Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
HCCTP Amendment Cohort.msg

Overview

General Information

Sample name:HCCTP Amendment Cohort.msg
Analysis ID:1431137
MD5:3bf75cf29b5ec00d4c2b2f9292592c13
SHA1:8c3b6f8196fb64deb55ec12ab33408020ae3e9b3
SHA256:19f6df1075f6fa6d18cbef27807a026c9eb5b4018519167b4c74c7aff2e68597
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Phishing site detected (based on OCR NLP Model)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory

Classification

Analysis Advice

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 7156 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\HCCTP Amendment Cohort.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 3008 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "97229DED-A3E6-4961-8B58-95034213398C" "ABDDF01F-72F1-44D2-B515-FC900A969E04" "7156" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 4360 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fna1.conga-sign.com%2Fapp%2Fv1%2Faudit%2Ftransaction%2F1n7w03gci5nvzwny631t5ypnn7l8bmxot4kv29map8lxtlj060&data=05%7C02%7Cpeter.chang%40gracehealthmi.org%7C1c1f30e1662a490e8f6608dc62d843eb%7C501385e324fe4d2390e84ae2370ff8a3%7C0%7C0%7C638493928215344366%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=SrpqIptPJCzsQZm46Vjr%2BqNhhNhys73UrYw8BIQyR0I%3D&reserved=0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 5872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1600,i,3799308633222476533,3281352149495727952,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7156, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: MSG / EMLML Model on OCR Text: Matched 89.4% probability on "Conga Sign Please Sign Documents Amy Reyes has sent Grace Amendment 1 Cohort.docx for your signature. Good morning! Please see the attached amendment and sign at your earliest convenience. Please let me know if you have any questions. Thank you! Please click on the button below to start the signing process. View Document To reassign the signer, click here To view the audit trail, click here Conga Sign Transaction ID: ln7w03gci5nvzwny631t5ypnn718bmxot4kv29map81xtlj060 Conga Global Headquarters 13699 Via Varra Broomfield, CO 80020 United States "
Source: https://na1.conga-sign.com/app/v1/audit/transaction/1n7w03gci5nvzwny631t5ypnn7l8bmxot4kv29map8lxtlj060HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 20.190.151.131:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.61.210.98:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.61.210.98:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 9MB later: 28MB
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.151.131
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.151.131
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.151.131
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.151.131
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.151.131
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.151.131
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.151.131
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.151.131
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.151.131
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.151.131
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.151.131
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: nam02.safelinks.protection.outlook.com
Source: global trafficDNS traffic detected: DNS query: na1.conga-sign.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownHTTPS traffic detected: 20.190.151.131:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.61.210.98:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.61.210.98:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: classification engineClassification label: clean2.winMSG@18/38@8/34
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240424T1619130387-7156.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\HCCTP Amendment Cohort.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "97229DED-A3E6-4961-8B58-95034213398C" "ABDDF01F-72F1-44D2-B515-FC900A969E04" "7156" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fna1.conga-sign.com%2Fapp%2Fv1%2Faudit%2Ftransaction%2F1n7w03gci5nvzwny631t5ypnn7l8bmxot4kv29map8lxtlj060&data=05%7C02%7Cpeter.chang%40gracehealthmi.org%7C1c1f30e1662a490e8f6608dc62d843eb%7C501385e324fe4d2390e84ae2370ff8a3%7C0%7C0%7C638493928215344366%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=SrpqIptPJCzsQZm46Vjr%2BqNhhNhys73UrYw8BIQyR0I%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1600,i,3799308633222476533,3281352149495727952,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "97229DED-A3E6-4961-8B58-95034213398C" "ABDDF01F-72F1-44D2-B515-FC900A969E04" "7156" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fna1.conga-sign.com%2Fapp%2Fv1%2Faudit%2Ftransaction%2F1n7w03gci5nvzwny631t5ypnn7l8bmxot4kv29map8lxtlj060&data=05%7C02%7Cpeter.chang%40gracehealthmi.org%7C1c1f30e1662a490e8f6608dc62d843eb%7C501385e324fe4d2390e84ae2370ff8a3%7C0%7C0%7C638493928215344366%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=SrpqIptPJCzsQZm46Vjr%2BqNhhNhys73UrYw8BIQyR0I%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1600,i,3799308633222476533,3281352149495727952,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InProcServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Process Injection		LSASS Memory12
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Extra Window Memory Injection		1
Extra Window Memory Injection		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
nam02.safelinks.protection.outlook.com
104.47.57.28
truefalse
    		high
    www.google.com
    		142.250.141.99
    		truefalse
      		high
      na1.conga-sign.com
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://na1.conga-sign.com/app/v1/audit/transaction/1n7w03gci5nvzwny631t5ypnn7l8bmxot4kv29map8lxtlj060false
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          52.113.194.132
          		unknownUnited States
          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          1.1.1.1
          		unknownAustralia
          		13335CLOUDFLARENETUSfalse
          142.250.141.99
          		www.google.comUnited States
          		15169GOOGLEUSfalse
          52.168.117.170
          		unknownUnited States
          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          142.251.2.84
          		unknownUnited States
          		15169GOOGLEUSfalse
          142.251.2.95
          		unknownUnited States
          		15169GOOGLEUSfalse
          104.47.57.28
          		nam02.safelinks.protection.outlook.comUnited States
          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse
          142.251.2.139
          		unknownUnited States
          		15169GOOGLEUSfalse
          104.18.5.8
          		unknownUnited States
          		13335CLOUDFLARENETUSfalse
          104.18.4.8
          		unknownUnited States
          		13335CLOUDFLARENETUSfalse
          142.250.141.95
          		unknownUnited States
          		15169GOOGLEUSfalse
          74.125.137.94
          		unknownUnited States
          		15169GOOGLEUSfalse
          142.250.141.94
          		unknownUnited States
          		15169GOOGLEUSfalse
          52.109.0.91
          		unknownUnited States
          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

          Private

          IP
          192.168.2.16

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1431137
          Start date and time:2024-04-24 16:18:40 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:14
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          Analysis Mode:stream
          Analysis stop reason:Timeout
          Sample name:HCCTP Amendment Cohort.msg
          Detection:CLEAN
          Classification:clean2.winMSG@18/38@8/34
          Cookbook Comments:
          • Found application associated with file extension: .msg

          Warnings

          • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 52.109.0.91
          • Excluded domains from analysis (whitelisted): config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, us.configsvc1.live.com.akadns.net, wus-azsc-config.officeapps.live.com, officeclient.microsoft.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtQueryValueKey calls found.
          • VT rate limit hit for: HCCTP Amendment Cohort.msg

          Created / dropped Files

          C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):231348
          Entropy (8bit):4.384924030308438
          Encrypted:false
          SSDEEP:
          MD5:DD998E66EA429D0FF33400F72033A90B
          SHA1:9735FA3EEBF41BD2B45408163291E097A1FC624D
          SHA-256:26C6DE3954DB8A534366541D5F1A0A34D61D780742FFD0FE4487B215B6C600A9
          SHA-512:470011ABE7382834F5216766E0B5C4F107D72FF87697F7843C01A195FC0E6C7B61301BB353DB6996FAED42DF502E5AC94C3D512573C058F45A068C639471EE21
          Malicious:false
          Reputation:unknown
          Preview:TH02...... .0.RXR.......SM01X...,...P.CXR...........IPM.Activity...........h...............h............H..h..........~}...h............H..h\cal ...pDat...h ...0..........h...............h........_`.j...he...@...I.lw...h....H...8..j...0....T...............d.........2h...............k..............!h.............. h%.N.....(.....#h....8.........$h........8....."hx.............'h..............1h....<.........0h....4....j../h....h......jH..h....p.........-h .......T.....+h!................... ...... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\E148727F-8419-4775-BF9F-03EEE81A3F35

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):166203
          Entropy (8bit):5.340910632994062
          Encrypted:false
          SSDEEP:
          MD5:A5692E393A812035EA24954E113E07C5
          SHA1:B116D7F08C8017EE62BA3798F34600AB095C1007
          SHA-256:A884306B033AB9F9C7D3CB4636496D6EDD81D3AF6DF853CA86B5E74F2CD17909
          SHA-512:36F81EF7B0ABB639BA914533345CC3159AF514131931781F916A74040DDE181DA2A3A4F59031E2F722C96922EFFACB083A949D132EF0FA518B4221207070E8E4
          Malicious:false
          Reputation:unknown
          Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-04-24T14:19:15">.. Build: 16.0.17609.40129-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.ResourceId]" o:authorityUrl="[ADALAuth

