IOC Report
https://na2.docusign.net/Signing/EmailStart.aspx?a=4174db92-522c-4bf5-8c4b-e7b0cf607ab0&acct=23785f6d-05e4-4cfc-b399-e804e495ab71&er=71639067-2cb3-4848-aca0-e72c5cdd3bbf

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 100
ASCII text, with very long lines (65448)
downloaded
Chrome Cache Entry: 101
ASCII text, with very long lines (631), with no line terminators
downloaded
Chrome Cache Entry: 102
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 103
Web Open Font Format, TrueType, length 13780, version 1.0
downloaded
Chrome Cache Entry: 104
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 105
ASCII text, with very long lines (65446)
downloaded
Chrome Cache Entry: 106
ASCII text, with very long lines (65443)
downloaded
Chrome Cache Entry: 107
ASCII text, with very long lines (28691)
downloaded
Chrome Cache Entry: 108
ASCII text
downloaded
Chrome Cache Entry: 109
Unicode text, UTF-8 text, with very long lines (65452)
downloaded
Chrome Cache Entry: 110
ASCII text
downloaded
Chrome Cache Entry: 111
Web Open Font Format, TrueType, length 47748, version 1.0
downloaded
Chrome Cache Entry: 112
ASCII text, with very long lines (65440)
downloaded
Chrome Cache Entry: 113
ASCII text, with very long lines (8936)
downloaded
Chrome Cache Entry: 114
Unicode text, UTF-8 text, with very long lines (30982)
downloaded
Chrome Cache Entry: 115
Web Open Font Format, TrueType, length 47748, version 1.0
downloaded
Chrome Cache Entry: 116
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 117
GIF image data, version 89a, 44 x 44
downloaded
Chrome Cache Entry: 118
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 119
Web Open Font Format, CFF, length 33752, version 0.0
downloaded
Chrome Cache Entry: 120
ASCII text, with very long lines (23649)
downloaded
Chrome Cache Entry: 121
ASCII text, with very long lines (65448)
downloaded
Chrome Cache Entry: 122
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 123
HTML document, ASCII text, with very long lines (65448)
downloaded
Chrome Cache Entry: 124
ASCII text, with very long lines (13242)
downloaded
Chrome Cache Entry: 125
ASCII text, with very long lines (65448)
downloaded
Chrome Cache Entry: 126
JSON data
downloaded
Chrome Cache Entry: 127
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 128
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 129
Unicode text, UTF-8 text, with very long lines (61862)
downloaded
Chrome Cache Entry: 130
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 131
JSON data
dropped
Chrome Cache Entry: 132
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 133
ASCII text, with very long lines (11789)
downloaded
Chrome Cache Entry: 134
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 135
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 136
GIF image data, version 89a, 145 x 60
downloaded
Chrome Cache Entry: 137
ASCII text, with very long lines (34237)
downloaded
Chrome Cache Entry: 138
ASCII text, with very long lines (21484)
downloaded
Chrome Cache Entry: 139
ASCII text, with very long lines (16717)
downloaded
Chrome Cache Entry: 140
ASCII text, with very long lines (65443)
downloaded
Chrome Cache Entry: 141
GIF image data, version 89a, 44 x 44
dropped
Chrome Cache Entry: 142
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 143
Unicode text, UTF-8 text, with very long lines (21884)
downloaded
Chrome Cache Entry: 144
ASCII text, with very long lines (436), with no line terminators
downloaded
Chrome Cache Entry: 145
ASCII text, with very long lines (62117)
downloaded
Chrome Cache Entry: 146
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 147
ASCII text, with very long lines (65438)
downloaded
Chrome Cache Entry: 148
ASCII text, with very long lines (16384)
downloaded
Chrome Cache Entry: 149
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 91
ASCII text, with very long lines (19601)
downloaded
Chrome Cache Entry: 92
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 93
Unicode text, UTF-8 text, with very long lines (65445)
downloaded
Chrome Cache Entry: 94
Unicode text, UTF-8 text, with very long lines (65247)
downloaded
Chrome Cache Entry: 95
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 96
GIF image data, version 89a, 145 x 60
dropped
Chrome Cache Entry: 97
ASCII text, with very long lines (58175)
downloaded
Chrome Cache Entry: 98
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 99
ASCII text, with very long lines (7911)
downloaded
There are 50 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2028,i,8087644695049965104,3964481613383778308,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://na2.docusign.net/Signing/EmailStart.aspx?a=4174db92-522c-4bf5-8c4b-e7b0cf607ab0&acct=23785f6d-05e4-4cfc-b399-e804e495ab71&er=71639067-2cb3-4848-aca0-e72c5cdd3bbf"

URLs

Name
IP
Malicious
https://na2.docusign.net/Signing/EmailStart.aspx?a=4174db92-522c-4bf5-8c4b-e7b0cf607ab0&acct=23785f6d-05e4-4cfc-b399-e804e495ab71&er=71639067-2cb3-4848-aca0-e72c5cdd3bbf
https://developer.mozilla.org/en-US/docs/DOM/XMLHttpRequest#withCredentials
unknown
https://na2.docusign.net/Signing/?ti=7d5411edbf694262a0ed71852bf35fb2
http://documentcloud.github.com/underscore/
unknown
https://github.com/zloirock/core-js/blob/v3.25.2/LICENSE
unknown
http://www.ecma-international.org/ecma-262/5.1/#sec-12.4
unknown
https://github.com/douglascrockford/JSON-js/blob/master/json_parse.js
unknown
http://dbj.org/dbj/?p=286
unknown
http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/
unknown
https://gist.github.com/1930440
unknown
https://github.com/zloirock/core-js
unknown
https://a.docusign.com/ds_arya_wrapper.min.js?f=1
35.162.217.246
http://dean.edwards.name/weblog/2005/10/add-event/
unknown
There are 2 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.google.com
64.233.185.105
api.mixpanel.com
35.190.25.25
fp2e7a.wpc.phicdn.net
192.229.211.108
arya-1323461286.us-west-2.elb.amazonaws.com
35.162.217.246
cdn.optimizely.com
unknown
a.docusign.com
unknown
docucdn-a.akamaihd.net
unknown
na2.docusign.net
unknown

IPs

IP
Domain
Country
Malicious
192.168.2.6
unknown
unknown
35.190.25.25
api.mixpanel.com
United States
239.255.255.250
unknown
Reserved
35.162.217.246
arya-1323461286.us-west-2.elb.amazonaws.com
United States
64.233.185.105
www.google.com
United States

DOM / HTML

URL
Malicious
https://na2.docusign.net/Signing/?ti=7d5411edbf694262a0ed71852bf35fb2
https://na2.docusign.net/Signing/?ti=7d5411edbf694262a0ed71852bf35fb2
https://na2.docusign.net/Signing/?ti=7d5411edbf694262a0ed71852bf35fb2
https://na2.docusign.net/Signing/?ti=7d5411edbf694262a0ed71852bf35fb2
https://na2.docusign.net/Signing/?ti=7d5411edbf694262a0ed71852bf35fb2
https://na2.docusign.net/Signing/?ti=7d5411edbf694262a0ed71852bf35fb2