Windows
Analysis Report
HCCTP Amendment Cohort.msg
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
Analysis Advice
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis |
- System is w10x64_ra
- OUTLOOK.EXE (PID: 7156 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /f "C:\Users \user\Desk top\HCCTP Amendment Cohort.msg " MD5: 91A5292942864110ED734005B7E005C0) - ai.exe (PID: 3008 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "972 29DED-A3E6 -4961-8B58 -950342133 98C" "ABDD F01F-72F1- 44D2-B515- FC900A969E 04" "7156" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD) - chrome.exe (PID: 4360 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// nam02.safe links.prot ection.out look.com/? url=https% 3A%2F%2Fna 1.conga-si gn.com%2Fa pp%2Fv1%2F audit%2Ftr ansaction% 2F1n7w03gc i5nvzwny63 1t5ypnn7l8 bmxot4kv29 map8lxtlj0 60&data=05 %7C02%7Cpe ter.chang% 40gracehea lthmi.org% 7C1c1f30e1 662a490e8f 6608dc62d8 43eb%7C501 385e324fe4 d2390e84ae 2370ff8a3% 7C0%7C0%7C 6384939282 15344366%7 CUnknown%7 CTWFpbGZsb 3d8eyJWIjo iMC4wLjAwM DAiLCJQIjo iV2luMzIiL CJBTiI6Ik1 haWwiLCJXV CI6Mn0%3D% 7C0%7C%7C% 7C&sdata=S rpqIptPJCz sQZm46Vjr% 2BqNhhNhys 73UrYw8BIQ yR0I%3D&re served=0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 5872 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2088 --fi eld-trial- handle=160 0,i,379930 8633222476 533,328135 2149495727 952,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | ML Model on OCR Text: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Memory has grown: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key value queried: |
Source: | Window found: |
Source: | Window detected: |
Source: | Key opened: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Process information queried: |
Source: | Queries volume information: |
Source: | Key value queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 12 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 Extra Window Memory Injection | 1 Extra Window Memory Injection | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
nam02.safelinks.protection.outlook.com | 104.47.57.28 | true | false | high | |
www.google.com | 142.250.141.99 | true | false | high | |
na1.conga-sign.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.113.194.132 | unknown | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
142.250.141.99 | www.google.com | United States | 15169 | GOOGLEUS | false | |
52.168.117.170 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
142.251.2.84 | unknown | United States | 15169 | GOOGLEUS | false | |
142.251.2.95 | unknown | United States | 15169 | GOOGLEUS | false | |
104.47.57.28 | nam02.safelinks.protection.outlook.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.251.2.139 | unknown | United States | 15169 | GOOGLEUS | false | |
104.18.5.8 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
104.18.4.8 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
142.250.141.95 | unknown | United States | 15169 | GOOGLEUS | false | |
74.125.137.94 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.141.94 | unknown | United States | 15169 | GOOGLEUS | false | |
52.109.0.91 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
IP |
---|
192.168.2.16 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431137 |
Start date and time: | 2024-04-24 16:18:40 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | HCCTP Amendment Cohort.msg |