          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):32768
          Entropy (8bit):0.04550711117052959
          Encrypted:false
          SSDEEP:
          MD5:707B3B0A36616FDA16A3A42F550A669E
          SHA1:E85A6E04FA2D2DD18F78D033EE9530C271307E01
          SHA-256:5BDBC3B5048FCB4A7271796ED69B7D9336809DF2B922291A6447A72A8A82A6DF
          SHA-512:06B0D080465D27F89479C380BE2BF126BB1E76ABF147A253077DA21C6B1F528D3B8D16EC5F4F95FBBF03FA809E4FF3A1AD400D7466256ED65660B543F341F2E1
          Malicious:false
          Reputation:unknown
          Preview:..-........................M.z..W..W..9B-..M..z...-........................M.z..W..W..9B-..M..z.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:SQLite Write-Ahead Log, version 3007000
          Category:modified
          Size (bytes):49472
          Entropy (8bit):0.48419437778084057
          Encrypted:false
          SSDEEP:
          MD5:AE8687510F204F6B48A86D6EF95C2152
          SHA1:5C0FF7D1B02EB65B5AF16437FA5E73AC29A2500F
          SHA-256:03B5502C790850AB4DAA7DF81073E28B69C4DE8C908A798468E0A599214AE049
          SHA-512:FA8C54180FF935D4A6819E98A4C3AD19FF0E5F11C845A0C1859E42A380907C41498397854BAC3A325163FFBC79654EB26EB9A6C011883C4114DBD46FEE3F8E4F
          Malicious:false
          Reputation:unknown
          Preview:7....-..........W..W..9B,..j&...........W..W..9B0.}0.hB.SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{C79D9D39-861A-4074-B197-825B37009D59}.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):11276
          Entropy (8bit):3.7659968580668757
          Encrypted:false
          SSDEEP:
          MD5:CA45432580425A62A883B8D7CE3FA971
          SHA1:496BF0BF8E0F278DE79DF3CB3870780B510FA58C
          SHA-256:996A1A01B0804490E5B85D955822D931F49C8ACC99AE721B23C2CE4384ABC26E
          SHA-512:C31A1B2A7FE0182437EE3C772A3D4F937A797D5F309A030B2D48E8A0EF96A9C2E6A0C8D7704FA26590677E9E88102DA75D802B26E4A894B257885DC81980C3E5
          Malicious:false
          Reputation:unknown
          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................P...R...T...V...."..."..."..."..................................................................................................................................................................................................................................................................$..$.If....:V.......t.....6......4........4........a.........d.........d.............$.a$.*...$..$.If........!v..h.#v....:V.......t.....6......5.......4

          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1713968353692256400_4FC479C7-7DD7-484E-B140-40531E0EB0F8.log

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:ASCII text, with very long lines (28767), with CRLF line terminators
          Category:dropped
          Size (bytes):20971520
          Entropy (8bit):0.15988035004489104
          Encrypted:false
          SSDEEP:
          MD5:1B0AF6B202E369C41F32DD38640A33AC
          SHA1:9A6A7724AC5A91E35C2B25829EA4352766EE4E98
          SHA-256:BAD06799FA3B620031EA6B3F765996BE5CF7A7EF41138702116AFFFB52DCD589
          SHA-512:38E8D357BE281CF72CA21583C07134B531B69A0F9FA9817EFF4D4E6E3A8207D4B4CBCA01FB6D814AA2B2606DC7FA07ACAA4349FF11E65D3DB11B074E90091144
          Malicious:false
          Reputation:unknown
          Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..04/24/2024 14:19:13.834.OUTLOOK (0x1BF4).0x1BF8.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-04-24T14:19:13.834Z","Contract":"Office.System.Activity","Activity.CV":"x3nET9d9TkixQEBTHg6w+A.4.9","Activity.Duration":19,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...04/24/2024 14:19:13.898.OUTLOOK (0x1BF4).0x1BF8.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-04-24T14:19:13.898Z","Contract":"Office.System.Activity","Activity.CV":"x3nET9d9TkixQEBTHg6w+A.4.10","Activity.Duration":15119,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1713968353693102600_4FC479C7-7DD7-484E-B140-40531E0EB0F8.log

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):20971520
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
          SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
          SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
          SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240424T1619130387-7156.etl

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):81920
          Entropy (8bit):4.418257699321459
          Encrypted:false
          SSDEEP:
          MD5:8FB74F88E0C2E9C468379211EBCAC3E4
          SHA1:F4E957AB33A0CBCFE811FE2336B81F72F31EA3B9
          SHA-256:B43257E44795404077F1E1C22513005C1206074D09B268DF988C23D2371247A0
          SHA-512:F9ADE21500136446A2095055C7AE44CA32E7A35F84017473B7F1726F9F6D3CA84E9A48A33343C11A8460508738538BAB1239D105413A0C38049EC53141CC6321
          Malicious:false
          Reputation:unknown
          Preview:............................................................................`..............aR...................eJ..............Zb..2.......................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1...........................................................0-..Y.............aR...........v.2._.O.U.T.L.O.O.K.:.1.b.f.4.:.f.e.b.2.d.a.f.1.0.c.b.a.4.6.0.2.9.3.f.5.f.1.d.c.8.1.3.c.a.7.5.1...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.4.2.4.T.1.6.1.9.1.3.0.3.8.7.-.7.1.5.6...e.t.l.......P.P............aR...........................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\~DF6FE0D4B7C5DC03B9.TMP

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):163840
          Entropy (8bit):0.4194948034935513
          Encrypted:false
          SSDEEP:
          MD5:6ACB3DC0F4ED778D72CA5A27F90567F6
          SHA1:1D77C8E3115ABE476C49DDFD0EEE36D156108E74
          SHA-256:E5846F484FDE1ACA260C2185DA2C2126E7B5002446035983B6943205211C7F92
          SHA-512:1327F91F96061A3D1853ADAD0A8380D197F56F1F70163A12DB94D5E2A9170908C395A21AAED037DE6731D14E4B0E5FB975F0E98F6A21BC5EECDE683B76EE2D34
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:modified
          Size (bytes):30
          Entropy (8bit):1.2389205950315936
          Encrypted:false
          SSDEEP:
          MD5:E3B48A189A7461C5567E4A7A0DB3A01E
          SHA1:EA51491E83A419DD2A29D452DA1240FA3FDC2CFB
          SHA-256:9B8450EC176D14D9A496136E05948C9A53DE707A5A9C994A1B9F879F5424983F
          SHA-512:C7EED4D6CE0165935A2077D0E21F89CC2B9EEA2F9DDC84507ACF847EF3CB4C2E1A8A3717B9253BF8A799348CC094C15DC4AC6071E773BFD79EFF0B79BE25C5E2
          Malicious:false
          Reputation:unknown
          Preview:..............................

