4BB3CAEE652D455F571
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....LB.4&......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IXY#.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VXY.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VXY............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VXY,............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Y.>......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 15:49:22 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.998171606612624
Encrypted:	false
SSDEEP:
MD5:	18C3DF167FCF3C0DD8B0103EBEB3D520
SHA1:	10E10028E585DE3027887A5E31CF9C9821BC320C
SHA-256:	3FEED673413A6BBB6533872FCFB0BA9FA583D03D4130F1F1E4ACB23878289D9F
SHA-512:	7A13B8288BF928B373E141DDF3772B5EC65BE28B14AEA2FAB03B910A2EE3C80169D18A1FF37C5E04FC39FC9C6E1D48D050A0C0EC97BBB22AE8F22BA1A598202F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....z.N.4&......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IXY#.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VXY.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VXY............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VXY,............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Y.>......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 15:49:22 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.007301986513997
Encrypted:	false
SSDEEP:
MD5:	56EFFB0B852FE081C79462F679A180AE
SHA1:	D7D4FC8A2AEEEF340D2A8CEF5ACE5A1AAA02CF4C
SHA-256:	255B47799E3DFAA8B344521DF7DE5C24F375A4FB87613F4889772AAA5A0BE60E
SHA-512:	138E00DA83CD8AFD11BDD8DE68E9F58FF4B0E3632E078F8D9E0CCD5BA3D3DDFCACE4F48ECE81F74FD559168221BC274C9A8921D72E76D0FF98E1476D0F0672F3
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....t.8.4&......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IXY#.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VXY.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VXY............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VXY,............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Y.>......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (51248)
Category:	dropped
Size (bytes):	803131
Entropy (8bit):	5.421921171812066
Encrypted:	false
SSDEEP:
MD5:	CBDD7196EADD54BA3A460339913C250A
SHA1:	CF5F4054B6D8BCF1AA6415908B91D7A7A0746CC2
SHA-256:	ECF9BB70335389BB7A123A4ACF00AFD820B7525F3016220F1B4B7C9B051B9981
SHA-512:	76C441E2471D327D0821FEBD8C4BE0E3F3F8D987E8BDB0863F9DF9A08B8F0C7B21774F90DD6CFC118E5BEC8DD6F7A72FA6E4FC4BF8532330EA332EA496C0AACF
Malicious:	false
Reputation:	unknown
Preview:	!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},t=Error().stack;t&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[t]="c8f2663a-21a9-4b6d-9387-16714df14237",e._sentryDebugIdIdentifier="sentry-dbid-c8f2663a-21a9-4b6d-9387-16714df14237")}catch(e){}}();var _sentryModuleMetadataGlobal="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};_sentryModuleMetadataGlobal._sentryModuleMetadata=_sentryModuleMetadataGlobal._sentryModuleMetadata\|\|{},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack]=Object.assign({},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack],{dsn:"https://464edf46ca3e4914910e94a287c90ee7@sentry.infrastructure.pandadoc.com/209",release:"6cea0358"});var _global="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};_global.SENTRY_RELEASE={id:"6cea0358"},function(){var e,t,n

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	2285727
Entropy (8bit):	5.601439641559249
Encrypted:	false
SSDEEP:
MD5:	4B675637DD470DE2E5432BD00F4F0BB5
SHA1:	382F48D43D07366F716F60FD94048DEA15849AC7
SHA-256:	8789B0EAFD9D1C08CFB1CCFE0D5B8FDC8029B76DFE7280DCF7F964E8C8DA130C
SHA-512:	5A977A9629A588D4F00A9CCB3A6FE582EA0E3BF6C4AE64AAC2C774C1D13678D35758874B3E443DE7906951A20AD3282FE0C272F5880CBF7C93A50BADD748041F
Malicious:	false
Reputation:	unknown
Preview:	!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},t=Error().stack;t&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[t]="0efd138d-3e16-4ad2-a8a6-1f07771aef8f",e._sentryDebugIdIdentifier="sentry-dbid-0efd138d-3e16-4ad2-a8a6-1f07771aef8f")}catch(e){}}();var _sentryModuleMetadataGlobal="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};_sentryModuleMetadataGlobal._sentryModuleMetadata=_sentryModuleMetadataGlobal._sentryModuleMetadata\|\|{},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack]=Object.assign({},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack],{dsn:"https://464edf46ca3e4914910e94a287c90ee7@sentry.infrastructure.pandadoc.com/209",release:"6cea0358"});var _global="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};_global.SENTRY_RELEASE={id:"6cea0358"},(self.webpackChunkap

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (13330), with no line terminators
Category:	downloaded
Size (bytes):	13332
Entropy (8bit):	5.527572521742933
Encrypted:	false
SSDEEP:
MD5:	D64C2647DCA0860D0DD4F8CB5759374F
SHA1:	D869488DC28714CA3CE6408378FB438B4DE8850C
SHA-256:	3340F14EF5CB12761B3A50D7EB49B25B09436149026AC788FDF452483DCBEBE7
SHA-512:	186A08AD5EC3FF38391B94DC3512CAC915F35C06F8DEFD8D551D41D96CBBA75FCF59DF5E0C3D8F830B2FB41A386D4F318A7AF21F30E48E4840D638B1691E1D26
Malicious:	false
Reputation:	unknown
URL:	https://d3m3a7p0ze7hmq.cloudfront.net/scripts/public/497-6b061e7c.js
Preview:	!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},t=Error().stack;t&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[t]="01ff9751-0805-46a3-8bd9-7c68c5b6a9c3",e._sentryDebugIdIdentifier="sentry-dbid-01ff9751-0805-46a3-8bd9-7c68c5b6a9c3")}catch(e){}}();var _sentryModuleMetadataGlobal="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};_sentryModuleMetadataGlobal._sentryModuleMetadata=_sentryModuleMetadataGlobal._sentryModuleMetadata\|\|{},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack]=Object.assign({},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack],{dsn:"https://464edf46ca3e4914910e94a287c90ee7@sentry.infrastructure.pandadoc.com/209",release:"6cea0358"});var _global="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};"use strict";_global.SENTRY_RELEASE={id:"6cea0358"},(self.w

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 32036, version 1.0
Category:	downloaded
Size (bytes):	32036
Entropy (8bit):	7.991314981889466
Encrypted:	true
SSDEEP:
MD5:	27DE126EE53A99B516BAC4FEF7B9EBF6
SHA1:	1C830FA3FC03AA4A434C5E8ADE82118EDAC61D70
SHA-256:	317DDA667DC824BCF31D1212B96458FC108C3C800B338EED9654EA982856D5B3
SHA-512:	ACAA4261E572228084A880D3C94AF447E3FF4BDDD329B018EB65B77308CB40932C215648A58740A6E18F478A5AA570D2BF7C3C255494491EF435E3897EF80037
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/af/24ee9c/000000000000000000017870/27/l?primer=f487d64050e5a20217ec75cc7cfa50075ea3aed4ccdcc6b091e03c5c3109dfbd&fvd=i4&v=3
Preview:	wOF2......}$..........\|.........................?DYNA...:?GDYN........X.`..`........W.....@.....,...4.6.$..(. ..K. ...........q.......Z..............W...?../~.....O...?.....E`...:......7....%J...XPg.$).<? ...\...y:....'.3#;.Y3.....B........XM..D..8..jd[.....a4B...."D....^..3!Y...Y.C..8.a....a..qhBc.7.O..O.......e.e..........'.[P&.....t`I3.e(..2....+...E......y.....s'..1$....C\|d!N.j..=0.kBH{.?..x.....l.......(.0x.F..y.l./h.{...M.......wM....m.\.._C..........kF3.+...h..Yz.+.]._...X.NJ]..2........U.1..o......Qf..).w.zV.?./J..n..(...Z/~.....s..<I..I.@.y...^..m..0B_e2.Y..........h...kB...=5...u..VZ...........+..........s...;.....UW..D..$mn..?...'..........._.\J..&jH5......fWN...wl.5.......1..._._..hMw..W ..[...=.E..p.p..]....u_.....j..g...G\.tH].EG.!.....@..'...X......r.%....3..M.t.....D.c.B...s.bUn....s..JW.{S.v?....:..K.t..\t"....B..E.n....b..(~...K,...........n.\..D^.9.$qA...^./R...N)4.....+.+.......f..$m.y....,.*...K...%...{..?."[. !Y...j'