Detection: | CLEAN |
Classification: | clean2.winMSG@18/38@8/34 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.109.0.91
- Excluded domains from analysis (whitelisted): config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, us.configsvc1.live.com.akadns.net, wus-azsc-config.officeapps.live.com, officeclient.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: HCCTP Amendment Cohort.msg
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 231348 |
Entropy (8bit): | 4.384924030308438 |
Encrypted: | false |
SSDEEP: | |
MD5: | DD998E66EA429D0FF33400F72033A90B |
SHA1: | 9735FA3EEBF41BD2B45408163291E097A1FC624D |
SHA-256: | 26C6DE3954DB8A534366541D5F1A0A34D61D780742FFD0FE4487B215B6C600A9 |
SHA-512: | 470011ABE7382834F5216766E0B5C4F107D72FF87697F7843C01A195FC0E6C7B61301BB353DB6996FAED42DF502E5AC94C3D512573C058F45A068C639471EE21 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\E148727F-8419-4775-BF9F-03EEE81A3F35
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 166203 |
Entropy (8bit): | 5.340910632994062 |
Encrypted: | false |
SSDEEP: | |
MD5: | A5692E393A812035EA24954E113E07C5 |
SHA1: | B116D7F08C8017EE62BA3798F34600AB095C1007 |
SHA-256: | A884306B033AB9F9C7D3CB4636496D6EDD81D3AF6DF853CA86B5E74F2CD17909 |
SHA-512: | 36F81EF7B0ABB639BA914533345CC3159AF514131931781F916A74040DDE181DA2A3A4F59031E2F722C96922EFFACB083A949D132EF0FA518B4221207070E8E4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.04550711117052959 |
Encrypted: | false |
SSDEEP: | |
MD5: | 707B3B0A36616FDA16A3A42F550A669E |
SHA1: | E85A6E04FA2D2DD18F78D033EE9530C271307E01 |
SHA-256: | 5BDBC3B5048FCB4A7271796ED69B7D9336809DF2B922291A6447A72A8A82A6DF |
SHA-512: | 06B0D080465D27F89479C380BE2BF126BB1E76ABF147A253077DA21C6B1F528D3B8D16EC5F4F95FBBF03FA809E4FF3A1AD400D7466256ED65660B543F341F2E1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 49472 |
Entropy (8bit): | 0.48419437778084057 |
Encrypted: | false |
SSDEEP: | |
MD5: | AE8687510F204F6B48A86D6EF95C2152 |
SHA1: | 5C0FF7D1B02EB65B5AF16437FA5E73AC29A2500F |
SHA-256: | 03B5502C790850AB4DAA7DF81073E28B69C4DE8C908A798468E0A599214AE049 |
SHA-512: | FA8C54180FF935D4A6819E98A4C3AD19FF0E5F11C845A0C1859E42A380907C41498397854BAC3A325163FFBC79654EB26EB9A6C011883C4114DBD46FEE3F8E4F |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{C79D9D39-861A-4074-B197-825B37009D59}.tmp
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 11276 |
Entropy (8bit): | 3.7659968580668757 |
Encrypted: | false |
SSDEEP: | |
MD5: | CA45432580425A62A883B8D7CE3FA971 |
SHA1: | 496BF0BF8E0F278DE79DF3CB3870780B510FA58C |
SHA-256: | 996A1A01B0804490E5B85D955822D931F49C8ACC99AE721B23C2CE4384ABC26E |
SHA-512: | C31A1B2A7FE0182437EE3C772A3D4F937A797D5F309A030B2D48E8A0EF96A9C2E6A0C8D7704FA26590677E9E88102DA75D802B26E4A894B257885DC81980C3E5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1713968353692256400_4FC479C7-7DD7-484E-B140-40531E0EB0F8.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.15988035004489104 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1B0AF6B202E369C41F32DD38640A33AC |
SHA1: | 9A6A7724AC5A91E35C2B25829EA4352766EE4E98 |
SHA-256: | BAD06799FA3B620031EA6B3F765996BE5CF7A7EF41138702116AFFFB52DCD589 |
SHA-512: | 38E8D357BE281CF72CA21583C07134B531B69A0F9FA9817EFF4D4E6E3A8207D4B4CBCA01FB6D814AA2B2606DC7FA07ACAA4349FF11E65D3DB11B074E90091144 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1713968353693102600_4FC479C7-7DD7-484E-B140-40531E0EB0F8.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240424T1619130387-7156.etl