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 13:19:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2673
          Entropy (8bit):3.9746143182342224
          Encrypted:false
          SSDEEP:
          MD5:C8CF864FA24562B21309CDEFA410A80D
          SHA1:27421CD0BB44725D9E58B5CF7AE13AC0D9CB6F4B
          SHA-256:07B1507F0BDC9BFCE95C8AC62EAC23C87D343859623FE1818A192E9FBBFDC5B5
          SHA-512:2B82E4E9C23571E31E137E0FADDB00D2633B18A22696F156DAA8B43278A33BA27F80D336F9E678C161AEA3B870C04135A4EE2DE974E9EBDF89F407DF5909A3DF
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.......jR...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X]r....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xmr....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xmr....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xmr..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xor...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............dS}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 13:19:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2675
          Entropy (8bit):3.9924092431470566
          Encrypted:false
          SSDEEP:
          MD5:EF1B64D713D9BA6555F2D2C3CDC55C5E
          SHA1:7298747607103344E2DF42393B57975FF0D00FF2
          SHA-256:F8F178658061BFE0BF97247106F17C84E9CD64A9EC5874AC2D606485329921B3
          SHA-512:7490112C5B34CE36A73C3306FC3FF3EE4621CC828FDA97DF29217E7E307C3EAF39679A8BF46A60C0079A72EDDA03750539D92BF1221C01E90EDE22044DBB6A5F
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.......jR...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X]r....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xmr....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xmr....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xmr..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xor...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............dS}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2689
          Entropy (8bit):4.004242707987002
          Encrypted:false
          SSDEEP:
          MD5:B6C48B0714956FCFB8D3B34A55F73C27
          SHA1:6DD94FCF853FFF6F30B8B637D8F3087489EAE10D
          SHA-256:29B636244F9E2F7F23C5F339BD94811A837540F90ED0BE930464DF1BDF296ED5
          SHA-512:52FA9219032510EF24D10479B708ED1BBF21DEE099317B126B58422900DE10AD754D40C2AED7D63F3301500F34D89DC6993B40D242F48FAD0E76C4FC8B0A20D1
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X]r....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xmr....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xmr....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xmr..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............dS}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 13:19:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2677
          Entropy (8bit):3.992287076592008
          Encrypted:false
          SSDEEP:
          MD5:966C8E9CD39B7CDD40AF660A4FC9AE33
          SHA1:161BC7EA0A2A757A07C092E14C995563E6AD5682
          SHA-256:65EA02DA7A3609FA9A3B995F6DE5494472F065B6EF80244F25A8E09473AA2CEB
          SHA-512:9E1650542AC14BDD47F39B4AF0B428B7C3B566A817F6CDD5FE8EF943BCD7D206F65C9530FCD3B42C2D54BD324C09E731B758899EB6F0F8D11F175C5B09961552
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.......jR...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X]r....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xmr....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xmr....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xmr..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xor...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............dS}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 13:19:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2677
          Entropy (8bit):3.9776624917630774
          Encrypted:false
          SSDEEP:
          MD5:5FCE21D22E02786E05EB1C28CE4AF1F9
          SHA1:8E5BA5C11A78580EE887848A465C10A662E88D15
          SHA-256:A895A371EF9BE63C5FCF51F9322E2CC337A1DDBE6B5BE538A42C24121E4AC04B
          SHA-512:5092E5AACC13F8C547ECC6F3AEED5749FD2EA8B3F8197F88A26DB429846844B357024A3023D7B3ED13F83A191F44C15812A61D76208B32398826D94FAB9E2785
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,....t;.jR...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X]r....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xmr....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xmr....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xmr..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xor...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............dS}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 13:19:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2679
          Entropy (8bit):3.9906831343821563
          Encrypted:false
          SSDEEP:
          MD5:8D66E6A59F375E917C6B7A7995F41C8B
          SHA1:D4ED6CE31095B1B67FAD1FC4F6C4DC49499AD089
          SHA-256:FFC85546BF9060C129195C29FCFBB0A72FB87E7ABCDDC02437EC98DF1195F2DB
          SHA-512:D4F10388D4710A66738DE30A4AF4BDE1C2760B7A6DB08487D4FD588EA408C17DC5A8A9F3F5586FC8DF434E5007A19AB8D46E17EAD6DB3446A0BF65AB05F1CD59
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,....@.jR...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X]r....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xmr....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xmr....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xmr..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xor...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............dS}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:Microsoft Outlook email folder (>=2003)
          Category:dropped
          Size (bytes):271360
          Entropy (8bit):1.1232860241945493
          Encrypted:false
          SSDEEP:
          MD5:D6B58559184906F6E99F0B582225C5F9
          SHA1:4D8F191EF1885CF1A765C148B5E021E4AE3F35CC
          SHA-256:F95A9DAAB05FB2D18C947AF96CDF8F5B7FBF6A29D5D7BB4A492156C0E70F0468
          SHA-512:E6B31C98B07CE0E6B9A7F8950C3594E6D3AAC511AF1CCE576953F7ECA2337C876219CD818196FCF7B3BC392DABA395719C70B9914F5DD5259328AC7A5491FE1D
          Malicious:false
          Reputation:unknown
          Preview:!BDN...SM......\...j...................'................@...............................................................................................................................$.......D......@...........................................................................................................................................................................................................................................................................................................................0........O..k.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):131072
          Entropy (8bit):1.2133787593085514
          Encrypted:false
          SSDEEP:
          MD5:0F60BFAE169B59177F9DBD8349FEF1DD
          SHA1:671C21416EDEB169D86F80EF37663B687BB6B8EF
          SHA-256:5BE79C87F04457DDAE65FFFFF51D67C943369BCB9843FA4466701A798787C9FA
          SHA-512:A222993D28F4DA878726BBFDA62686C5C687E5CDB694DA832EE117A1D9E143739421CF0D21E411DC0499BFA0876F040A768DD2A27B793E8FE9938D3654E09CF8
          Malicious:false
          Reputation:unknown
          Preview:...0...'...........2..aR.....................#.!.......................q.......x...............&"......................o..............................z...............O............................................../.......................H....................................................................................................................................................................................................................................................................................................................3.........[.RK0...(...........2..aR.....................#./...............................#.......................".......&.............................a'...............................0...............................C......................."....,..F.............................aG............................,..P............................,..c......................."....,..f.............................ag............................,..p.......

          Chrome Cache Entry: 112

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:SVG XML document
          Category:downloaded
          Size (bytes):111051
          Entropy (8bit):4.419307707324505
          Encrypted:false
          SSDEEP:
          MD5:BC58DC756A611AB80BB20287314EBD67
          SHA1:D6C9B7710ECC5596FAF31D9BED285187F81F06C6
          SHA-256:364EB0641ED5F5E960AE8829984E53ADAE8D8EBD55D543D5E6CAE6639F5422F7
          SHA-512:D9B83EFE05E948B29096F0727FB2780D863AF8E5DB3500EAFB7BC5965112DDC955CF7AA9BA4002B242B4EF947FBE21F85BC2237BBFFDBFEBCBE05058CEF946E1
          Malicious:false
          Reputation:unknown
          URL:https://na1.conga-sign.com/assets/slds-2.13.7/icons/action-sprite/svg/symbols.svg
          Preview:<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" display="none"><symbol viewBox="0 0 52 52" id="add_contact" xmlns="http://www.w3.org/2000/svg"><path d="M46 9H6c-2.7 0-5 2.2-5 5v24c0 2.7 2.3 5 5 5h40c2.8 0 5-2.2 5-5V14c0-2.8-2.2-5-5-5zM24.8 37.2H10.4c-1.6 0-2.8-1.7-2.8-3.4.1-2.5 2.7-4 5.4-5.2 1.9-.8 2.2-1.6 2.2-2.4 0-.8-.5-1.6-1.2-2.2-1.1-1-1.7-2.5-1.7-4.1 0-3.2 1.9-5.8 5.2-5.8s5.2 2.7 5.2 5.8c0 1.7-.6 3.2-1.7 4.1-.7.6-1.2 1.3-1.2 2.2 0 .8.2 1.6 2.2 2.3 2.7 1.2 5.3 2.8 5.4 5.3.3 1.7-1 3.4-2.6 3.4zm19.5-5.8c0 .9-.8 1.7-1.7 1.7h-7.5c-.9 0-1.7-.7-1.7-1.7v-2.5c0-.9.8-1.7 1.7-1.7h7.5c.9 0 1.7.7 1.7 1.7v2.5zm0-9.1c0 .9-.8 1.7-1.7 1.7H30.2c-.9 0-1.7-.7-1.7-1.7v-2.5c0-.9.8-1.7 1.7-1.7h12.5c.9 0 1.7.7 1.7 1.7v2.5z"/></symbol><symbol viewBox="0 0 52 52" id="add_file" xmlns="http://www.w3.org/2000/svg"><path d="M9.7 36.1V11.3c-2.6 0-4.7 2.1-4.7 4.6v29.4C5 47.9 7.1

          Chrome Cache Entry: 113

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JSON data
          Category:downloaded
          Size (bytes):1005
          Entropy (8bit):5.3490570540744775
          Encrypted:false
          SSDEEP:
          MD5:0290C9B1F21978AF1C4CAA4C7780F490
          SHA1:C9F5F18A1A04A8946F4413087754B7E0DA6A45DB
          SHA-256:68ACEAF731C618AA59CD671FC92792ED7080979F1F4A21DB4CBDF6AA34C28763
          SHA-512:FEF53ED1DE732B72EA25553C0F73FEDC3568ACE206D6667F780E29921193AE29FA2565F39C1C186E94FBF356B5ABC124B9850B0C2B7C6A0FC957D67CC4ACA26F
          Malicious:false
          Reputation:unknown
          URL:https://na1.conga-sign.com/api/rest/v1/audit/transaction/1n7w03gci5nvzwny631t5ypnn7l8bmxot4kv29map8lxtlj060
          Preview:{"transactionId":"1n7w03gci5nvzwny631t5ypnn7l8bmxot4kv29map8lxtlj060","files":[{"fileName":"Grace Amendment 1 Cohort.docx"}],"status":"SENT","louserzedDateFormat":"M/D/YYYY","requesterTimezone":"America/New_York","auditList":[{"id":"FC95B0A5-319D-41E6-82E7-CFFBC15E730C","type":"CREATED","ipAddress":"52.37.187.105","auditDate":"2024-04-22T14:25:59.359","userName":"Amy Reyes","userEmail":"areyes@mpca.net","externalAuditEvent":false},{"id":"BF192724-705C-4A0D-80DB-8C3D625573F2","type":"SENT","ipAddress":"50.124.254.174","auditDate":"2024-04-22T14:26:55.901","userName":"Amy Reyes","userEmail":"areyes@mpca.net","externalAuditEvent":false},{"id":"CCFC0184-9991-4E52-B1F4-A071BEF96826","recipientId":"C7F145C2-99FF-4901-823E-E79FB2CC09AB","recipientName":"Peter Chang","recipientEmail":"peter.chang@gracehealthmi.org","recipientMobile":"","type":"INVITE_SENT","ipAddress":"50.124.254.174","auditDate":"2024-04-22T14:26:56.019","externalAuditEvent":false}],"system":"SALESFORCE","hasInPersonSigner":f

          Chrome Cache Entry: 114

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text
          Category:downloaded
          Size (bytes):3660
          Entropy (8bit):5.435149962349383
          Encrypted:false
          SSDEEP:
          MD5:D1D45B0C3865B84C4504F2589065CED4
          SHA1:10416B17055912D31E6536627A8CFDCFC7D58409
          SHA-256:0035B8079661F57E4DB0F68215FA03A9C1C1D271BECE9BC1B11120045036ADB8
          SHA-512:9F96D1F49A3BEA24DD56BE2C5C7DC248EAC5F70AFDE5A0B78F4D3D9D62618F6D121452EF7ACA6B254C529EFAF88C78649AC03D1DC8C9D4B09E589E30BA4D3C84
          Malicious:false
          Reputation:unknown
          URL:"https://fonts.googleapis.com/css?family=Montserrat:400,800&display=swap"
          Preview:/* cyrillic-ext */.@font-face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WRhyzbi.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* vietnamese */.@font-face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2) format('woff2');. unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+0300-0301, U+0303-0304, U+0308-0309, U+0323, U+