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	35
Entropy (8bit):	2.9302005337813077
Encrypted:	false
SSDEEP:
MD5:	81144D75B3E69E9AA2FA3E9D83A64D03
SHA1:	F0FBC60B50EDF5B2A0B76E0AA0537B76BF346FFC
SHA-256:	9B9265C69A5CC295D1AB0D04E0273B3677DB1A6216CE2CCF4EFC8C277ED84B39
SHA-512:	2D073E10AE40FDE434EB31CBEDD581A35CD763E51FB7048B88CAA5F949B1E6105E37A228C235BC8976E8DB58ED22149CFCCF83B40CE93A28390566A28975744A
Malicious:	false
Reputation:	unknown
URL:	https://p.typekit.net/p.gif?s=1&k=xil0wwv&ht=tk&h=app.pandadoc.com&f=14032.14033.14034.14038&a=695998&js=1.21.0&app=typekit&e=js&_=1729788620790
Preview:	GIF89a.............,..............;

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 31852, version 1.0
Category:	downloaded
Size (bytes):	31852
Entropy (8bit):	7.9934303597810485
Encrypted:	true
SSDEEP:
MD5:	55E7912D883CD18082489EFA9FEC99C0
SHA1:	3F039EC46DB0DDFD237194D6714187FF62C76E5E
SHA-256:	895CBB4B1F371A23836C44CB03AE3AB1FD71B5D728B3B1A5338C94393F506938
SHA-512:	960B795A1E59F08BC14684744508D11E25AAF825E6A600CBE6ECF638CFA081CD4042ADB18B8F133A3E8C51B990BAF1D145022BD0CF162D394D1D2947C8CB9113
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/af/a5aede/000000000000000000017873/27/l?primer=f487d64050e5a20217ec75cc7cfa50075ea3aed4ccdcc6b091e03c5c3109dfbd&fvd=n7&v=3
Preview:	wOF2......\|l.......<..{.........................?DYNA.l.>?GDYN.5...0..n.`..`.....z..W.....h..!..,...4.6.$..(. ..K. ..b.]...........{....p..I=.....9!.{......W.........._..._...X..\|..\9.@..Q6G.,...'H.....[U.u-......7......q.X.1D\b...@...\|..?..R.]R@.:..s^#..#s.dD..e\....._.....+`.6.A......@..P.S..S?5P.s...w~.5..P...~.x..?.<R.\p........P.....[S.H..s...W.:.<...'.v.?.K.SIKp..6..L...8.....?0.Fl....w..lG...b../P..k.#q..NSy....ISJ...'...Jo..l.J...[......;.S.W..C* -i.q.......\...f......b..F...f.bT.-! ).".(m......tsFcm.X.+W..........m..s..~.O.z...!.AL. .\....(.<=..7.L...f....j.g..`f...*.B..Hqm...0..r...fJ.Nv.{>..Roq.'..4..\..)....t../...{f....K..........:G...$... t...(.r....E.\|h...d&...!:.r............GU..W.M......S..j.gf%b[.......S..[Q..P....k.Er.~........(...;+C.EZ".........u...c.....<...fgouvn..]m]..s.5gl......s>...Bk....Y...$d.......,..- @...M.J...%.......Zi..A.aQu8..A....o...? v..r.JS..;..qN....Q. w..9I.x^{.Z...@iJ....R.\|hl4...D.m.....E.'.%..Qx.#.

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 36060, version 0.0
Category:	downloaded
Size (bytes):	36060
Entropy (8bit):	7.986546133786081
Encrypted:	false
SSDEEP:
MD5:	9E2A133D11A3F64D9268A2F48071B4B7
SHA1:	1A3AA3B84D8E9D7132D8E15977B462472CFC3BAD
SHA-256:	753F57DC72FDB621491F0830ADB6B6EAB4B975659DD008A713398543FD9FE5C9
SHA-512:	907BDB775A2CB0E4B929BC05D0F1B4184C3BDDEE07F6946E062BB7ED6B01548CE3D3538B6A22213A91717B4927565BDFED9577457F4F0EBFBCB41E1A6E05CAF1
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/af/572e5b/00000000000000000001786f/27/d?primer=f487d64050e5a20217ec75cc7cfa50075ea3aed4ccdcc6b091e03c5c3109dfbd&fvd=n4&v=3
Preview:	wOFF........................................DYNA.............. GDEF.......;...>.9..GDYN...........5.b..GPOS... .."...F\|".S.GSUB..3<..........$OS/2...P..._...`....VDMX.......8....Wo^.cmap..............mcvt .......!....:..Cfpgm...,........./.7gasp................glyf..;...>...c]-..khdmx..zx.......4./.Lhead.......6...6..i.hhea.......!...$./..hmtx...@..........H~loca...,.........Qq5maxp....... ... ....name...(...'...K..\hpost........... ...Dprep...P.........<1.x...wX.j.......7e..].HF....{eS6...M.......TF6....{....s0...iII%R.N_...J!5..i._...#.>....H...H.}..lzO&.....o.BN.!+....d..G..a}EN..%....5..J"/NJ$...@~..9.(.x.)bu...Q..zJ!J...)....Yq........)....E.(I9...G)XKSQw)Ce.,Ut..\u.r..&.f...nP.z.J..5SSW.....J-...u..x.....E...T...S...4.9<..Yj.Hg.Mc..&:E..Z.h....NP....>.:F.Z.(..6....6:Lc...Mh.X.......9.t..tV4>tQ..t..Z......5=..6..>..[......~.....:2@...@.3........2..a.Nw.k.=....d...Q.Lo..}..M.e....8m.?..L.z.2.:..Z.`.h-C........c.V1......JF2S+..,-g4...?.h)c...%HK..<-f<.

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	105589
Entropy (8bit):	5.174730886452631
Encrypted:	false
SSDEEP:
MD5:	0ADC15338F62DEE4FE19022A515F6D5F
SHA1:	A6F8DDEC5DC5A1BD7642644BCAE01449198C1D66
SHA-256:	A7D672A8D80569869A504E861D159547F7A2244FFDEDDF78F1060BDD29714335
SHA-512:	11A254C7135168CF165920CF1484C409185621BF06EB5C09E9AE4097E785B531393E1C93E7A09DD0D75E739EBBCE457C98C63B73F1014FD00035E134829838A7
Malicious:	false
Reputation:	unknown
URL:	https://cdn.segment.com/analytics.js/v1/IN9wKPxg93hx85atsQFJxStKZWxpOfRU/analytics.min.js
Preview:	!function(){var t,e,n,r,i={8878:function(t,e,n){"use strict";var r=this&&this.__importDefault\|\|function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(e,"__esModule",{value:!0});var i=r(n(325));function o(t,e){return function(){var n=this.traits(),r=this.properties?this.properties():{};return i.default(n,"address."+t)\|\|i.default(n,t)\|\|(e?i.default(n,"address."+e):null)\|\|(e?i.default(n,e):null)\|\|i.default(r,"address."+t)\|\|i.default(r,t)\|\|(e?i.default(r,"address."+e):null)\|\|(e?i.default(r,e):null)}}e.default=function(t){t.zip=o("postalCode","zip"),t.country=o("country"),t.street=o("street"),t.state=o("state"),t.city=o("city"),t.region=o("region")}},4780:function(t,e,n){"use strict";var r=this&&this.__importDefault\|\|function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(e,"__esModule",{value:!0}),e.Alias=void 0;var i=r(n(1285)),o=n(9512);function s(t,e){o.Facade.call(this,t,e)}e.Alias=s,i.default(s,o.Facade),s.prototype.action=function(){return"alias"},s.p