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 81920 |
Entropy (8bit): | 4.418257699321459 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8FB74F88E0C2E9C468379211EBCAC3E4 |
SHA1: | F4E957AB33A0CBCFE811FE2336B81F72F31EA3B9 |
SHA-256: | B43257E44795404077F1E1C22513005C1206074D09B268DF988C23D2371247A0 |
SHA-512: | F9ADE21500136446A2095055C7AE44CA32E7A35F84017473B7F1726F9F6D3CA84E9A48A33343C11A8460508738538BAB1239D105413A0C38049EC53141CC6321 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 163840 |
Entropy (8bit): | 0.4194948034935513 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6ACB3DC0F4ED778D72CA5A27F90567F6 |
SHA1: | 1D77C8E3115ABE476C49DDFD0EEE36D156108E74 |
SHA-256: | E5846F484FDE1ACA260C2185DA2C2126E7B5002446035983B6943205211C7F92 |
SHA-512: | 1327F91F96061A3D1853ADAD0A8380D197F56F1F70163A12DB94D5E2A9170908C395A21AAED037DE6731D14E4B0E5FB975F0E98F6A21BC5EECDE683B76EE2D34 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 30 |
Entropy (8bit): | 1.2389205950315936 |
Encrypted: | false |
SSDEEP: | |
MD5: | E3B48A189A7461C5567E4A7A0DB3A01E |
SHA1: | EA51491E83A419DD2A29D452DA1240FA3FDC2CFB |
SHA-256: | 9B8450EC176D14D9A496136E05948C9A53DE707A5A9C994A1B9F879F5424983F |
SHA-512: | C7EED4D6CE0165935A2077D0E21F89CC2B9EEA2F9DDC84507ACF847EF3CB4C2E1A8A3717B9253BF8A799348CC094C15DC4AC6071E773BFD79EFF0B79BE25C5E2 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.9746143182342224 |
Encrypted: | false |
SSDEEP: | |
MD5: | C8CF864FA24562B21309CDEFA410A80D |
SHA1: | 27421CD0BB44725D9E58B5CF7AE13AC0D9CB6F4B |
SHA-256: | 07B1507F0BDC9BFCE95C8AC62EAC23C87D343859623FE1818A192E9FBBFDC5B5 |
SHA-512: | 2B82E4E9C23571E31E137E0FADDB00D2633B18A22696F156DAA8B43278A33BA27F80D336F9E678C161AEA3B870C04135A4EE2DE974E9EBDF89F407DF5909A3DF |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 3.9924092431470566 |
Encrypted: | false |
SSDEEP: | |
MD5: | EF1B64D713D9BA6555F2D2C3CDC55C5E |
SHA1: | 7298747607103344E2DF42393B57975FF0D00FF2 |
SHA-256: | F8F178658061BFE0BF97247106F17C84E9CD64A9EC5874AC2D606485329921B3 |
SHA-512: | 7490112C5B34CE36A73C3306FC3FF3EE4621CC828FDA97DF29217E7E307C3EAF39679A8BF46A60C0079A72EDDA03750539D92BF1221C01E90EDE22044DBB6A5F |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.004242707987002 |
Encrypted: | false |
SSDEEP: | |
MD5: | B6C48B0714956FCFB8D3B34A55F73C27 |
SHA1: | 6DD94FCF853FFF6F30B8B637D8F3087489EAE10D |
SHA-256: | 29B636244F9E2F7F23C5F339BD94811A837540F90ED0BE930464DF1BDF296ED5 |
SHA-512: | 52FA9219032510EF24D10479B708ED1BBF21DEE099317B126B58422900DE10AD754D40C2AED7D63F3301500F34D89DC6993B40D242F48FAD0E76C4FC8B0A20D1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.992287076592008 |
Encrypted: | false |
SSDEEP: | |
MD5: | 966C8E9CD39B7CDD40AF660A4FC9AE33 |
SHA1: | 161BC7EA0A2A757A07C092E14C995563E6AD5682 |
SHA-256: | 65EA02DA7A3609FA9A3B995F6DE5494472F065B6EF80244F25A8E09473AA2CEB |
SHA-512: | 9E1650542AC14BDD47F39B4AF0B428B7C3B566A817F6CDD5FE8EF943BCD7D206F65C9530FCD3B42C2D54BD324C09E731B758899EB6F0F8D11F175C5B09961552 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9776624917630774 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5FCE21D22E02786E05EB1C28CE4AF1F9 |
SHA1: | 8E5BA5C11A78580EE887848A465C10A662E88D15 |
SHA-256: | A895A371EF9BE63C5FCF51F9322E2CC337A1DDBE6B5BE538A42C24121E4AC04B |