          Chrome Cache Entry: 115

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (65536), with no line terminators
          Category:downloaded
          Size (bytes):205493
          Entropy (8bit):5.407486719741078
          Encrypted:false
          SSDEEP:
          MD5:2E49F1794AF082D57E6B8EC1E0B3DA35
          SHA1:B3781076C7D59708B5149E065D402C1585895AB7
          SHA-256:211BE8412D2A03D9A107C580BF8AB4B74A1D18C5C9CF66862A5A3B8AB94533E6
          SHA-512:888A30EEDE25134C0DB633E84E5C9D6356296081047087977280EB5E7BB10B93B122AB02184247807899493E20868D827543D529B6529A04F6E9444B6A57B891
          Malicious:false
          Reputation:unknown
          URL:https://na1.conga-sign.com/js/signing.js
          Preview:(window.webpackJsonp=window.webpackJsonp||[]).push([[4],{757:function(e,t){},775:function(e,t,a){},776:function(e,t,a){},779:function(e,t,a){"use strict";a.r(t);a(276),a(286),a(287),a(288),a(289),a(290),a(291),a(292),a(293),a(294),a(295),a(296),a(297),a(298),a(299),a(300),a(302),a(303),a(304),a(305),a(306),a(307),a(309),a(310),a(312),a(315),a(316),a(159),a(320),a(321),a(323),a(324),a(325),a(326),a(327),a(328),a(329),a(330),a(331),a(332),a(333),a(334),a(335),a(337),a(338),a(339),a(340),a(341),a(342),a(343),a(344),a(345),a(346),a(347),a(349),a(351),a(352),a(353),a(354),a(355),a(356),a(357),a(358),a(359),a(360),a(361),a(362),a(363),a(364),a(365),a(366),a(367),a(368),a(369),a(370),a(371),a(373),a(374),a(375),a(376),a(377),a(379),a(381),a(383),a(384),a(386),a(387),a(388),a(389),a(390),a(392),a(393),a(394),a(395),a(396),a(397),a(398),a(400),a(401),a(402),a(403),a(404),a(405),a(406),a(407),a(408),a(409),a(410),a(411),a(412),a(413),a(417),a(418),a(419),a(420),a(421),a(422),a(423),a(424),a(425)

          Chrome Cache Entry: 117

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text
          Category:downloaded
          Size (bytes):3209
          Entropy (8bit):5.465347837575404
          Encrypted:false
          SSDEEP:
          MD5:59ABDBD460D8C779B05FDA137189F694
          SHA1:01FF96EAEBA22925FF83E8103963C431DFA86327
          SHA-256:BC3ED3E3FBC6B8F56694B44F1763A680701AEC9370CC2848A065CAE1E090C4B5
          SHA-512:E31026DE16AA9B480C515EEE28EB03067AB28D5838652F7C9EAB5A167C6462D8E5BF81D05D52E798F1F9BECED37F102326240BC68B98EBE9CE541BA8A962416F
          Malicious:false
          Reputation:unknown
          URL:https://fonts.googleapis.com/css?family=Dancing+Script|Great+Vibes|Homemade+Apple|Shadows+Into+Light
          Preview:/* vietnamese */.@font-face {. font-family: 'Dancing Script';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/dancingscript/v25/If2cXTr6YS-zF4S-kcSWSVi_sxjsohD9F50Ruu7BMSo3Rep8ltA.woff2) format('woff2');. unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+0300-0301, U+0303-0304, U+0308-0309, U+0323, U+0329, U+1EA0-1EF9, U+20AB;.}./* latin-ext */.@font-face {. font-family: 'Dancing Script';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/dancingscript/v25/If2cXTr6YS-zF4S-kcSWSVi_sxjsohD9F50Ruu7BMSo3ROp8ltA.woff2) format('woff2');. unicode-range: U+0100-02AF, U+0304, U+0308, U+0329, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./* latin */.@font-face {. font-family: 'Dancing Script';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/dancingscript/v25/If2cXTr6YS-zF4S-kcSWSVi_sxjsohD9F50Ruu7BMSo3S

          Chrome Cache Entry: 118

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text
          Category:downloaded
          Size (bytes):7860
          Entropy (8bit):4.857721326607264
          Encrypted:false
          SSDEEP:
          MD5:DD29D67E1A4FCF68188051229AAE19D7
          SHA1:84E159E266CCA21771E74BB63149CDAB32B5796B
          SHA-256:FBB64D0DDC10103054BEA69CCD048E6C5AC31FC887B7D9A52C219A49B9B7045B
          SHA-512:AB873B1DF5B3845DAE947B344A081D8690014981D132868060999A22A850E97997DD348F612D90577F3FED04FA19190F43EAC161C159CCA05792D2A4C2B874BF
          Malicious:false
          Reputation:unknown
          URL:https://na1.conga-sign.com/css/normalize.css
          Preview:/*! normalize.css v7.0.0 | MIT License | github.com/necolas/normalize.css */../* Document. ========================================================================== */../**. * 1. Correct the line height in all browsers.. * 2. Prevent adjustments of font size after orientation changes in. * IE on Windows Phone and in iOS.. */..html {. line-height: 1.15; /* 1 */. -ms-text-size-adjust: 100%; /* 2 */. -webkit-text-size-adjust: 100%; /* 2 */.}../* Sections. ========================================================================== */../**. * Remove the margin in all browsers (opinionated).. */..body {. margin: 0;.}../**. * Add the correct display in IE 9-.. */..article,.aside,.footer,.header,.nav,.section {. display: block;.}../**. * Correct the font size and margin on `h1` elements within `section` and. * `article` contexts in Chrome, Firefox, and Safari.. */..h1 {. font-size: 2em;. margin: 0.67em 0;.}../* Grouping content. ===================================

          Chrome Cache Entry: 119

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (1547)
          Category:downloaded
          Size (bytes):728853
          Entropy (8bit):5.008744034251802
          Encrypted:false
          SSDEEP:
          MD5:101A4C056FF300EC1DCFAAA5DA43E8C7
          SHA1:14E7F161C974BD7A79918D21BA7F5FE6104C651C
          SHA-256:B50887E79938A1FC1E65FBA72155C2DA996E05419E29E7B787B03C196A13275D
          SHA-512:7F866F00ED0DC30102B6DD715BCFCCC681D4BC99C1012F555FA4E05E34D1B57B5C2535D8D22DD67DA11041B5B031CDB01F13B4060A4D697C34ABC2DA2020B68C
          Malicious:false
          Reputation:unknown
          URL:https://na1.conga-sign.com/assets/slds-2.13.7/styles/salesforce-lightning-design-system.css
          Preview:/*! Lightning Design System 2.13.7 */.@charset "UTF-8";.@font-face{. font-family:"Salesforce Sans";. src:url("../fonts/webfonts/SalesforceSans-Light.woff2") format("woff2"), url("../fonts/webfonts/SalesforceSans-Light.woff") format("woff");. font-weight:300;. font-display:swap;.}.@font-face{. font-family:"Salesforce Sans";. src:url("../fonts/webfonts/SalesforceSans-LightItalic.woff2") format("woff2"), url("../fonts/webfonts/SalesforceSans-LightItalic.woff") format("woff");. font-style:italic;. font-weight:300;. font-display:swap;.}.@font-face{. font-family:"Salesforce Sans";. src:url("../fonts/webfonts/SalesforceSans-Regular.woff2") format("woff2"), url("../fonts/webfonts/SalesforceSans-Regular.woff") format("woff");. font-weight:400;. font-display:swap;.}.@font-face{. font-family:"Salesforce Sans";. src:url("../fonts/webfonts/SalesforceSans-Italic.woff2") format("woff2"), url("../fonts/webfonts/SalesforceSans-Italic.woff") format("woff");. font-style:italic;. font-wei

          Chrome Cache Entry: 120

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:HTML document, ASCII text
          Category:downloaded
          Size (bytes):279
          Entropy (8bit):4.5442348409359825
          Encrypted:false
          SSDEEP:
          MD5:530047707F69228C0FF0995FA7F4C7B1
          SHA1:E4A8F77845F5B56D07FE13C4F6BE5D4488050149
          SHA-256:A1DF1BD903D31872B62842B88DBBBBE020FBD5BCC6FC3AFF5242C33C71A9843C
          SHA-512:C5A9C8F0F1DA98523200C8673CF066BE7AC11AC2A6B5AB3E9F33E26E77ACFE9427D2276DE93F5807F4905919363872972FBC1AD31F40B63C3C215693F9FCC618
          Malicious:false
          Reputation:unknown
          URL:https://na1.conga-sign.com/favicon.ico
          Preview:<!DOCTYPE html>..<html>.<head>. <meta name="robots" content="noindex">. <title>Error</title>.</head>.<body>. <h2>. Error. </h2>. <p>. An issue occurred while processing Conga Sign. Contact Conga Support if the issue persists.. </p>.</body>.</html>