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, CFF, length 32740, version 0.0
Category:	downloaded
Size (bytes):	32740
Entropy (8bit):	7.990041179362989
Encrypted:	true
SSDEEP:
MD5:	12FE9F6C5C4A16AAC01CE1F881C9D6A2
SHA1:	53FF0F3CEBA131812C3EED869CB0D92C976D6068
SHA-256:	D288720B0711823E1EEF66E4AB938A708B811771C61517103F327D22F86AC9E5
SHA-512:	D4EF814C9312F82F640EF2E38424CB0333CC11F7E339359BD2E4F16C3E04D97611798F19FCE38CD5B898DF8139CF64C967844D847D1EB44B571A876F428495FB
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/af/f5ecb0/00000000000000003b9aeb29/27/d?primer=fff1a989570eb474b8c22c57cc7199e63bfc7e911b750165d0199218f0b7e7cc&fvd=n4&v=3
Preview:	wOFFOTTO...........@........................CFF ......rr....L. DYNA..v....v...O5...GDYN..vx.........0..GPOS..w........`T.d.OS/2.......V...`..Z.cmap..}$..........%head.......4...6....hhea...`...$...$....hmtx..z,........AR..maxp.............lP.name...P.......D.&M.post..}........ ...2x.c`d```dh..~..o....P....y.0....]...o....L Q.}.. x...n.0.E..'M[...t(:pLP@..........x,`.-D6....K.N.2.o2w.W..z)...(.......H.........}.:.......g..........~.>.....`.{...k.~.W....o.{.D.....m.>5....c.'...z....{..u.1.b..qq"R9.".KUVb.V....z...-.V.8..Z.0.s...Ec.c.h....G+.[c&.HL.S..kK.....R..0.2....t.....K..z.(...\|6N..L.......A...p.8F...)$.T.r.....H.4Xq.4.06..s.W.X..=5.1cgty.S....W...9...ey.+....v...O.0.]..C........7...i..g..-....tm..j./G.pn._....iv.0......)_~D..b..^...x.c`b.c..............B3.e0b...e`ea.QL.......... $2..(.9...... &.....`.gL...3............R...............E.............l..P..l..x...\|.G. >.\.+#[.W.RV.wL...0.`.M....nYV..-..{...B.@H..._H..eV....-......N......fG.`.....

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 59468, version 0.0
Category:	downloaded
Size (bytes):	59468
Entropy (8bit):	7.990548488317567
Encrypted:	true
SSDEEP:
MD5:	FCCBBCF34F7008712240ECB598AC7889
SHA1:	91F0E1D66F38E4D25A92D4480C7449DC4D650052
SHA-256:	91E4363380D9B8E505E7EECB21114F9E993E3C405C2EEB5FF406795F09031589
SHA-512:	C616C6A3DDC19CC7360AFD305F91D74276B7920A7CBEE64AB26A00FB293E3A583B12DBDD8D9998970D58C91A1BFEA6F068999D00546C9CF6D2EA62C12A2E7831
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/af/39dd62/000000000000000000016dce/27/d?subset_id=1&fvd=n4&v=3
Preview:	wOFF.......L................................DYNA.......$...ph.b.GDYN...@...1...11.3#GPOS...t...... .gqF.GSUB...<...h....<.,)LTSH.......f...\t7..OS/2...\|...Y...`..[.cmap..........F0.<rcvt ...............+fpgm...........s.W.5gasp.............\|..glyf..........{.<...hdmx...............+head.......6...6...0hhea.......!...$...rhmtx.......4...`t.Poloca... .........e.lmaxp....... ... .q.fname...(.........Bwpost...........^..8lprep.......r...., ....E.?.O.P.W.~..............x.].=N.0...8l..H..-+.+..R8.P.@(<.?.D..Hih\p..3]..`.....3......k..m.......L.. ...I ..U.I..8sl..w..dQ?..:.x.....o[...`..V.t...).Q.....s.....L./..L`.//..F..i.C..+=ctEc.h.. ....G..d.9.j........xP.......E'.O...F.....Q.U.C;..k.dXc..D.w_....'5....^k................`...............wJ_.<....................}.J................x...N.@..?.@.K.{+u_.. .D.....8@$..&K..o..J.{..#p...6..............ogf.................^.......mj.-..=.Z.c.......[N.5...Xv.s.-..q.-.....r.._.w.oy..Vl...z.\|.X.\q.I..(.2.*.fB..p2..<3...

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (2495)
Category:	dropped
Size (bytes):	18621
Entropy (8bit):	5.570314147333731
Encrypted:	false
SSDEEP:
MD5:	7F70F3B3EC998F285EFF0380183C90EC
SHA1:	C0A1A055356B0123DF66C404150C30E3BDFDC588
SHA-256:	D0398A3E4C2C7122CB2736DCCD87E6F5B2F28CC1512B170EA18B584001565A03
SHA-512:	5F0C8BA6B58BC4A2FFED846A13C3821D0FD9871856099A5B7AF572FD875012B0FAE61E5CFBD1EACF8F35C771C5CEA27D0A8DDA501FC6EC64237E0952E90FFAAE
Malicious:	false
Reputation:	unknown
Preview:	/. The Typekit service used to deliver this font or fonts for use on websites. * is provided by Adobe and is subject to these Terms of Use. * http://www.adobe.com/products/eulas/tou_typekit. For font license. * information, see the list below.. . bistro-script-web:. * - http://typekit.com/eulas/000000000000000000011b85. * felt-tip-roman:. * - http://typekit.com/eulas/00000000000000000001721c. * ff-market-web:. * - http://typekit.com/eulas/000000000000000000016dce. * lakeside:. * - http://typekit.com/eulas/000000000000000000017719. * lush:. * - http://typekit.com/eulas/00000000000000003b9aeb29. * madre-script:. * - http://typekit.com/eulas/000000000000000000015725. . . 2009-2024 Adobe Systems Incorporated. All Rights Reserved.. */.if(!window.Typekit)window.Typekit={};window.Typekit.config={"a":"695998","c":[".tk-felt-tip-roman","\"felt-tip-roman\",sans-serif",".tk-ff-market-web","\"ff-market-web\",cursive",".tk-bistro-script-web","\"bistro-script-web\",cursive",".t

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 92640, version 0.0
Category:	downloaded
Size (bytes):	92640
Entropy (8bit):	7.9951502662763945
Encrypted:	true
SSDEEP:
MD5:	3137793E9AAC04CF7AFACA20F028BC34
SHA1:	6C82226B990E4ADF9730A4F4C8D599F94B8B4D76
SHA-256:	2E96C26E9FABF85B68F20CDFDB4CF7746BB1EDB40FBBB6456824232809EBE82C
SHA-512:	18E2F2E695BFC4322F03B7EBD1F249821AE7944E4728424ABBBC539032AB4BB4B5BB68D7989B6D376AFB056260A5DDF98182C5E5BDA1022446EE579CFE889846
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/af/14d4d5/00000000000000000001721c/27/d?subset_id=1&fvd=n4&v=3
Preview:	wOFF......i.................................BASE.......:...:.-..DYNA..............GDYN.......9...9.'znGPOS...........J....GSUB.............{ OS/2.......V...`.o..cmap..f(.........U.Icvt .......>...t....fpgm...$.......l.r.<gasp................glyf......A...l..n8.head.......6...6.2c.hhea...p... ...$...hhmtx..U..........1..loca..Z....A.....a..maxp....... ... .E.Sname...........'.=.-post.._....F....R..pprep............y..[..............ideoromn..DFLT..latn...................j......x.c`..,.0....[.<._e.....+.....yg.<.u"..2.3.....X.%......5.%...x.Viw.F..y.J.....0b.4X#..... .1....J.E..t...o.y2.9..?.....H.s8.p...y....$..z$..K1..IC;OB.a.R...t/.\).{D..VK..C""..ZGX".}.,M2>.(.e[.&...t.....o?....i(....Z.lI..V.Hf]R.%.z+I....W.P.4.4..ch$.1Za...q.E6Yn.)... .<.k.s......fHE...a~DV.QA+.%.Yq........u..h....'g..R...M;.B.ao}'....n...i8p;"......W...........T,{4.%.8..^....h=.....#.3<..._v......?.=.raB.ocYOU.I0Q.6G...#.VR...Z...S>..\|%.....6.u..........&t.....<.. JIg...9..#...6V.Xy4.c.