SHA-512: | 5092E5AACC13F8C547ECC6F3AEED5749FD2EA8B3F8197F88A26DB429846844B357024A3023D7B3ED13F83A191F44C15812A61D76208B32398826D94FAB9E2785 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9906831343821563 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8D66E6A59F375E917C6B7A7995F41C8B |
SHA1: | D4ED6CE31095B1B67FAD1FC4F6C4DC49499AD089 |
SHA-256: | FFC85546BF9060C129195C29FCFBB0A72FB87E7ABCDDC02437EC98DF1195F2DB |
SHA-512: | D4F10388D4710A66738DE30A4AF4BDE1C2760B7A6DB08487D4FD588EA408C17DC5A8A9F3F5586FC8DF434E5007A19AB8D46E17EAD6DB3446A0BF65AB05F1CD59 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 271360 |
Entropy (8bit): | 1.1232860241945493 |
Encrypted: | false |
SSDEEP: | |
MD5: | D6B58559184906F6E99F0B582225C5F9 |
SHA1: | 4D8F191EF1885CF1A765C148B5E021E4AE3F35CC |
SHA-256: | F95A9DAAB05FB2D18C947AF96CDF8F5B7FBF6A29D5D7BB4A492156C0E70F0468 |
SHA-512: | E6B31C98B07CE0E6B9A7F8950C3594E6D3AAC511AF1CCE576953F7ECA2337C876219CD818196FCF7B3BC392DABA395719C70B9914F5DD5259328AC7A5491FE1D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 1.2133787593085514 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0F60BFAE169B59177F9DBD8349FEF1DD |
SHA1: | 671C21416EDEB169D86F80EF37663B687BB6B8EF |
SHA-256: | 5BE79C87F04457DDAE65FFFFF51D67C943369BCB9843FA4466701A798787C9FA |
SHA-512: | A222993D28F4DA878726BBFDA62686C5C687E5CDB694DA832EE117A1D9E143739421CF0D21E411DC0499BFA0876F040A768DD2A27B793E8FE9938D3654E09CF8 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 111051 |
Entropy (8bit): | 4.419307707324505 |
Encrypted: | false |
SSDEEP: | |
MD5: | BC58DC756A611AB80BB20287314EBD67 |
SHA1: | D6C9B7710ECC5596FAF31D9BED285187F81F06C6 |
SHA-256: | 364EB0641ED5F5E960AE8829984E53ADAE8D8EBD55D543D5E6CAE6639F5422F7 |
SHA-512: | D9B83EFE05E948B29096F0727FB2780D863AF8E5DB3500EAFB7BC5965112DDC955CF7AA9BA4002B242B4EF947FBE21F85BC2237BBFFDBFEBCBE05058CEF946E1 |
Malicious: | false |
Reputation: | unknown |
URL: | https://na1.conga-sign.com/assets/slds-2.13.7/icons/action-sprite/svg/symbols.svg |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1005 |
Entropy (8bit): | 5.3490570540744775 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0290C9B1F21978AF1C4CAA4C7780F490 |
SHA1: | C9F5F18A1A04A8946F4413087754B7E0DA6A45DB |
SHA-256: | 68ACEAF731C618AA59CD671FC92792ED7080979F1F4A21DB4CBDF6AA34C28763 |
SHA-512: | FEF53ED1DE732B72EA25553C0F73FEDC3568ACE206D6667F780E29921193AE29FA2565F39C1C186E94FBF356B5ABC124B9850B0C2B7C6A0FC957D67CC4ACA26F |
Malicious: | false |
Reputation: | unknown |
URL: | https://na1.conga-sign.com/api/rest/v1/audit/transaction/1n7w03gci5nvzwny631t5ypnn7l8bmxot4kv29map8lxtlj060 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3660 |
Entropy (8bit): | 5.435149962349383 |
Encrypted: | false |
SSDEEP: | |
MD5: | D1D45B0C3865B84C4504F2589065CED4 |
SHA1: | 10416B17055912D31E6536627A8CFDCFC7D58409 |
SHA-256: | 0035B8079661F57E4DB0F68215FA03A9C1C1D271BECE9BC1B11120045036ADB8 |
SHA-512: | 9F96D1F49A3BEA24DD56BE2C5C7DC248EAC5F70AFDE5A0B78F4D3D9D62618F6D121452EF7ACA6B254C529EFAF88C78649AC03D1DC8C9D4B09E589E30BA4D3C84 |
Malicious: | false |
Reputation: | unknown |
URL: | "https://fonts.googleapis.com/css?family=Montserrat:400,800&display=swap" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 205493 |
Entropy (8bit): | 5.407486719741078 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2E49F1794AF082D57E6B8EC1E0B3DA35 |
SHA1: | B3781076C7D59708B5149E065D402C1585895AB7 |