          Chrome Cache Entry: 121

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:Web Open Font Format (Version 2), TrueType, length 27684, version 1.655
          Category:downloaded
          Size (bytes):27684
          Entropy (8bit):7.992296056012318
          Encrypted:true
          SSDEEP:
          MD5:AA41AFDACEB8B78C56529555448BCF44
          SHA1:03D934B119785F6130103507ECFF57EB19F05BE9
          SHA-256:6F2251079DB9FDE7D456BA66A9294899F3024DAC928BEC71B3CE42E1568F304F
          SHA-512:D2DD37566D4CFF30102B565FEE5D10889509C493061331CC64F01450694D2D2A264FB3A7D8E47BEB25D38260FAA26A627B16AC9FC7E0ED656DA0E44DB1423999
          Malicious:false
          Reputation:unknown
          URL:https://na1.conga-sign.com/assets/slds-2.13.7/fonts/webfonts/SalesforceSans-Regular.woff2
          Preview:wOF2......l$..........k..........................(..l....`..`..>..b..".....`..G.6.$..0..Z.. ..*. ......Gp.S...u'.I...Q.l.5Ro.`.r}/.pN..n..!.u................'..!. .l.:2....fb.Xr........Y.a.*.x.:.J..^.`5.......*.&.....I....H.zH..h.%...-.....i....4N.0D....O.41.l..Z..m.^.v.e..n.G.....aJ...C.`..$].!A.?.@......._,l.(d..<...K.{P../..;o.*X,..H.5...p....i}w7.w..6.A.....*.YEVK2.,.....-.."..az...!Vc. ..6........Zo...0.Q.b....GY.....q.N.]. ..d<..|.%DQ,..;...-.Vn.......v.........>.........8ZH.1..%...f...|@....._.{..i..."M..(...i[....g..=..B...e...E.U].=.= ..W....|6..... y..Z.}c..#. s&s....25....ve.l...d....a..i..WS.W.<....8.d....IdY.h.m...]...k.%4Q.m.AnX.qs....Cg.. vQ.a-.S..&..MX0(fC.*XJ.....(.._..]#Vc.W....F.#..U.U.U1\%).#).K.p...T........l.X.;..........Sg.Q.6|.}..`../5.(..H.D4@. H........pf'..a.i.O..P.o..h.9.|....d..+.k}).5......w...lp..v.R.\19....z%'0..K.....ueda.y..F.X.Wr.tFV..T.f.k...0.5...a,.C..>!...z.K. <*I..#.+..,Fb$......Y.....C4.E(V....?.|......C.J.......i&

          Chrome Cache Entry: 122

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (65536), with no line terminators
          Category:downloaded
          Size (bytes):6009655
          Entropy (8bit):5.503963736334185
          Encrypted:false
          SSDEEP:
          MD5:419588B4EF15BC528C6B8A9C43E86FA1
          SHA1:DD98A4A48BD83AB47225B2A863487E6876582297
          SHA-256:910E1AB471CE13C4A65CCAD0129AF5F61E6FF2C3891DD20DF7050F7BE03A1E7E
          SHA-512:671077B3AF8F615FB0675D5E7DF325E5E8627BF49B9604742BA5555318875ECA010CF3CD70BD7B192C94B89BE38E4AE70432A90A7406ECC7B2A162E7D307B8A2
          Malicious:false
          Reputation:unknown
          URL:https://na1.conga-sign.com/js/vendor.js
          Preview:(window.webpackJsonp=window.webpackJsonp||[]).push([[2],[function(e,t,l){"use strict";e.exports=l(628)},function(e,t,l){e.exports=l(632)()},,,function(e,t,l){"use strict";l.d(t,"a",function(){return n});var a=l(52);function n(e){for(var t=1;t<arguments.length;t++){var l=null!=arguments[t]?arguments[t]:{},n=Object.keys(l);"function"===typeof Object.getOwnPropertySymbols&&(n=n.concat(Object.getOwnPropertySymbols(l).filter(function(e){return Object.getOwnPropertyDescriptor(l,e).enumerable}))),n.forEach(function(t){Object(a.a)(e,t,l[t])})}return e}},function(e,t,l){"use strict";function a(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}l.d(t,"a",function(){return a})},function(e,t,l){"use strict";function a(e,t){for(var l=0;l<t.length;l++){var a=t[l];a.enumerable=a.enumerable||!1,a.configurable=!0,"value"in a&&(a.writable=!0),Object.defineProperty(e,a.key,a)}}function n(e,t,l){return t&&a(e.prototype,t),l&&a(e,l),e}l.d(t,"a",function(){return n})},functio

          Chrome Cache Entry: 123

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:HTML document, ASCII text
          Category:downloaded
          Size (bytes):1772
          Entropy (8bit):4.930782218507327
          Encrypted:false
          SSDEEP:
          MD5:DF09A6CDA755E6187E63E5F87DA31D9C
          SHA1:CF3DCC2A071B4B3548CB8424790500E5FB6431AF
          SHA-256:C242BBA9CA099EB8D590223F03CA931CD6614CE26C19A73920DE5062081D6233
          SHA-512:CE2DF5DF46CE33808C562689C1FB1D0349E57DF07F4A27D82DC3346ACE7400BDE00CFCB388BB07BDAAA532F511BC000D67B1C53536B5E06BE76597E37B89646E
          Malicious:false
          Reputation:unknown
          URL:https://na1.conga-sign.com/app/v1/audit/transaction/1n7w03gci5nvzwny631t5ypnn7l8bmxot4kv29map8lxtlj060
          Preview:<!DOCTYPE html>..<html>.<head>. <meta charset="utf-8">. <meta name="robots" content="noindex">. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />. <title>CongaSign</title>. <link rel="stylesheet" type="text/css" href="/css/normalize.css" />. <link rel="stylesheet" type="text/css" href="/assets/slds-2.13.7/styles/salesforce-lightning-design-system.css" />. <link rel="stylesheet" type="text/css" href="/css/global.css" />. <link rel="stylesheet" type="text/css" href="/css/commons.css" />. <link rel="stylesheet" type="text/css" href="/css/vendor.css" />. <link rel="stylesheet" type="text/css" href="/css/signing.css" />. [if gt IE 9]> >. <style type="text/css">. .browser-unsupported {. display: none;. }. </style>. <![endif]-->.</head>.<body>.<div class="browser-unsupported">. <h1>Sorry! Your browser is not supported.</h1>. The following browsers ar

          Chrome Cache Entry: 124

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (2546)
          Category:downloaded
          Size (bytes):2585
          Entropy (8bit):4.8388337900583815
          Encrypted:false
          SSDEEP:
          MD5:154F1C6C3C862AADF9F5451B06DCB62C
          SHA1:9AE54DCA6997DB3474B44B1A0EF62DC33285F349
          SHA-256:A683C98B4D9C31B2E48D2D7914739C1E9502C4464F8206C89D1EF899CBF146ED
          SHA-512:D70A55D78842767C37445FB2E5E64C44754F4653B6A07735A39D67F623C9FF4A01CBE15922D08ED7B6B6B76E51E9D0B43936546D6BF8E6A1B8A63C84C1F70106
          Malicious:false
          Reputation:unknown
          URL:https://na1.conga-sign.com/css/vendor.css
          Preview:.react-phone-number-input__row{display:flex;align-items:center}.react-phone-number-input__phone{flex:1 1;min-width:0}.react-phone-number-input__icon{width:1.24em;height:.93em;border:1px solid rgba(0,0,0,.5);box-sizing:content-box}.react-phone-number-input__icon--international{width:calc(.93em + 2px);height:calc(.93em + 2px);padding-left:.155em;padding-right:.155em;border:none}.react-phone-number-input__error{margin-left:calc(2.39em + 2px);margin-top:.3rem;color:#d30f00}.react-phone-number-input__icon-image{max-width:100%;max-height:100%}.react-phone-number-input__ext-input::-webkit-inner-spin-button,.react-phone-number-input__ext-input::-webkit-outer-spin-button{margin:0!important;-webkit-appearance:none!important;-moz-appearance:textfield!important}.react-phone-number-input__ext-input{width:3em}.react-phone-number-input__ext{white-space:nowrap}.react-phone-number-input__ext,.react-phone-number-input__ext-input{margin-left:.5em}.react-phone-number-input__country--native{position:relati

          Chrome Cache Entry: 125

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with no line terminators
          Category:downloaded
          Size (bytes):40
          Entropy (8bit):4.327567157116928
          Encrypted:false
          SSDEEP:
          MD5:EC6D7379FFD3BB0120AC8A370DB6526C
          SHA1:C3829D186DEAA1B79AD7F24C1FC8043444F143FC
          SHA-256:A0940565FA044BC39102FED226721595030099CE6044A82AD0899DA6CFA58ADD
          SHA-512:3E85CD5636D0F68623E991D5407392A446FE0FFB58CD552F6F1D53E8DDA9A4A7F96AAC8D1FA5474578668871A03D3860B9A6496E59EB4151DE95268295ADB172
          Malicious:false
          Reputation:unknown
          URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgm_N-Nl4lRosRIFDcRx4FYSBQ0DkH4eEgUN3BRWKw==?alt=proto
          Preview:ChsKBw3EceBWGgAKBw0DkH4eGgAKBw3cFFYrGgA=