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, CFF, length 41212, version 0.0
Category:	downloaded
Size (bytes):	41212
Entropy (8bit):	7.990396416130348
Encrypted:	true
SSDEEP:
MD5:	D6F46A7B4FE82D8D4CDBBAEF01D7CA30
SHA1:	6CB458D530532AC0C2614D6A192359227D443846
SHA-256:	FF259E234FC182D395563625DF06577A01FF24166C0EA00B2B20FCAAA0B11B8E
SHA-512:	DA6F146F35E73CD9D4CAA4A4157CE4CE9165E3AADD91EF887CEA6F4E3E4512B4A16611657EF3C5B01D8041885D8D98C99FB4FA952263B8A2D51AD88F6B81E278
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/af/626672/000000000000000000017719/27/d?primer=fff1a989570eb474b8c22c57cc7199e63bfc7e911b750165d0199218f0b7e7cc&fvd=n4&v=3
Preview:	wOFFOTTO..........[.........................BASE...D...:...:....CFF .......t..B=B.^DYNA...0............GDYN............rc.GPOS................OS/2...4...Z...`....cmap......./...:}v.ogasp................head.......4...6..(Ehhea.......$...$....hmtx............rvlmaxp..............P.name.......x....}<..post........... .\.<..............ideoromn..DFLT..latn...................T..............x.c`d```d8".7.5...+.3......y.`....s]f...230.D..n..x...J.@......)....JH...m...U.Q.\.tHC.d...\|.........u.s...3......@..~...1.x......!.,..y...#..w...<..Wv..>.......-..k...qe.OMdy...w...<..x.-.u...#....u...,tY..s.t.M..V.e...Wj.L.T.d..U....w<.b.gZO._.Q.:)..I.fyaL5v]..T..'sWq.v.......[...F..1.0..".)...Y#%=..SY@...s..h.p.7.h....F.^....rb.f.....b,...S.....eTi.f.f...D...)..../0.K3\|...U.9.g..+{GM..e>.......~Yx.c`arf.........>.4...i....F..f66&.Vvv^&...v.$..S\.......?....{L.....Ar..,.@J......f........................................P.....x..}.\SW..9....k..k.......'*....FB.!!...v

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Category:	downloaded
Size (bytes):	1428458
Entropy (8bit):	5.2783063066149305
Encrypted:	false
SSDEEP:
MD5:	B8F2DCFA32323381942358F224422393
SHA1:	1B1317EB616C2531E13902D1E03DA7FC528D1204
SHA-256:	730ED14EE9F80B4B9A09ED47EEF06E122C172E642D06D723C2CBFB683DDA4A0A
SHA-512:	B67114AE6888625808C96430E5344662EBAFEB69762333784FDD73473E5041396207A17C0A251DDE50C58C0D82BD1025B911FEF78D981ACC48B23D61F3AB7109
Malicious:	false
Reputation:	unknown
URL:	https://d3m3a7p0ze7hmq.cloudfront.net/scripts/public/render-application-d3d627a5.js
Preview:	!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},t=Error().stack;t&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[t]="f27a8cc8-9f44-47ff-a62e-97a2b5b773de",e._sentryDebugIdIdentifier="sentry-dbid-f27a8cc8-9f44-47ff-a62e-97a2b5b773de")}catch(e){}}();var _sentryModuleMetadataGlobal="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};_sentryModuleMetadataGlobal._sentryModuleMetadata=_sentryModuleMetadataGlobal._sentryModuleMetadata\|\|{},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack]=Object.assign({},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack],{dsn:"https://464edf46ca3e4914910e94a287c90ee7@sentry.infrastructure.pandadoc.com/209",release:"6cea0358"});var _global="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};"use strict";_global.SENTRY_RELEASE={id:"6cea0358"},(self.w

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (29256), with no line terminators
Category:	downloaded
Size (bytes):	29256
Entropy (8bit):	5.467229346390774
Encrypted:	false
SSDEEP:
MD5:	76E3143FFE44C158DF39B653BCB828B8
SHA1:	9BE5790D6C64A1C5A5BE1DBB3BB6B3F7EBA48A5A
SHA-256:	EBF7EDF3BDE756A18971A958C072068B34FA03A4504B6E3A9702C1027E711C12
SHA-512:	DF89FE893E83D02D581E7F6B29744258502534F66754A595B1AEED063598E7C2DB8CA7F5AF8EFF0462DAF5CCB30DB0E1383C761605433C03C8572D5139AD48B8
Malicious:	false
Reputation:	unknown
URL:	https://d3m3a7p0ze7hmq.cloudfront.net/scripts/public/application-aa035147.js
Preview:	!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},t=Error().stack;t&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[t]="c45ff397-adbb-40b2-90e1-2c750d274b41",e._sentryDebugIdIdentifier="sentry-dbid-c45ff397-adbb-40b2-90e1-2c750d274b41")}catch(e){}}();var _sentryModuleMetadataGlobal="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};_sentryModuleMetadataGlobal._sentryModuleMetadata=_sentryModuleMetadataGlobal._sentryModuleMetadata\|\|{},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack]=Object.assign({},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack],{dsn:"https://464edf46ca3e4914910e94a287c90ee7@sentry.infrastructure.pandadoc.com/209",release:"6cea0358"});var _global="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};"use strict";_global.SENTRY_RELEASE={id:"6cea0358"},(self.w

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 537817
Category:	dropped
Size (bytes):	137792
Entropy (8bit):	7.997466176206119
Encrypted:	true
SSDEEP:
MD5:	00977ADA2F7F8EEC3E2E9FA4C409F9F0
SHA1:	D167666561F7665E8C637D9CC7510516E6BAD61D
SHA-256:	5E5B6C3CA4F871B4E4202D0024FAB28D5159BCC7B490CE97AD577E764DEDD0DB
SHA-512:	8F2952B083A6D1D84C9FBE3B829D360295FB5D2EC0D333AA8A784973E55E453EF3D186DA1C754EA0E232C7EFA9A58F071DA336A94124B6D9F18C65C9D8ECC9EC
Malicious:	false
Reputation:	unknown
Preview:	............r..0..=.F5{ok")....+.q<...6....T..I.).!);.(U.;.7<Or..^@..."e..m...@w.oh..z..t..9..%E......Y.tf...e..+....x........pj....7.Q..........~;.W.?..Q\.\|.H0.....,.z...[......?#.b?.F..fk#..O...+i..._......Z..._e.3.tR~..J..5.\|(Y~R..V.\.g.x...\|.Z..A.~.Z......;........_.....,.jj..S...An..P.\|..8..GN'npK...<m...V.4I.G......]..{qv~....'...~q.?.....i..h.o./~...D}E"..n..!..^.$xN..4.A..$..Mpt.......w/.0..[.`R......G.x.#F.y9?.O.$..I..\|.3]...r@&....^.L.N.[.6GZ.x.).... .fO.\|.k.*.=....8.)............l..0..N#..M.Z....&.@....o.}O-.8....'g...K..#.....i.S.T....%{>.Z.+-..\|a..H..a@.....xQS...vS.]..0).h~......-...U....-.......~0...Yc..f.Yg..S.Y......-.......y...f....2.F[j.....o...9....d4.i~l;....g..p.......7..(.PMkGH,...pv5f..yY.T..p.!.m.....0mb..?...Tp.%...O..Zq.".)R5..?}.....P.!..{.~+.j....k.!.....v....).%.."o.F.`..=...5..@,.3..g.NC9.._G...P.v...6........U.9...d.+$.R]m.J.r...k..z#/E.rM.R..n..j.[..`.$.l.[nBIYJ.U....$.._.!..]..4...t.(..).v{527

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (42611)
Category:	downloaded
Size (bytes):	537833
Entropy (8bit):	5.544302289313755
Encrypted:	false
SSDEEP:
MD5:	AD9E12679753DE8F3D1FFDB365A327E5
SHA1:	1F81CF6608CF1A457E33E25C54336244A8B44104
SHA-256:	A5D022910AF7990D2EF31EA7B72BB19C3C140CE9485AECA8855F461457690404
SHA-512:	04ACC83D577DE149D5555C7721C9E1D1F89B42EA26D5B0C2D65EDF74DA76CE88E4FCF9F0A1F2B5474A70378A979968337581045DE6B62685B60DFF846E79BD69
Malicious:	false
Reputation:	unknown
URL:	https://www.googletagmanager.com/gtm.js?id=GTM-59X7GP
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. . (function(w,g){w[g]=w[g]\|\|{};. w[g].e=function(s){return eval(s);};})(window,'google_tag_manager');. .(function(){..var data = {."resource": {. "version":"1167",. . "macros":[{"function":"__u","vtp_component":"HOST","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__e"},{"function":"__aev","vtp_varType":"HISTORY_CHANGE_SOURCE"},{"function":"__u","vtp_component":"PATH","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__v","vtp_dataLayerVersion":2,"vtp_setDefaultValue":false,"vtp_name":"path"},{"function":"__u","vtp_component":"URL","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__v","vtp_name":"gtm.triggers","vtp_dataLayerVersion":2,"vtp_setDefaultValue":true,"vtp_defaultValue":""},{"function":"__jsm","vtp_javascript":["template","(function(){return navigator.userAgent})();"]},{"function":"__k","vtp_decodeCookie":fa