SHA-256: | 211BE8412D2A03D9A107C580BF8AB4B74A1D18C5C9CF66862A5A3B8AB94533E6 |
SHA-512: | 888A30EEDE25134C0DB633E84E5C9D6356296081047087977280EB5E7BB10B93B122AB02184247807899493E20868D827543D529B6529A04F6E9444B6A57B891 |
Malicious: | false |
Reputation: | unknown |
URL: | https://na1.conga-sign.com/js/signing.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3209 |
Entropy (8bit): | 5.465347837575404 |
Encrypted: | false |
SSDEEP: | |
MD5: | 59ABDBD460D8C779B05FDA137189F694 |
SHA1: | 01FF96EAEBA22925FF83E8103963C431DFA86327 |
SHA-256: | BC3ED3E3FBC6B8F56694B44F1763A680701AEC9370CC2848A065CAE1E090C4B5 |
SHA-512: | E31026DE16AA9B480C515EEE28EB03067AB28D5838652F7C9EAB5A167C6462D8E5BF81D05D52E798F1F9BECED37F102326240BC68B98EBE9CE541BA8A962416F |
Malicious: | false |
Reputation: | unknown |
URL: | https://fonts.googleapis.com/css?family=Dancing+Script|Great+Vibes|Homemade+Apple|Shadows+Into+Light |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 7860 |
Entropy (8bit): | 4.857721326607264 |
Encrypted: | false |
SSDEEP: | |
MD5: | DD29D67E1A4FCF68188051229AAE19D7 |
SHA1: | 84E159E266CCA21771E74BB63149CDAB32B5796B |
SHA-256: | FBB64D0DDC10103054BEA69CCD048E6C5AC31FC887B7D9A52C219A49B9B7045B |
SHA-512: | AB873B1DF5B3845DAE947B344A081D8690014981D132868060999A22A850E97997DD348F612D90577F3FED04FA19190F43EAC161C159CCA05792D2A4C2B874BF |
Malicious: | false |
Reputation: | unknown |
URL: | https://na1.conga-sign.com/css/normalize.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 728853 |
Entropy (8bit): | 5.008744034251802 |
Encrypted: | false |
SSDEEP: | |
MD5: | 101A4C056FF300EC1DCFAAA5DA43E8C7 |
SHA1: | 14E7F161C974BD7A79918D21BA7F5FE6104C651C |
SHA-256: | B50887E79938A1FC1E65FBA72155C2DA996E05419E29E7B787B03C196A13275D |
SHA-512: | 7F866F00ED0DC30102B6DD715BCFCCC681D4BC99C1012F555FA4E05E34D1B57B5C2535D8D22DD67DA11041B5B031CDB01F13B4060A4D697C34ABC2DA2020B68C |
Malicious: | false |
Reputation: | unknown |
URL: | https://na1.conga-sign.com/assets/slds-2.13.7/styles/salesforce-lightning-design-system.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 279 |
Entropy (8bit): | 4.5442348409359825 |
Encrypted: | false |
SSDEEP: | |
MD5: | 530047707F69228C0FF0995FA7F4C7B1 |
SHA1: | E4A8F77845F5B56D07FE13C4F6BE5D4488050149 |
SHA-256: | A1DF1BD903D31872B62842B88DBBBBE020FBD5BCC6FC3AFF5242C33C71A9843C |
SHA-512: | C5A9C8F0F1DA98523200C8673CF066BE7AC11AC2A6B5AB3E9F33E26E77ACFE9427D2276DE93F5807F4905919363872972FBC1AD31F40B63C3C215693F9FCC618 |
Malicious: | false |
Reputation: | unknown |
URL: | https://na1.conga-sign.com/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 27684 |
Entropy (8bit): | 7.992296056012318 |
Encrypted: | true |
SSDEEP: | |
MD5: | AA41AFDACEB8B78C56529555448BCF44 |
SHA1: | 03D934B119785F6130103507ECFF57EB19F05BE9 |
SHA-256: | 6F2251079DB9FDE7D456BA66A9294899F3024DAC928BEC71B3CE42E1568F304F |
SHA-512: | D2DD37566D4CFF30102B565FEE5D10889509C493061331CC64F01450694D2D2A264FB3A7D8E47BEB25D38260FAA26A627B16AC9FC7E0ED656DA0E44DB1423999 |
Malicious: | false |
Reputation: | unknown |
URL: | https://na1.conga-sign.com/assets/slds-2.13.7/fonts/webfonts/SalesforceSans-Regular.woff2 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 6009655 |
Entropy (8bit): | 5.503963736334185 |
Encrypted: | false |
SSDEEP: | |
MD5: | 419588B4EF15BC528C6B8A9C43E86FA1 |
SHA1: | DD98A4A48BD83AB47225B2A863487E6876582297 |
SHA-256: | 910E1AB471CE13C4A65CCAD0129AF5F61E6FF2C3891DD20DF7050F7BE03A1E7E |