          Chrome Cache Entry: 126

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (1452)
          Category:downloaded
          Size (bytes):1488
          Entropy (8bit):5.181595218855637
          Encrypted:false
          SSDEEP:
          MD5:F2F5DA9C5BB7DC4D7547B2F153F14A2B
          SHA1:C4233394B4C63742D4A0EEE75778FA6F53E7D21B
          SHA-256:217A44333ECDF9F60049A634EC4D75DD76B6E0E6DB40020E36669BD9A7A3B09A
          SHA-512:EA3674B376893C7B461BA693EADE9C0C974D0C667C262C78AF64BEC5B300516AC3F6E500D3078FBD302C859FCBEF2B927C3653C55AF21F4846980F8C9751B7A3
          Malicious:false
          Reputation:unknown
          URL:https://na1.conga-sign.com/js/runtime.js
          Preview:!function(e){function r(r){for(var n,f,i=r[0],l=r[1],a=r[2],c=0,s=[];c<i.length;c++)f=i[c],o[f]&&s.push(o[f][0]),o[f]=0;for(n in l)Object.prototype.hasOwnProperty.call(l,n)&&(e[n]=l[n]);for(p&&p(r);s.length;)s.shift()();return u.push.apply(u,a||[]),t()}function t(){for(var e,r=0;r<u.length;r++){for(var t=u[r],n=!0,i=1;i<t.length;i++){var l=t[i];0!==o[l]&&(n=!1)}n&&(u.splice(r--,1),e=f(f.s=t[0]))}return e}var n={},o={1:0},u=[];function f(r){if(n[r])return n[r].exports;var t=n[r]={i:r,l:!1,exports:{}};return e[r].call(t.exports,t,t.exports,f),t.l=!0,t.exports}f.m=e,f.c=n,f.d=function(e,r,t){f.o(e,r)||Object.defineProperty(e,r,{enumerable:!0,get:t})},f.r=function(e){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},f.t=function(e,r){if(1&r&&(e=f(e)),8&r)return e;if(4&r&&"object"===typeof e&&e&&e.__esModule)return e;var t=Object.create(null);if(f.r(t),Object.defineProperty(t,"defau

          Chrome Cache Entry: 127

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (45542)
          Category:downloaded
          Size (bytes):45582
          Entropy (8bit):5.878742323693449
          Encrypted:false
          SSDEEP:
          MD5:F41243117CFFB30331ED7AE49F9880CB
          SHA1:A8F9EB5BCA3F01DFFD036DCE7854360A760F5231
          SHA-256:5436D4C0647A353324DA0B85A0AB3F6DCF55CEA689F59BE2CAB33AB8D5F7FB7B
          SHA-512:92BF237955A12829221E36AE5450EF6B3700CAC9848560BE8A362D294A3E11757905CE6CDFF1940C3DEF1B69F378FE8C9BACD72419A7A0E020A74800D5889D1E
          Malicious:false
          Reputation:unknown
          URL:https://na1.conga-sign.com/css/commons.css
          Preview:@import url(https://fonts.googleapis.com/css?family=Dancing+Script|Great+Vibes|Homemade+Apple|Shadows+Into+Light);@import url(https://fonts.googleapis.com/css?family=Montserrat:400,800&display=swap);.slds-textarea-rows-1{height:1.875rem}.slds-textarea-rows-2{height:3.75rem}.slds-textarea-rows-3{height:5.625rem}.slds-textarea-rows-4{height:7.5rem}.slds-textarea-rows-5{height:9.375rem}.slds-textarea-rows-6{height:11.25rem}.slds-textarea-rows-7{height:13.125rem}.slds-textarea-rows-8{height:15rem}.slds-textarea-rows-9{height:16.875rem}.slds-textarea-rows-10{height:18.75rem}.sign-button{font-size:14px;font-weight:800}.sign-button_disabled:hover{background-color:#e0e5ee!important;cursor:not-allowed}.sign-line-height_medium{line-height:2rem}.sign-text_uppercase{font-family:Montserrat,Salesforce Sans,Arial,sans-serif;text-transform:uppercase}svg.sign-header-logo_center{height:15rem;width:100%}.sign-header-logo_mobile{height:12rem;width:100%}div.sign-header-logo_mobile-div{height:13rem}.auth-me

          Chrome Cache Entry: 130

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text
          Category:downloaded
          Size (bytes):404
          Entropy (8bit):4.679841485153656
          Encrypted:false
          SSDEEP:
          MD5:3D52CACD40D60CB2C8B2EEAE78CA3BF5
          SHA1:7464A6B2C495FB113CF961315E286259FBECD464
          SHA-256:3E179705FAF6BFABAFB99FC0025E9BCFD8761C106B34A3EDD430C4753B87F01C
          SHA-512:BFC4AA48C86A4A949E24EE54557CBF057EE91DFA677FC0BCD3ACBC754FA0D87FEBA3EA2E58CFDF23E568564AD2266225B8152C940960030B7BCE9221E5056ABC
          Malicious:false
          Reputation:unknown
          URL:https://na1.conga-sign.com/css/global.css
          Preview:.html {. overflow: hidden;. height: 100%;.}..body {. height: 100%;. overflow: auto;. background-color: #ffffff;.}...browser-unsupported {. margin: 10px 10px 10px 10px;.}..browser-unsupported h1 {. font-size: 20px;. margin-top: 10px;. margin-bottom: 10px;.}..browser-unsupported ul {. list-style-type: disc;. padding-left: 20px;. margin-top: 5px;. margin-bottom: 5px;.}.

          Chrome Cache Entry: 131

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:SVG XML document
          Category:dropped
          Size (bytes):263630
          Entropy (8bit):4.425243489430615
          Encrypted:false
          SSDEEP:
          MD5:3D89470A3645C21AE98A6EEA86B59EB8
          SHA1:302C300A96315D9595A836EF4A7C82CBBA96AA15
          SHA-256:4140292D2F6170694FBA8A847FBD4E9DEF89C105A0344B3DE8F4BB380CD86DC4
          SHA-512:2406F9E0ADF6048C931605144DEF1A482116C9FBD29DAFA40AA28B2A05AC69849370FFE0F575752D0C6CE05A0C5ABACCC34026C7C0407AE26BEAD4CA045218C7
          Malicious:false
          Reputation:unknown
          Preview:<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" display="none"><symbol viewBox="0 0 52 52" id="activity" xmlns="http://www.w3.org/2000/svg"><path d="M37.618 11.67c-1.54.5-2.783.98-3.723 1.438-.747.364-1.687.901-2.814 1.61.086 1.882.084 3.463-.009 4.754-.094 1.304-.342 3.173-.746 5.63l-.001.003c2.815 2.028 4.848 3.56 6.11 4.604.163.135.633.584.856.783l4.344-1.82.028-.074c.627-1.347 1.145-3.186 1.54-5.507.322-1.899.376-3.99.159-6.276l-5.744-5.144zm-1.51-2.66l-.085-.302A19.816 19.816 0 0026 6c-1.963 0-3.86.285-5.653.816l-.032.77c-.002.548.006 1.172.025 1.871 1.69.237 3.111.549 4.273.941 1.167.395 2.652 1.07 4.478 2.029 1.39-.887 2.55-1.558 3.49-2.016.946-.461 2.12-.927 3.526-1.4zM22.165 42.95c3.618-.378 6.074-.736 7.317-1.06 1.421-.371 2.7-.724 3.83-1.054.86-2.042 1.409-3.576 1.648-4.6.192-.82.397-1.923.616-3.31-.383-.338-.735-.64-1.056-.906-1.257-1.04-3.38

          Chrome Cache Entry: 132

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:Web Open Font Format (Version 2), TrueType, length 27648, version 1.655
          Category:downloaded
          Size (bytes):27648
          Entropy (8bit):7.993597748090766
          Encrypted:true
          SSDEEP:
          MD5:68A71533D08FF9251D6F179043A4781B
          SHA1:48BD2035DE99B4477D6A2624BD52FCA362394105
          SHA-256:13873C462325BD5D2B2BBB385FE971E1CED14D0D698E2EABB917FDF7A4AF438A
          SHA-512:D149072E304887E0D0C77C3804DA904BAC177018B0142036F63BCFDB07BE0ECAEC825E7C6DDD9DAF0CED0763D5F2AA42DFA1E259FBD993A50C76B19F20A4CC3F
          Malicious:false
          Reputation:unknown
          URL:https://na1.conga-sign.com/assets/slds-2.13.7/fonts/webfonts/SalesforceSans-Bold.woff2
          Preview:wOF2......l........L..k..........................(..~....`..`..>..b..".....P..6.6.$..0..Z.. ..2. ......gpnS4.^...?..t...;.wh.?..s.=w+........?)..a...a...Ap.GV$<.....u..5XN.]G8-R.i....2:.m.QPH...!$...+.m.J..|..b..,Y..>.K.......3.a.<...R.2y5.U.q...;v...m..._.J.}.4.dk.7...3d.1.G...m.n..l. Y.4.Cp~......xx.7...$..|.q......gH.F......?*..d..%..6w;.....e..O...;..>..T*h.2...Gx...~.3..?._P..m..P..m.B.F...tk.U...+VF..Y..b.......~n=.....@FH...,.E$.b.`..6F...v...."...:.........'M(.......`F,...'...+v.w...{~{.3.A....4.9.0.$.2...ZI...D..$..,Q..@.6.....z....P..~...X.;...*.yW-..........%c....2.[.....9..Z.(E...A.?.. ...q...4...%....j.2.+....B.E......aC.m&...r.........a.8L`w.t_.ub..I!.8b9w..``....N......O..WF...b.........2..F`1.+...C...WQ...].,/.v.....V."R.Jj.......6.h........."{f_..3A....l.t9#..??...........pp^Ji.N-..o..a.R..@r~.<u...P.ma..(...7...y..G.$...._CV8.y...I..$.y.Q...{.Bbl..G.WX........Z_....x..3..t..o.Q....U%~.*.R...nJ".dlS..$.....v?P':.d...U.