Chrome Cache Entry: 132

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	887044
Entropy (8bit):	5.456168400847401
Encrypted:	false
SSDEEP:
MD5:	CE8F1AEF47293DE9704FFE7D2D7A9335
SHA1:	F9C0C48525877A0C1F903D18247C612BBA296034
SHA-256:	0421D5A0D7C3716CC02BB7C6C76DA9C50271246D9C4CFA8B5EE67178BA4B4CD2
SHA-512:	E6EFE3C29B5112607F846ED0B5D186DABCB680CE6D509D1FEC1DAD02FC6E948D9B3DCD759004AD5F36F5F0B6751BF73F339BAB656AB5A60883A42B252A9BDAE8
Malicious:	false
Reputation:	unknown
URL:	https://d3m3a7p0ze7hmq.cloudfront.net/scripts/public/897-4ae42251.js
Preview:	!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},t=Error().stack;t&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[t]="191af99a-ded5-46d8-bba7-639fc3952847",e._sentryDebugIdIdentifier="sentry-dbid-191af99a-ded5-46d8-bba7-639fc3952847")}catch(e){}}();var _sentryModuleMetadataGlobal="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};_sentryModuleMetadataGlobal._sentryModuleMetadata=_sentryModuleMetadataGlobal._sentryModuleMetadata\|\|{},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack]=Object.assign({},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack],{dsn:"https://464edf46ca3e4914910e94a287c90ee7@sentry.infrastructure.pandadoc.com/209",release:"6cea0358"});var _global="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};_global.SENTRY_RELEASE={id:"6cea0358"},(self.webpackChunkap

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (10562), with no line terminators
Category:	dropped
Size (bytes):	10564
Entropy (8bit):	5.421972440769226
Encrypted:	false
SSDEEP:
MD5:	59688714054BDF428E03F9CBF8E34849
SHA1:	4263FD6D55F19141E0AFA9B64F2F6194535EE7EA
SHA-256:	C49CF3057D60F8457DD0A28915178A39AFC991F3CECA0A39A0A2C103D77EB0B8
SHA-512:	E6034E09C7BB79F7B5A333F9EC1C364F81749DDB94406CB7D4266D4B1BDED24B4C3ED0D41FF873D367D759E66A80E4D586072612E5B8F154E4825710251DB2CA
Malicious:	false
Reputation:	unknown
Preview:	!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},t=Error().stack;t&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[t]="7fdcd3c1-6382-4290-9f88-4ea7d166f969",e._sentryDebugIdIdentifier="sentry-dbid-7fdcd3c1-6382-4290-9f88-4ea7d166f969")}catch(e){}}();var _sentryModuleMetadataGlobal="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};_sentryModuleMetadataGlobal._sentryModuleMetadata=_sentryModuleMetadataGlobal._sentryModuleMetadata\|\|{},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack]=Object.assign({},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack],{dsn:"https://464edf46ca3e4914910e94a287c90ee7@sentry.infrastructure.pandadoc.com/209",release:"6cea0358"});var _global="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};"use strict";_global.SENTRY_RELEASE={id:"6cea0358"},(self.w

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, CFF, length 33916, version 0.0
Category:	downloaded
Size (bytes):	33916
Entropy (8bit):	7.989069987387289
Encrypted:	false
SSDEEP:
MD5:	E2C66C65D0481C6A08601D836B320D31
SHA1:	7D0180018A8EECB1CF825C29E8FB9853FC3AE870
SHA-256:	83296FAF267F185095EAA183B99D616354159FF4937356C0424AB35792443FCC
SHA-512:	C38A3187ECA5F366359F7F349C58C1922C89863761093279C76330C2C9F61C02B209BECBBAC9415AA715262D738CB5D80FE43D41E1B04E3A85441324FC95B3D1
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/af/217cd3/000000000000000000015725/27/d?primer=fff1a989570eb474b8c22c57cc7199e63bfc7e911b750165d0199218f0b7e7cc&fvd=n4&v=3
Preview:	wOFFOTTO...\|................................CFF ......w.......&DYNA..{T...d......GDYN..{..........n".GPOS..\|D...]......2OS/2...@...X...`.J].cmap..............ygasp...0............head...8...5...6..]<hhea.......$...$....hmtx..\|.........%..]maxp.............-P.name...p........,...post........... ...2........x.c`d```d8z...+...+.3......O.k0....?X.0.f`b`.b ..p......x.S.j.@.......&.V.n.s.aP.06.....I..I..:.X........L..].'....Bt.HH;;.\|.....9.#@......{..8...<..)J.G.\|.x.....1....H.]...w.......{.C...=.A.\|.x....x...x...[..1..s.tF-.V..Gb..'b.Yn.]+q.Vy\|.5.^WJ...P6..^.."qVU.u...V.GYF..4R..F5..jUx.m3..21l.\.!s'M.t-.(I.]...6Y.[.>(..z..u..q...NO'S.C.A.......8D.#..$..'Ds.f.+.QS-p...\.[..H.V..^8GE...%.5;Kzt....T~.n.Nr.\......-./p...}C...V..+.v..T.?.e./.7...95k).'....C...(c......E.4+..+......)...&...^8.1...x.c`b.e..............B3.e0b...e`e..r20/``X.........A..@..LL...100.f.P``...c..,....X..[.....................................-..P..-..x...X...0.0...Geh........sD..I...

Chrome Cache Entry: 137

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	39
Entropy (8bit):	4.150410872541981
Encrypted:	false
SSDEEP:
MD5:	C8AFAA01E196E2941079EE40518C6DDD
SHA1:	31E1E251B39A1BBE9089DAE25DB0E4DFCBCDE03F
SHA-256:	98CCFCE8AB03E4FBDFD9A102041136C596409B088AC5A9DF0C9C72044F8F6ECD
SHA-512:	1F043B6BF74197AF92929B3AB7123F1E9CF0C2DD5273ED0DC5371B6182831CA4C9591CAA9B9B6B90E1BB1696E450D39A4DE5D68BE6842479711F3FE2EFD4A393
Malicious:	false
Reputation:	unknown
URL:	https://ip2c.org/self
Preview:	1;US;USA;United States of America (the)

Chrome Cache Entry: 138

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	12
Entropy (8bit):	3.4182958340544896
Encrypted:	false
SSDEEP:
MD5:	3975E60F0C61E93A6D0A9F1DEF435EAC
SHA1:	5C1A4A02F3681AD95FBFCEF9EE56F62B37B9AB36
SHA-256:	0CD6AED5D21AE37310B3C4E0FACF48009005018BF4402FBCDA1CB66D69B03346
SHA-512:	0672C57CB800229D4919EE3C885FDE25F3722A90FD260F29D74CBAD65353FDA134F94592E581FBFB02C7897AA23DF49C2579295C22B6AA5B1077D6D5597CAAB6
Malicious:	false
Reputation:	unknown
Preview:	Bad Request.

Chrome Cache Entry: 139

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	7046
Entropy (8bit):	4.498606290735948
Encrypted:	false
SSDEEP:
MD5:	CE13971DF72514459DACDDBFCB02CEBA
SHA1:	94D52AFA31AECFB24D72D40C3A50380D8C0010FF
SHA-256:	2700877139715F94E1EA32627B5F655950ED74476B95E6A9BCA24CF0F766AAE9
SHA-512:	73B4BC8557B154A80E2DB7A7CE0697CAA7C8D82CDB79C08B2BBC2F06276B5B6004A3CC3C99A8E238C65BEE53052FBAFC666216B96CE1E789400495754B48D192
Malicious:	false
Reputation:	unknown
Preview:	{. "libjs-pduikit-next": {. "Afghanistan": "Afghanistan",. "Albania": "Albania",. "Algeria": "Algeria",. "Andorra": "Andorra",. "Angola": "Angola",. "Antigua and Barbuda": "Antigua and Barbuda",. "Apply": "Apply",. "Argentina": "Argentina",. "Armenia": "Armenia",. "Aruba": "Aruba",. "Australia": "Australia",. "Austria": "Austria",. "Azerbaijan": "Azerbaijan",. "Bahamas": "Bahamas",. "Bahrain": "Bahrain",. "Bangladesh": "Bangladesh",. "Barbados": "Barbados",. "Belarus": "Belarus",. "Belgium": "Belgium",. "Belize": "Belize",. "Benin": "Benin",. "Bhutan": "Bhutan",. "Bolivia": "Bolivia",. "Bosnia and Herzegovina": "Bosnia and Herzegovina",. "Botswana": "Botswana",. "Brazil": "Brazil",. "British Indian Ocean Territory": "British Indian Ocean Territory",. "Brunei": "Brunei",. "Bulgaria": "Bulgaria",. "Bulk actions": "Bulk actions",. "Burkina Faso": "Burkina Faso",. "Burundi": "Burundi",. "Cam