SHA-512: | 671077B3AF8F615FB0675D5E7DF325E5E8627BF49B9604742BA5555318875ECA010CF3CD70BD7B192C94B89BE38E4AE70432A90A7406ECC7B2A162E7D307B8A2 |
Malicious: | false |
Reputation: | unknown |
URL: | https://na1.conga-sign.com/js/vendor.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1772 |
Entropy (8bit): | 4.930782218507327 |
Encrypted: | false |
SSDEEP: | |
MD5: | DF09A6CDA755E6187E63E5F87DA31D9C |
SHA1: | CF3DCC2A071B4B3548CB8424790500E5FB6431AF |
SHA-256: | C242BBA9CA099EB8D590223F03CA931CD6614CE26C19A73920DE5062081D6233 |
SHA-512: | CE2DF5DF46CE33808C562689C1FB1D0349E57DF07F4A27D82DC3346ACE7400BDE00CFCB388BB07BDAAA532F511BC000D67B1C53536B5E06BE76597E37B89646E |
Malicious: | false |
Reputation: | unknown |
URL: | https://na1.conga-sign.com/app/v1/audit/transaction/1n7w03gci5nvzwny631t5ypnn7l8bmxot4kv29map8lxtlj060 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2585 |
Entropy (8bit): | 4.8388337900583815 |
Encrypted: | false |
SSDEEP: | |
MD5: | 154F1C6C3C862AADF9F5451B06DCB62C |
SHA1: | 9AE54DCA6997DB3474B44B1A0EF62DC33285F349 |
SHA-256: | A683C98B4D9C31B2E48D2D7914739C1E9502C4464F8206C89D1EF899CBF146ED |
SHA-512: | D70A55D78842767C37445FB2E5E64C44754F4653B6A07735A39D67F623C9FF4A01CBE15922D08ED7B6B6B76E51E9D0B43936546D6BF8E6A1B8A63C84C1F70106 |
Malicious: | false |
Reputation: | unknown |
URL: | https://na1.conga-sign.com/css/vendor.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 40 |
Entropy (8bit): | 4.327567157116928 |
Encrypted: | false |
SSDEEP: | |
MD5: | EC6D7379FFD3BB0120AC8A370DB6526C |
SHA1: | C3829D186DEAA1B79AD7F24C1FC8043444F143FC |
SHA-256: | A0940565FA044BC39102FED226721595030099CE6044A82AD0899DA6CFA58ADD |
SHA-512: | 3E85CD5636D0F68623E991D5407392A446FE0FFB58CD552F6F1D53E8DDA9A4A7F96AAC8D1FA5474578668871A03D3860B9A6496E59EB4151DE95268295ADB172 |
Malicious: | false |
Reputation: | unknown |
URL: | https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgm_N-Nl4lRosRIFDcRx4FYSBQ0DkH4eEgUN3BRWKw==?alt=proto |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1488 |
Entropy (8bit): | 5.181595218855637 |
Encrypted: | false |
SSDEEP: | |
MD5: | F2F5DA9C5BB7DC4D7547B2F153F14A2B |
SHA1: | C4233394B4C63742D4A0EEE75778FA6F53E7D21B |
SHA-256: | 217A44333ECDF9F60049A634EC4D75DD76B6E0E6DB40020E36669BD9A7A3B09A |
SHA-512: | EA3674B376893C7B461BA693EADE9C0C974D0C667C262C78AF64BEC5B300516AC3F6E500D3078FBD302C859FCBEF2B927C3653C55AF21F4846980F8C9751B7A3 |
Malicious: | false |
Reputation: | unknown |
URL: | https://na1.conga-sign.com/js/runtime.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 45582 |
Entropy (8bit): | 5.878742323693449 |
Encrypted: | false |
SSDEEP: | |
MD5: | F41243117CFFB30331ED7AE49F9880CB |
SHA1: | A8F9EB5BCA3F01DFFD036DCE7854360A760F5231 |
SHA-256: | 5436D4C0647A353324DA0B85A0AB3F6DCF55CEA689F59BE2CAB33AB8D5F7FB7B |
SHA-512: | 92BF237955A12829221E36AE5450EF6B3700CAC9848560BE8A362D294A3E11757905CE6CDFF1940C3DEF1B69F378FE8C9BACD72419A7A0E020A74800D5889D1E |
Malicious: | false |
Reputation: | unknown |
URL: | https://na1.conga-sign.com/css/commons.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 404 |
Entropy (8bit): | 4.679841485153656 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3D52CACD40D60CB2C8B2EEAE78CA3BF5 |
SHA1: | 7464A6B2C495FB113CF961315E286259FBECD464 |
SHA-256: | 3E179705FAF6BFABAFB99FC0025E9BCFD8761C106B34A3EDD430C4753B87F01C |
SHA-512: | BFC4AA48C86A4A949E24EE54557CBF057EE91DFA677FC0BCD3ACBC754FA0D87FEBA3EA2E58CFDF23E568564AD2266225B8152C940960030B7BCE9221E5056ABC |