          Chrome Cache Entry: 133

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (7012)
          Category:downloaded
          Size (bytes):7052
          Entropy (8bit):5.0435418724788095
          Encrypted:false
          SSDEEP:
          MD5:760C4BAE72C381EB38EE92625ECBD791
          SHA1:2321EACAFC6632202354BFC5F016DBBEA9402086
          SHA-256:8015F9A1ABAA9B45C879725FC5427D2FB24124BBA29B77E7EFD6FF1ECE41ED09
          SHA-512:4AC33A0E34FC08D84F7BA047A3B7DA7EC368ED9C6ACFEE54D001296D35613C14DD56C1E8614775D28A8E96C7F670AC42015FA777585E1BD4DA077F56B90D779C
          Malicious:false
          Reputation:unknown
          URL:https://na1.conga-sign.com/css/signing.css
          Preview:@-webkit-keyframes passing-through{0%{opacity:0;-webkit-transform:translateY(40px);transform:translateY(40px)}30%,70%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(-40px);transform:translateY(-40px)}}@keyframes passing-through{0%{opacity:0;-webkit-transform:translateY(40px);transform:translateY(40px)}30%,70%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(-40px);transform:translateY(-40px)}}@-webkit-keyframes slide-in{0%{opacity:0;-webkit-transform:translateY(40px);transform:translateY(40px)}30%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes slide-in{0%{opacity:0;-webkit-transform:translateY(40px);transform:translateY(40px)}30%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes pulse{0%{-webkit-transform:scale(1);transform:scale(1)}10%{-webkit-transform:scale(1.1);transform:scale(1.1)}20%{-webkit-tran

          Chrome Cache Entry: 134

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:HTML document, ASCII text, with very long lines (65536), with no line terminators
          Category:downloaded
          Size (bytes):1529862
          Entropy (8bit):5.094539075787785
          Encrypted:false
          SSDEEP:
          MD5:D60EFC286B9485C7D1E34E8E4ECBC021
          SHA1:B95016CF7BFC00A92EEF6237D83ED668D5DB79E8
          SHA-256:57A2AA793D4D8C3F366EBD0A6D28DDC4726679ED7484A13A3CEE609E4958E9FD
          SHA-512:2C196ABBF531E89508F3DBF391926774C7121C0D5839D76CFA190709FBA48B552F27745D1ED2F98BD5DF60A2285A44871F01BB04A4A2FFE22C3A5AB7C80ECFAE
          Malicious:false
          Reputation:unknown
          URL:https://na1.conga-sign.com/js/commons.js
          Preview:(window.webpackJsonp=window.webpackJsonp||[]).push([[0],{106:function(e,a,i){"use strict";i.d(a,"a",function(){return o});var n=i(5),t=i(11),o=function e(){Object(n.a)(this,e)};o.validateTag=function(e){var a=void 0;return e.value&&e.value.length>(e.maxLength||0)&&(a=t.a.t("sender:writeback.number.exceedsMaxLength")),{value:e.value,error:a}}},107:function(e,a,i){"use strict";i.d(a,"b",function(){return r}),i.d(a,"a",function(){return s});var n=i(5),t=i(106),o=i(11),r=function(e){return/[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?/i.test(e)},s=function e(){Object(n.a)(this,e)};s.validateTag=function(e){var a=t.a.validateTag(e);return!e.value||a.error||r(e.value)||(a.error=o.a.t("sender:writeback.email.invalidFormat")),a}},130:function(e,a,i){"use strict";var n=i(31),t=i.n(n),o=i(32),r=i.n(o),s=new t.a({id:"Signature",use:"Signature-usage",viewBox:"0 0 48 44",content:'<symbol viewBox="0 0 48 44" xmln

          Static File Info

          General

          File type:CDFV2 Microsoft Outlook Message
          Entropy (8bit):4.216047805924497
          TrID:
          • Outlook Message (71009/1) 58.92%
          • Outlook Form Template (41509/1) 34.44%
          • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
          File name:HCCTP Amendment Cohort.msg
          File size:59'904 bytes
          MD5:3bf75cf29b5ec00d4c2b2f9292592c13
          SHA1:8c3b6f8196fb64deb55ec12ab33408020ae3e9b3
          SHA256:19f6df1075f6fa6d18cbef27807a026c9eb5b4018519167b4c74c7aff2e68597
          SHA512:af756b626580a1753bc657e95d3137e5d1d75c1fe6709bf35d3eb5750c5c19f5079c074a8eb26f59b55c229e610c49d90f8afd9c3087d7abe535617ae91f270d
          SSDEEP:768:eu03leKPMG24N0/7U5QQZty39OWMcsElcW6vVnDNB+4P/Yuxl5QQZty39U2pyi11:j03le+B24N8Q5QssQEmW655Qss416
          TLSH:EF43132436FA420AF277EF7149F690979536BCA2AD118E4E3191334E0572A41E9B1F3F
          File Content Preview:........................>......................................................................................................................................................................................................................................

          Static Mail

          General

          Subject:HCCTP Amendment Cohort
          From:Amy Reyes via Conga Sign <sign@na1.conga-sign.com>
          To:Peter Chang <Peter.Chang@gracehealthmi.org>
          Cc:
          BCC:
          Date:Mon, 22 Apr 2024 16:26:55 +0200
          Communications:
          • <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fconga.com%2Fworkflow-automation-software%2Felectronic-signature-online&data=05%7C02%7Cpeter.chang%40gracehealthmi.org%7C1c1f30e1662a490e8f6608dc62d843eb%7C501385e324fe4d2390e84ae2370ff8a3%7C0%7C0%7C638493928215305598%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=FhsTXUL%2F7xWqy4U3yOrSv763IqQxCEfYJHwDCRRaocA%3D&reserved=0> Please Sign Documents Amy Reyes has sent Grace Amendment 1 Cohort.docx for your signature. Good morning! Please see the attached amendment and sign at your earliest convenience. Please let me know if you have any questions. Thank you! Please click on the button below to start the signing process. View Document <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fna1.conga-sign.com%2Fapp%2Fv1%2Fsign%2F4uvm8mb1kbjxh08yu2vo95m4r5oucer7m5654yzwcd4y9mh6hr&data=05%7C02%7Cpeter.chang%40gracehealthmi.org%7C1c1f30e1662a490e8f6608dc62d843eb%7C501385e324fe4d2390e84ae2370ff8a3%7C0%7C0%7C638493928215319901%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=%2BwUXBwVONvfYWsYM%2FYXbPNXTaVLfPCuE%2B2kPy1IGTs4%3D&reserved=0> To reassign the signer, click here <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fna1.conga-sign.com%2Fapp%2Fv1%2Freassign%2F4uvm8mb1kbjxh08yu2vo95m4r5oucer7m5654yzwcd4y9mh6hr&data=05%7C02%7Cpeter.chang%40gracehealthmi.org%7C1c1f30e1662a490e8f6608dc62d843eb%7C501385e324fe4d2390e84ae2370ff8a3%7C0%7C0%7C638493928215332614%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Q6ePtx4UzaqHlMivrDM2dCl4Bml5ATDSwE3nxpLxXiU%3D&reserved=0> To view the audit trail, click here <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fna1.conga-sign.com%2Fapp%2Fv1%2Faudit%2Ftransaction%2F1n7w03gci5nvzwny631t5ypnn7l8bmxot4kv29map8lxtlj060&data=05%7C02%7Cpeter.chang%40gracehealthmi.org%7C1c1f30e1662a490e8f6608dc62d843eb%7C501385e324fe4d2390e84ae2370ff8a3%7C0%7C0%7C638493928215344366%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=SrpqIptPJCzsQZm46Vjr%2BqNhhNhys73UrYw8BIQyR0I%3D&reserved=0> Conga Sign Transaction ID: 1n7w03gci5nvzwny631t5ypnn7l8bmxot4kv29map8lxtlj060 Conga Global Headquarters 13699 Via Varra Broomfield, CO 80020 United States <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fconga.com%2Fworkflow-automation-software%2Felectronic-signature-online&data=05%7C02%7Cpeter.chang%40gracehealthmi.org%7C1c1f30e1662a490e8f6608dc62d843eb%7C501385e324fe4d2390e84ae2370ff8a3%7C0%7C0%7C638493928215355782%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=m3%2BKryKyaWrGXhv%2BOEiYBm5Gsgy5aa3FO%2FoBQYXfPvA%3D&reserved=0>
          Attachments:

            Headers

            Key Value
            Receivedfrom a27-67.smtp-out.us-west-2.amazonses.com (54.240.27.67) by
            (260310b6:610:4d::16) with Microsoft SMTP Server (version=TLS1_2,
            HTTPS; Mon, 22 Apr 2024 1427:01 +0000
            Apr 2024 1426:57 +0000
            Frontend Transport; Mon, 22 Apr 2024 1426:56 +0000
            Authentication-Resultsspf=pass (sender IP is 54.240.27.67)
            Received-SpfPass (protection.outlook.com: domain of
            Dkim-Signaturev=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
            h=DateFrom:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:Feedback-ID;
            DateMon, 22 Apr 2024 14:26:55 +0000
            FromAmy Reyes via Conga Sign <sign@na1.conga-sign.com>
            Reply-ToAmy Reyes <areyes@mpca.net>
            ToPeter Chang <Peter.Chang@gracehealthmi.org>
            Message-Id<0101018f0633e757-62a2d2d6-4243-4795-bb56-f8c2909b3868-000000@us-west-2.amazonses.com>
            Subject=?UTF-8?B?SENDVFAgQW1lbmRtZW50IENvaG9ydA==?=
            MIME-Version1.0
            Content-Typemultipart/mixed;
            Feedback-Id1.us-west-2.Hknlird3WuKpiIMZLiC2psHxwiuFa5Q1JStJI7KAzX0=:AmazonSES
            X-Ses-Outgoing2024.04.22-54.240.27.67
            Return-Path0101018f0633e757-62a2d2d6-4243-4795-bb56-f8c2909b3868-000000@mail.na1.conga-sign.com
            X-Ms-Exchange-Organization-Expirationstarttime22 Apr 2024 14:26:57.1736
            X-Ms-Exchange-Organization-ExpirationstarttimereasonOriginalSubmit
            X-Ms-Exchange-Organization-Expirationinterval1:00:00:00.0000000
            X-Ms-Exchange-Organization-ExpirationintervalreasonOriginalSubmit
            X-Ms-Exchange-Organization-Network-Message-Id1c1f30e1-662a-490e-8f66-08dc62d843eb
            X-Eopattributedmessage0
            X-Eoptenantattributedmessage501385e3-24fe-4d23-90e8-4ae2370ff8a3:0
            X-Ms-Exchange-Organization-MessagedirectionalityIncoming
            X-Ms-PublictraffictypeEmail
            X-Ms-TraffictypediagnosticCH2PEPF0000014A:EE_|PH7PR03MB7090:EE_|CH0PR03MB6099:EE_
            X-Ms-Exchange-Organization-AuthsourceCH2PEPF0000014A.namprd02.prod.outlook.com
            X-Ms-Exchange-Organization-AuthasAnonymous
            X-Ms-Office365-Filtering-Correlation-Id1c1f30e1-662a-490e-8f66-08dc62d843eb
            X-Ms-Exchange-AtpmessagepropertiesSA|SL|HVE
            X-Ms-Exchange-Organization-Scl1
            X-Microsoft-AntispamBCL:3;
            X-Forefront-Antispam-ReportCIP:54.240.27.67;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:a27-67.smtp-out.us-west-2.amazonses.com;PTR:a27-67.smtp-out.us-west-2.amazonses.com;CAT:NONE;SFS:(13230031)(4143199003);DIR:INB;
            X-Ms-Exchange-Crosstenant-Originalarrivaltime22 Apr 2024 14:26:56.8455
            X-Ms-Exchange-Crosstenant-Network-Message-Id1c1f30e1-662a-490e-8f66-08dc62d843eb
            X-Ms-Exchange-Crosstenant-Id501385e3-24fe-4d23-90e8-4ae2370ff8a3
            X-Ms-Exchange-Crosstenant-AuthsourceCH2PEPF0000014A.namprd02.prod.outlook.com
            X-Ms-Exchange-Crosstenant-AuthasAnonymous
            X-Ms-Exchange-Crosstenant-FromentityheaderInternet
            X-Ms-Exchange-Transport-CrosstenantheadersstampedPH7PR03MB7090
            X-Ms-Exchange-Transport-Endtoendlatency00:00:04.5426171
            X-Ms-Exchange-Processed-By-Bccfoldering15.20.7472.035
            X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
            X-Microsoft-Antispam-Message-InfoCjrQRWHNbmN5taZpLWwzeh0TGlJCtlR7BwISAiQ2WFckETuOPE4X99KiVwPLIToM/Lcb1h9AbErcMiuTxKCsoDzq3msbXgdGa5v3fLeuKEztOB5dVKBixUD9Fz7hBiBkS5hSDOpUd63A88dg8zypICYjyDZrirv5ERn+q9aovKBOcvpad2yWMUOSBBlJEkjnUdb7hIbO3yM/JiCMiS7YAn/+2A3rnUI7q3+zfxu9G2c0L05NuMfdWeSg9mZFYSI1LsaqX2agSH6tAMeGfht9J2hRCU0iOH7KZs+y3SiJGAO4qysRYfQva49dSFSs1NOO4DKevB15+cJmWHWkmPQsa9LHNHHrMoHsdKt0NGIxUGbmffLRm5BUWrJk8KEyAqkTpaLAnKA5+JeAhQT2skJY9LujJrnSOtGOxTN9q3j8Bqu7s9A2Z1gegDpLaGfzfhzvoRNW52s+okpQ3zgxi+/37zkTIDwtcwN1Ra1ui1cT92/dUB2n+a8Tju76qDjQXICMKN7QA5M2r+z/dTwp+dDeJuVCIaUr/W94FAMbFFVc2B9nsIKWgEQlveIcOlLUFSsGj4qafcQNIahmGpfbtvPyaaSSfzjJEGESw7PcVfXqwO3arxuiksx+GrRsnZVwX9SmS0Zr9MdsP6OfYbC0ei8rQBxlbIVxbTagH6xLxrxV8zxR5FJPmyc7/A8DdCunhed7yZnKYj3VpGcJOyyJ6/8+E0+sDOZ30LB/Yxw+KUFP9z+liE+HVw1l3IBufoy/V38fEVCcJhuOAvNtBg+7AkOMzi1jAKGupBguZUw26fIYPhpy2Y3x0XI33x8YWCBLh5onSdETmBYVEbOe77SqhC0wIIDxf3Xx/ynIdHpVAUaE6ErSVvsSgb20daS81e9oGMwXlU9fKlqmzmukMkNpJLSFG0wcWGO2a7t4KfvUKfWU4b9TG6MVEQhiie5PJ/9MVDWYJD0JV2qTjBNa+4PAXhWmUTRRziArZbeIURK8c25r5WUXDvaC6Q3dlS/7x5qHNFIxPRvUsV8B96t2k9gYT15mGdYV7zzCwub3aNygjpWHw+m0UQMdpUpLUBgMoluN06jz6lhsUNqE1LHHrvlSTuhN+X1oBl2ag1oPE6FJE+rVyqR2qxRGix1ynxvnbSm9fXIUrmStKPeEwaiQTzQO742SU8yrFGSGj5CgWbkHiqyEfzU9qre+rIrlFsizGcWMeui/IcjnG3p4NwXNE/N/b3/kabR0ji8IIi+opXThkg1PbyPLB47nGyBqLfKrhYhZlW7Tc2lIl7iDZkoQSoA24EmLOAKRrA8DsOyzpt8Rxr4daGTVmtgs91AkS6VZYm55yV8xbs0b/KFhRioGBzFCmSY8OnVewqGj2iO+EqzHj7JulXGg72Q1TxvdhAIm1IKZNE+ZEFVs1pKtNOJHJYWMDqqpaRboNpWL5o+HyLJzEnAXpj/2SK6LwVfriHh0FTzUUyEtzY5eyatEI1q+iXQFPNX+neyJ9/C0D4/TeZ8lS4sUONvvBEIN7wXreXDMVAGtgAm413BFDZPxSb20z/cnchUONgL42vwazRW5brCDCQAMFqYac0hcLD5Rs7AVPMQZpDVGNVmbEiUd9EBNUnTJbv1Aij72gkEcIcG2z7AEyYC1MqwiyzA2gR7WqTUKk+MVi1WdWVismV1ODFs+gChNKoMsPSwwEx/FI5+ke0EIvTcdyfK2dM7OBsYFxobuT9gDAXSonoyg8dnNFrB257Spewbu+x3cdeFBuDvNcO8sWemcdMTWdxuAhkEUJh4TUBgbXwf1L9b+n28Z2zlYKbUM65Mn1PLdIfnSsx6elT7AqdK+hcf1qvfOLk0BN1cqCgurg+8ZMkopZsyVLx1abUq+4QuZkCsYSH72gbiqlphn8/VdRs0klGwzxuNhxjVDKbkKzwVtXsSk+DGITsMO30eoy4w7Zh1Sod1Cqd8mKqtQZvVqBXyx2JrEi0QXlSxVYIJOodhtQEbURixFuhHdNXLYmqzL1VOGehWIVRq4MtHQvCGPGPk=
            Content-Transfer-Encoding7bit
            dateMon, 22 Apr 2024 16:26:55 +0200

            File Icon

            Icon Hash:c4e1928eacb280a2