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	404
Entropy (8bit):	5.558741207422855
Encrypted:	false
SSDEEP:
MD5:	71CA0A3D885CC7D2BD17774FE28A2FF9
SHA1:	4B1A199AE3B079828021932A40416501A8C16132
SHA-256:	8B738C850E0D43AB085BEC142E424D77EFF9A9619CB6135B340E4DB1111DACDE
SHA-512:	A0409E3C6EFE951B34428E61657B4D44F03AA281088C6386E860A80078F16416D16D6FEEB6802C3FE797C66C27BE5225148EF70FA86AA7F56A352E6FACC20B50
Malicious:	false
Reputation:	unknown
URL:	https://app.pandadoc.com/p/a0bcffa175414e2b8694792c4d9ae865b20836dd/data
Preview:	{"contact_id": "RgA6fZUN9t4A6t8qTpEBqd", "organization": "U68aQBBhdx843LhhE6CEG4", "workspace": "jjvATreJbAP7iHD6HoG5eF", "language": "en-US", "field_ids": [], "recipient_id": "9CiYbKYT3VNwqhNzsyRnf2", "token": "a0bcffa175414e2b8694792c4d9ae865b20836dd", "auth_type": "X-Token", "document_id": "qpyr9LPFhCSKZSunjMFtNF", "uuid": "9UqQmfNuWZPErXATV2r6Q3", "actor_ids": [], "disable_gdpr_disclaimer": false}

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (2258)
Category:	downloaded
Size (bytes):	17600
Entropy (8bit):	5.564556038086872
Encrypted:	false
SSDEEP:
MD5:	B92C3B34B483F7E05ECA568AADFC259E
SHA1:	8BFB22D00E69D11CC1777CBA16CF2A35EA8BF87C
SHA-256:	ECABFF39F6E2886D5BEBD78B3AC41079BB0087C8B2C9E10DAF81B412DA6D31A4
SHA-512:	9C95563FC1758E31754DB10F036A7267C8AE33CD6BEA5E65933BF2F67E4270FACE97FAFBC41C1514EA747F8CEE9685B9A40D9986AFF6328CDC9B6C5F13176A04
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/xil0wwv.js
Preview:	/. The Typekit service used to deliver this font or fonts for use on websites. * is provided by Adobe and is subject to these Terms of Use. * http://www.adobe.com/products/eulas/tou_typekit. For font license. * information, see the list below.. . aktiv-grotesk:. * - http://typekit.com/eulas/00000000000000000001786f. * - http://typekit.com/eulas/000000000000000000017870. * - http://typekit.com/eulas/000000000000000000017873. * - http://typekit.com/eulas/000000000000000000017871. . . 2009-2024 Adobe Systems Incorporated. All Rights Reserved.. */.if(!window.Typekit)window.Typekit={};window.Typekit.config={"a":"695998","c":[".tk-aktiv-grotesk","\"aktiv-grotesk\",sans-serif"],"fi":[14032,14033,14034,14038],"fc":[{"id":14032,"family":"aktiv-grotesk","src":"https://use.typekit.net/af/572e5b/00000000000000000001786f/27/{format}{?primer,subset_id,fvd,v}","descriptors":{"weight":"400","style":"normal","stretch":"normal","display":"auto","variable":false,"primer":"f487d64050e5a2

Chrome Cache Entry: 142

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	575428
Entropy (8bit):	5.48442435967911
Encrypted:	false
SSDEEP:
MD5:	D1185B084CFF3607DDFD1AC45EE8063E
SHA1:	2491D25C38C2D21CA46F25524C97CD34F75F4508
SHA-256:	C2A10998183249CF80A379A528851DABB079E29C11502E3388D585691B108EAA
SHA-512:	C1C210D33516D2DE23F35DF42F8F4D5D4D1FFE04C715E8FB92AC80420FD6A9A329A4A34971429F8CE9D917275006C35272870C7B3F2C9BA19BD411EEF92B1400
Malicious:	false
Reputation:	unknown
Preview:	!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},t=Error().stack;t&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[t]="98e7fdd4-97c2-4270-a3d3-5f379e459910",e._sentryDebugIdIdentifier="sentry-dbid-98e7fdd4-97c2-4270-a3d3-5f379e459910")}catch(e){}}();var _sentryModuleMetadataGlobal="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};_sentryModuleMetadataGlobal._sentryModuleMetadata=_sentryModuleMetadataGlobal._sentryModuleMetadata\|\|{},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack]=Object.assign({},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack],{dsn:"https://464edf46ca3e4914910e94a287c90ee7@sentry.infrastructure.pandadoc.com/209",release:"6cea0358"});var _global="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};_global.SENTRY_RELEASE={id:"6cea0358"},(self.webpackChunkap

Chrome Cache Entry: 143

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, CFF, length 24840, version 0.0
Category:	downloaded
Size (bytes):	24840
Entropy (8bit):	7.984104972245715
Encrypted:	false
SSDEEP:
MD5:	A4FB291179304E15203836B3C5EEFFD8
SHA1:	2FE3BC6151E4E4668E91C14CA8F8DDC08C97D8DA
SHA-256:	6E345E02059C27BC9EB488B3E2D07CC811D390B15BDAF5E676929CBCA38FCB10
SHA-512:	EE1460F8031BA1919AC74210968788D1AA240EB2808EB7DED2A8441073238E89E54AB7FC99ED8D361CF2946810C63575FCE48C67723461EFDE0D6687177AF88E
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/af/295394/000000000000000000011b85/27/d?primer=fff1a989570eb474b8c22c57cc7199e63bfc7e911b750165d0199218f0b7e7cc&fvd=n4&v=3
Preview:	wOFFOTTO..a.................................CFF ......XW..{..1DYNA..\....<.......FFTM...D........U0..GDEF..\<...-...2....GDYN..\l...Q...Q...GPOS..\.... ... l.t.OS/2...(...W...`..[.cmap.._...........}.head...`...3...6...;hhea....... ...$.5.whmtx..\........._...maxp.............wP.name...............post.._........ ...2.................o........Jsx.c`d``.b..K....\|e.f~..a8u..F.7.7..y/........s..X.x...J.0.....:......M...vg.ww..i.3.)IF.\|.....V......'...D...\|...s.R..x.@w...X`...W....8...=j.".a.O.....}d.G..mre..Y`O.G^A_.".....=j^".a_.F^......R\|^.vf......H.+u..1....5SW7..h..DNZ.}.wIQ;o..T.n...M......."....n.u.y.Je.R..u...m..~....'.....\.._YV.....-f.L5F..C..............j'...:.......\07..;.......;....s....;.T.....0myV....#_8...p.y?..I.}.....E...<)G...&-.....yS.to...W.1J....H...x.c`b.a..............B3.e0b...e`ec.Q.....;0(x1@A@dP0.P.7...o....2&+00L..1V0.`P.Bf....{.x.c`d``..o......_..=.P..0....\....P..w..x...X.W.8>.:YuU...$`..{..A....{.....#..."J..+..{l..$F......