Malicious: | false |
Reputation: | unknown |
URL: | https://na1.conga-sign.com/css/global.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 263630 |
Entropy (8bit): | 4.425243489430615 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3D89470A3645C21AE98A6EEA86B59EB8 |
SHA1: | 302C300A96315D9595A836EF4A7C82CBBA96AA15 |
SHA-256: | 4140292D2F6170694FBA8A847FBD4E9DEF89C105A0344B3DE8F4BB380CD86DC4 |
SHA-512: | 2406F9E0ADF6048C931605144DEF1A482116C9FBD29DAFA40AA28B2A05AC69849370FFE0F575752D0C6CE05A0C5ABACCC34026C7C0407AE26BEAD4CA045218C7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 27648 |
Entropy (8bit): | 7.993597748090766 |
Encrypted: | true |
SSDEEP: | |
MD5: | 68A71533D08FF9251D6F179043A4781B |
SHA1: | 48BD2035DE99B4477D6A2624BD52FCA362394105 |
SHA-256: | 13873C462325BD5D2B2BBB385FE971E1CED14D0D698E2EABB917FDF7A4AF438A |
SHA-512: | D149072E304887E0D0C77C3804DA904BAC177018B0142036F63BCFDB07BE0ECAEC825E7C6DDD9DAF0CED0763D5F2AA42DFA1E259FBD993A50C76B19F20A4CC3F |
Malicious: | false |
Reputation: | unknown |
URL: | https://na1.conga-sign.com/assets/slds-2.13.7/fonts/webfonts/SalesforceSans-Bold.woff2 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 7052 |
Entropy (8bit): | 5.0435418724788095 |
Encrypted: | false |
SSDEEP: | |
MD5: | 760C4BAE72C381EB38EE92625ECBD791 |
SHA1: | 2321EACAFC6632202354BFC5F016DBBEA9402086 |
SHA-256: | 8015F9A1ABAA9B45C879725FC5427D2FB24124BBA29B77E7EFD6FF1ECE41ED09 |
SHA-512: | 4AC33A0E34FC08D84F7BA047A3B7DA7EC368ED9C6ACFEE54D001296D35613C14DD56C1E8614775D28A8E96C7F670AC42015FA777585E1BD4DA077F56B90D779C |
Malicious: | false |
Reputation: | unknown |
URL: | https://na1.conga-sign.com/css/signing.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1529862 |
Entropy (8bit): | 5.094539075787785 |
Encrypted: | false |
SSDEEP: | |
MD5: | D60EFC286B9485C7D1E34E8E4ECBC021 |
SHA1: | B95016CF7BFC00A92EEF6237D83ED668D5DB79E8 |
SHA-256: | 57A2AA793D4D8C3F366EBD0A6D28DDC4726679ED7484A13A3CEE609E4958E9FD |
SHA-512: | 2C196ABBF531E89508F3DBF391926774C7121C0D5839D76CFA190709FBA48B552F27745D1ED2F98BD5DF60A2285A44871F01BB04A4A2FFE22C3A5AB7C80ECFAE |
Malicious: | false |
Reputation: | unknown |
URL: | https://na1.conga-sign.com/js/commons.js |
Preview: |
File type: | |
Entropy (8bit): | 4.216047805924497 |
TrID: |
|
File name: | HCCTP Amendment Cohort.msg |
File size: | 59'904 bytes |
MD5: | 3bf75cf29b5ec00d4c2b2f9292592c13 |
SHA1: | 8c3b6f8196fb64deb55ec12ab33408020ae3e9b3 |
SHA256: | 19f6df1075f6fa6d18cbef27807a026c9eb5b4018519167b4c74c7aff2e68597 |
SHA512: | af756b626580a1753bc657e95d3137e5d1d75c1fe6709bf35d3eb5750c5c19f5079c074a8eb26f59b55c229e610c49d90f8afd9c3087d7abe535617ae91f270d |
SSDEEP: | 768:eu03leKPMG24N0/7U5QQZty39OWMcsElcW6vVnDNB+4P/Yuxl5QQZty39U2pyi11:j03le+B24N8Q5QssQEmW655Qss416 |
TLSH: | EF43132436FA420AF277EF7149F690979536BCA2AD118E4E3191334E0572A41E9B1F3F |
File Content Preview: | ........................>...................................................................................................................................................................................................................................... |
Subject: | HCCTP Amendment Cohort |
From: | Amy Reyes via Conga Sign <sign@na1.conga-sign.com> |
To: | Peter Chang <Peter.Chang@gracehealthmi.org> |
Cc: | |
BCC: | |
Date: | Mon, 22 Apr 2024 16:26:55 +0200 |
Communications: |
|