Chrome Cache Entry: 144

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1303), with no line terminators
Category:	downloaded
Size (bytes):	1303
Entropy (8bit):	5.439947247778059
Encrypted:	false
SSDEEP:
MD5:	145EB7EA718B1033DDEF9ED7CB924259
SHA1:	854F298350CB37D31FD18E0F8A2539ABDD886CFC
SHA-256:	7216AC29740F5EF520CC7DEA059EDB049B95FAA673DBFA59932C592BDF90AC95
SHA-512:	DFAA64997F09EF065110031C8F05E73881ABE09E8F30D5660D4B2084FD7EC8EBD631DFAC765080CA70B8480BB6C93883C262CDD4AAEFBFDC8CEB6E4295E61015
Malicious:	false
Reputation:	unknown
URL:	https://d3m3a7p0ze7hmq.cloudfront.net/scripts/public/849-e3521aea.js
Preview:	!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},a=Error().stack;a&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[a]="693f4245-0675-426a-9ec2-cb1a2b90295a",e._sentryDebugIdIdentifier="sentry-dbid-693f4245-0675-426a-9ec2-cb1a2b90295a")}catch(e){}}();var _sentryModuleMetadataGlobal="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};_sentryModuleMetadataGlobal._sentryModuleMetadata=_sentryModuleMetadataGlobal._sentryModuleMetadata\|\|{},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack]=Object.assign({},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack],{dsn:"https://464edf46ca3e4914910e94a287c90ee7@sentry.infrastructure.pandadoc.com/209",release:"6cea0358"});var _global="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};_global.SENTRY_RELEASE={id:"6cea0358"},(self.webpackChunkap

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 7046
Category:	downloaded
Size (bytes):	2036
Entropy (8bit):	7.862562466789438
Encrypted:	false
SSDEEP:
MD5:	191F7AD44CF1EA350040A751FEBBAA42
SHA1:	4AF1A90BB744EC6E4F35C0D3E4549B460BC29456
SHA-256:	99111FE7EB4996B2917934777F0C0FC38FD3765DEEC5DF003D3EF804BA863E7D
SHA-512:	9EE56D6751EE7C74D229C9E54767FBB237F022D9E0819C57BE6F7598D8EBFB355AB23C3BF99F14976F981CD43E912E89BB755B3FB5148CDB3818E7D26E79A2E7
Malicious:	false
Reputation:	unknown
URL:	https://d31uqz37bvu6i7.cloudfront.net/locales/en-US/libjs-pduikit-next.json
Preview:	.................K.....s...9.wR{....Y..a.E.....@.J,.N.c.>E_.I....=.t......$@.....Gg....<d{..7.... A...x.o....]...p=:P(K%..BH..C...K%cp..R?.1C.~.A...I...b..Zr..7...xj......T.{.7!n^R..-4hi..r5..{.7.F...&X6(....3)R....f9..H9.d..)ka.A.XV2.<1)..{5.6....+B.c.!.J....H%....d.3.j.p.....vi..d....j]!.......,.......LD;...4C...X./J..F...S..d._..Xs../....@9M\s2..."........2.C..H+.0p....0..M.?...!...h.~.q.&.Mt...J}.H+..8.....=`..3...Ci....G.J....ut.ET....uCXL.....\|.J\|oI.3../.u;pNI....`^.dDW.....heS.4.E..I.&..z..;DH#.1@.C...E.y79.....#Z.:s.a%.....'.w8.o.O.O[.H!v..R..)...!.2.U....\|..a......?.2...E...9...q]...Y.4.d`..FQ...}......5[o.%\|oJ6...9,.,)..&RH:.03.-..S..R..b..}...y.."..<.@J}....%p.........,.M.....=.0....b%..qd.RI...DH.9..7.CW..R:E...c\.3..Q.......E5P.c?&(z.......U.......)EB.....e...l.^.......W.rgE2y.+....B</Z$..t@.@h.]F...'.>U..5.D.....h?IB.3...M..T.6....K.H%3.,.qC..&......(..&.n.Z.BB\.K+.T-,,.\.8+....z.I...q.....K.E....x{.J\|\.}..W..M.._%hN.T..t.DH...

Chrome Cache Entry: 146

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (19217), with no line terminators
Category:	dropped
Size (bytes):	19217
Entropy (8bit):	5.368453406802769
Encrypted:	false
SSDEEP:
MD5:	5641C00B5DD4BDA4D8BACD6F3C5E6DF3
SHA1:	8603691050FAF5D4512F899224B8C7BEB48649E7
SHA-256:	EC09DAA2EF653E0CDC95053ADD3CC89A847F8BE3BF545E1099FCF00BF9E7E81D
SHA-512:	FA22635043B9E1F542F59B71D6C6B759D3391CA3C619D0C52DBB15294FA88D0DE2EF40EC7087B102540B2D306030A2FADFC98111436DDAF448D5AF57BCF0B722
Malicious:	false
Reputation:	unknown
Preview:	!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},t=Error().stack;t&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[t]="af26c6b1-e5ad-4b12-a98e-6f245c6b93e2",e._sentryDebugIdIdentifier="sentry-dbid-af26c6b1-e5ad-4b12-a98e-6f245c6b93e2")}catch(e){}}();var _sentryModuleMetadataGlobal="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};_sentryModuleMetadataGlobal._sentryModuleMetadata=_sentryModuleMetadataGlobal._sentryModuleMetadata\|\|{},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack]=Object.assign({},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack],{dsn:"https://464edf46ca3e4914910e94a287c90ee7@sentry.infrastructure.pandadoc.com/209",release:"6cea0358"});var _global="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};"use strict";_global.SENTRY_RELEASE={id:"6cea0358"},(self.w

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1568), with no line terminators
Category:	downloaded
Size (bytes):	1568
Entropy (8bit):	5.296218111867881
Encrypted:	false
SSDEEP:
MD5:	FB62FF357869273C49E4347B2DBD9F17
SHA1:	DB590C709034A2523EF4FC0C672634714135006F
SHA-256:	47393C222B39F5F5D3808AFB73F45D3DEAC1EEDDEE2A4C2931C73C63D20C3BB2
SHA-512:	7525002B4BA824B7968D97F5CA9A206438DED4FD9C25728B89B83040AFF53559099732FB528C62670D61A7A0A45AC01BDAA02FB85F2716BF678C7CDFACF9B63E
Malicious:	false
Reputation:	unknown
URL:	https://d3m3a7p0ze7hmq.cloudfront.net/scripts/public/674-b6908620.js
Preview:	!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},a=Error().stack;a&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[a]="e454de15-e1a4-43d8-b09d-62580259f697",e._sentryDebugIdIdentifier="sentry-dbid-e454de15-e1a4-43d8-b09d-62580259f697")}catch(e){}}();var _sentryModuleMetadataGlobal="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};_sentryModuleMetadataGlobal._sentryModuleMetadata=_sentryModuleMetadataGlobal._sentryModuleMetadata\|\|{},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack]=Object.assign({},_sentryModuleMetadataGlobal._sentryModuleMetadata[Error().stack],{dsn:"https://464edf46ca3e4914910e94a287c90ee7@sentry.infrastructure.pandadoc.com/209",release:"6cea0358"});var _global="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};_global.SENTRY_RELEASE={id:"6cea0358"},(self.webpackChunkap

Chrome Cache Entry: 148

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	TrueType Font data, 19 tables, 1st "BASE", 16 names, Macintosh, Copyright (c) Mark Simonson, 2001. All rights reserved.Regular400c721eab41fee0ef9c0868357cdc5a-V
Category:	downloaded
Size (bytes):	178812
Entropy (8bit):	6.027137194787382
Encrypted:	false
SSDEEP:
MD5:	F3D8DFFB8B95DFA5A3B2A1AF1C07FFED
SHA1:	DBCE54E99111F13BA4F29DE723B446A0DF3F0C47
SHA-256:	DC65A0973862900E4E55404CFCC1229A8E9A71AD911065CA6354D9899EEA2CF5
SHA-512:	E76D43AB807F410A8156DCEB196151CF78366747C3BED03B04647D4E7E9DB40294489D0D237E8A7FDBC75B3BA267048AAEF19A793A8D06EE4A30A15C47D48A41
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/af/14d4d5/00000000000000000001721c/27/a?subset_id=1&fvd=n4&v=3
Preview:	...........0BASE.-.....<...:DYNA...........GDYN.'zn...D...9GPOS...........JGSUB..{ ......OS/2.q.........`cmap.U.I........cvt .......x...tfpgm.r.<.......lgasp.......X....glyf.n8...,...l.head.2c....`...6hhea...h...d...$hmtx.1..........loca.a..........maxp.E.S....... name..Qv........postR..p...P....prepy..[...h..................ideoromn..DFLT..latn...................j...................................9.9.Q.I.I...H.......:.....H.......:.....9.9.Q.I.I.......g...........9...g...........2.2.., ..UXEY K...QK..SZX.4..(Y`f .UX..%a.....cc#b.!!..Y..C#D....C`B-..,. `f-.., d ..P..&Z.(..CEcER[X!#!..X .PPX!.@Y. .8PX!.8YY ...CEcEad.(PX!...CEcE .0PX!.0Y. ..PX f ..a ..PX`. . PX!..`. .6PX!.6`.`YYY...+YY#..PXeYY-.., E ..%ad ..CPX..#B..#B.!!Y..`-..,#!#! d..bB ..#B...CEc..C..`E..! ..C . ...+.0.%.QX`P.aRYX#Y! .@SX..+.!.@Y#..PXeY-..,..C+....C`B-..,..#B# ..#Ba..bf..c..`..-.., E ..Cc...b ..PX.@`Yf..c`D..`-..,....CEB!....C`B-..,..C#D....C`B-.., E ..+#..C..%` E.#a d . PX!....0PX. ..@YY#..PXeY..%#aDD..`-.

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1093)
Category:	downloaded
Size (bytes):	16754
Entropy (8bit):	5.217985767613787
Encrypted:	false
SSDEEP:
MD5:	BD17E428CF6E82F7E0DF7E9F8795DC5B
SHA1:	14C10F2804C113F5860F3C844A2D8C3A75933107
SHA-256:	D0BA65F0FDD6848BD84663CF194D16DC7826B4D096804886CC3E51695DD822C8
SHA-512:	3D6396DB2DEBE15EC2845E287DCC0BA78664C1526ED9EE0650F454F3AA17D89D82C0648D9A11CF3F1A158C3E7658B70783C8D4C9FAB092A721157330DEA016E8
Malicious:	false
Reputation:	unknown
URL:	https://app.pandadoc.com/document/v2?token=a0bcffa175414e2b8694792c4d9ae865b20836dd?
Preview:	....<!doctype html>.<html class="no-js">.<head>. <script type="text/javascript">. // This functional is needed in scope of the following task https://pandadoc.atlassian.net/browse/PD-470. (function() {. try {. var reactNativePostMessage = function(message) {. if (window.ReactNativeWebView && typeof window.ReactNativeWebView.postMessage === 'function') {. window.ReactNativeWebView.postMessage(JSON.stringify(message));. }. };. window.reactNativePostMessage = reactNativePostMessage;. } catch(_) { }. })();.</script>.. <script type="text/javascript">. (function() {. try {. if (window.reactNativePostMessage && typeof window.reactNativePostMessage === 'function') {. var type = "web_to_mobile";. var name = "html_loaded";. window.reactNativePostMessage({ type: type, name: name });. }. } catch (_) { }. })();.</script>... <meta charset="utf-8"/>. <title>PandaDoc</title>. <meta name="viewport" cont

Chrome Cache Entry: 153

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	983
Entropy (8bit):	4.207649423086504
Encrypted:	false
SSDEEP:
MD5:	8E9E8256306BB6C63D51C549183102E2
SHA1:	058CFD9888C73D0B1752E645D0DD6C6FBEB2167B
SHA-256:	501DF3CD143539B3D5D3DC6B4F01C44F90CDEA4A66A25DFDC18A250354CC5CD0
SHA-512:	98A6BE603C54CAE8D5E425218CF2A518DB35BAA467807A33E5E277926E719F78AA1CFA3AE0A551E68EB05B3F082F1D698C436A0F3069A9D24797F6F946BC4450
Malicious:	false
Reputation:	unknown
URL:	https://d31uqz37bvu6i7.cloudfront.net/locales/en-US/libjs-pduikit.json
Preview:	{. "libjs-pduikit": {. "Apr": "Apr",. "April": "April",. "Aug": "Aug",. "August": "August",. "Cancel": "Cancel",. "Dec": "Dec",. "December": "December",. "Feb": "Feb",. "February": "February",. "Fri": "Fri",. "Friday": "Friday",. "Jan": "Jan",. "January": "January",. "Jul": "Jul",. "July": "July",. "Jun": "Jun",. "June": "June",. "Mar": "Mar",. "March": "March",. "May": "May",. "Mon": "Mon",. "Monday": "Monday",. "No options found": "No options found",. "Nov": "Nov",. "November": "November",. "OK": "OK",. "Oct": "Oct",. "October": "October",. "Remove": "Remove",. "Sat": "Sat",. "Saturday": "Saturday",. "Search": "Search",. "Select": "Select",. "Sep": "Sep",. "September": "September",. "Sun": "Sun",. "Sunday": "Sunday",. "Thu": "Thu",. "Thursday": "Thursday",. "Tue": "Tue",. "Tuesday": "Tuesday",. "Wed": "Wed",. "Wednesday": "Wednesday". }.}

Chrome Cache Entry: 154

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 36604, version 0.0
Category:	downloaded
Size (bytes):	36604
Entropy (8bit):	7.988359518233979
Encrypted:	false
SSDEEP:
MD5:	070E6144E012BFF42C174D3FF5883694
SHA1:	D28413F7225649686D3508259735DBED3CCF0A22
SHA-256:	84D62FC8EC678428CA051DC5F1EF9230F804FABE0138F5AA980E304232181477
SHA-512:	B74C4DD97AA82DBFCF80C95EF41A623AFEA6CDEED584BFDFB6AA0F0237AEFA24495A7CCDB8BA1A92CC1CA6F5DE367F424DB4735D3BE6EEE840794108D72FA1E4
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/af/2b9aa5/000000000000000000017871/27/d?primer=f487d64050e5a20217ec75cc7cfa50075ea3aed4ccdcc6b091e03c5c3109dfbd&fvd=n5&v=3
Preview:	wOFF...............8........................DYNA.............. GDEF.......;...>.9..GDYN...$.......5.b..GPOS...0..!...F..d..GSUB..3$..........$OS/2...`..._...`...$VDMX.......2....W.^.cmap..............mcvt .......#....7." fpgm...(........./.7gasp................glyf..;...@...b.1..?hdmx..\|........4\|.i.head.......6...6....hhea.......!...$.i..hmtx...h........ .C&loca...X...t.....Pjomaxp....... ... ....name...$...'...KW.'ipost........... ...Dprep...L........9.M.x...eT.h.F..m.vwcwa.&vww......]`cw.b...v..&........{....C\|b.8$T,...Kb3......C.......$".....D.2.#I..$#.....&...$..He.;R.oIc}$i..C:2....d.o...^...zAf.9Y.af.... ....<zBv..19.G.$....zHn...y(......K~.......RB.....)L)...u...5.QN7.4oP.....^.NI....d...B)C.].,.t.rx.2.KT...E-]..y.J..ySW.B=..*..j4...i..T..B.A...&Mu.Z43k.\'.C....-u.z..Q...l@[..!.t.F..!..A.iB'..)..ft.~..U.hA7.%..V..nZ..lCo.-}..v.....O.....f'.j+.....0H...`m..C....3{...d.......7#..>..Z.2...X..?....k......d...e.9.).d0S..!L.r.2]....-.Y.pfk.#...._...\-d

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 192 x 192, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1616
Entropy (8bit):	7.566229799379347
Encrypted:	false
SSDEEP:
MD5:	E5478BAE7F80255640DF3CE4E1CD3470
SHA1:	0DB3AB1357DC931F6DAF279D32D9F80B730ED9A9
SHA-256:	A32C724FCADBA359BB73ED69D2F4E29E3F01E7C75C69AB68F0ADDDC14BCC97E3
SHA-512:	304EA8F8879B9873DC4FE8BE8485577B07CD222F93A0DECD18D80210317D0D9196F3A25D5C36FF96722573411A4C03AF4A9B981B27AFAC4CFF2F59D03E4FC492
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............e..5....PLTE............'.i...B.\|$.gt..s...........).k...O..Y..n..-.n:.w...3.r+.l......c...............0.oF.~.............z..R..6.t_.........>.y.......f...........K........]..\|..`-?....WIDATx...i..0..`@....W..e..u.g....:.zZ..\h..7_5.C...E....................................?.((..........................O...n9q.k:..l}!`<..........h.).....\|]....PQ..nj......\|E....P..V..}..i.s..G..."..^.....[7#...D..XP.{...V...wU%..ja5W...t@s...q..YS%i.........)..............e.....z#........d..._.....a.P..K...ZK..H..r........lZ.y..>...F.g...Tu.K...0..^~.S`..K........Z.Q...?..g[}......c...nH.....pC.$>..C.TI.......{.......\...9<Y..r.l._...V..9o..QMO...2?<s..t.9W5.O.5q.L.+..^..}....M......./....J..x..8E.`Da........o.:......+..0?\..:....` ....i..l....-.p.eh.7y.7.F...+8Q6...B{J...5........gD....7.,E<...=KU......$..r......2...d@O.@K...E...H..)..&.>m......k.T..!U>....:.].#b...fR.#.xdv..U.x*.P!..U.<..!.`....$Gk.&.\...@...V.

Static File Info

⊘No static file info

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 115

Chrome Cache Entry: 117

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 137

Chrome Cache Entry: 138

Chrome Cache Entry: 139

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 142

Chrome Cache Entry: 143

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Chrome Cache Entry: 147