Attachments: |
Key | Value |
---|---|
Received | from a27-67.smtp-out.us-west-2.amazonses.com (54.240.27.67) by |
(2603 | 10b6:610:4d::16) with Microsoft SMTP Server (version=TLS1_2, |
HTTPS; Mon, 22 Apr 2024 14 | 27:01 +0000 |
Apr 2024 14 | 26:57 +0000 |
Frontend Transport; Mon, 22 Apr 2024 14 | 26:56 +0000 |
Authentication-Results | spf=pass (sender IP is 54.240.27.67) |
Received-Spf | Pass (protection.outlook.com: domain of |
Dkim-Signature | v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; |
h=Date | From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:Feedback-ID; |
Date | Mon, 22 Apr 2024 14:26:55 +0000 |
From | Amy Reyes via Conga Sign <sign@na1.conga-sign.com> |
Reply-To | Amy Reyes <areyes@mpca.net> |
To | Peter Chang <Peter.Chang@gracehealthmi.org> |
Message-Id | <0101018f0633e757-62a2d2d6-4243-4795-bb56-f8c2909b3868-000000@us-west-2.amazonses.com> |
Subject | =?UTF-8?B?SENDVFAgQW1lbmRtZW50IENvaG9ydA==?= |
MIME-Version | 1.0 |
Content-Type | multipart/mixed; |
Feedback-Id | 1.us-west-2.Hknlird3WuKpiIMZLiC2psHxwiuFa5Q1JStJI7KAzX0=:AmazonSES |
X-Ses-Outgoing | 2024.04.22-54.240.27.67 |
Return-Path | 0101018f0633e757-62a2d2d6-4243-4795-bb56-f8c2909b3868-000000@mail.na1.conga-sign.com |
X-Ms-Exchange-Organization-Expirationstarttime | 22 Apr 2024 14:26:57.1736 |
X-Ms-Exchange-Organization-Expirationstarttimereason | OriginalSubmit |
X-Ms-Exchange-Organization-Expirationinterval | 1:00:00:00.0000000 |
X-Ms-Exchange-Organization-Expirationintervalreason | OriginalSubmit |
X-Ms-Exchange-Organization-Network-Message-Id | 1c1f30e1-662a-490e-8f66-08dc62d843eb |
X-Eopattributedmessage | 0 |
X-Eoptenantattributedmessage | 501385e3-24fe-4d23-90e8-4ae2370ff8a3:0 |
X-Ms-Exchange-Organization-Messagedirectionality | Incoming |
X-Ms-Publictraffictype | |
X-Ms-Traffictypediagnostic | CH2PEPF0000014A:EE_|PH7PR03MB7090:EE_|CH0PR03MB6099:EE_ |
X-Ms-Exchange-Organization-Authsource | CH2PEPF0000014A.namprd02.prod.outlook.com |
X-Ms-Exchange-Organization-Authas | Anonymous |
X-Ms-Office365-Filtering-Correlation-Id | 1c1f30e1-662a-490e-8f66-08dc62d843eb |
X-Ms-Exchange-Atpmessageproperties | SA|SL|HVE |
X-Ms-Exchange-Organization-Scl | 1 |
X-Microsoft-Antispam | BCL:3; |
X-Forefront-Antispam-Report | CIP:54.240.27.67;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:a27-67.smtp-out.us-west-2.amazonses.com;PTR:a27-67.smtp-out.us-west-2.amazonses.com;CAT:NONE;SFS:(13230031)(4143199003);DIR:INB; |
X-Ms-Exchange-Crosstenant-Originalarrivaltime | 22 Apr 2024 14:26:56.8455 |
X-Ms-Exchange-Crosstenant-Network-Message-Id | 1c1f30e1-662a-490e-8f66-08dc62d843eb |
X-Ms-Exchange-Crosstenant-Id | 501385e3-24fe-4d23-90e8-4ae2370ff8a3 |
X-Ms-Exchange-Crosstenant-Authsource | CH2PEPF0000014A.namprd02.prod.outlook.com |
X-Ms-Exchange-Crosstenant-Authas | Anonymous |
X-Ms-Exchange-Crosstenant-Fromentityheader | Internet |
X-Ms-Exchange-Transport-Crosstenantheadersstamped | PH7PR03MB7090 |
X-Ms-Exchange-Transport-Endtoendlatency | 00:00:04.5426171 |
X-Ms-Exchange-Processed-By-Bccfoldering | 15.20.7472.035 |
X-Microsoft-Antispam-Mailbox-Delivery | ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198); |
X-Microsoft-Antispam-Message-Info | CjrQRWHNbmN5taZpLWwzeh0TGlJCtlR7BwISAiQ2WFckETuOPE4X99KiVwPLIToM/Lcb1h9AbErcMiuTxKCsoDzq3msbXgdGa5v3fLeuKEztOB5dVKBixUD9Fz7hBiBkS5hSDOpUd63A88dg8zypICYjyDZrirv5ERn+q9aovKBOcvpad2yWMUOSBBlJEkjnUdb7hIbO3yM/JiCMiS7YAn/+2A3rnUI7q3+zfxu9G2c0L05NuMfdWeSg9mZFYSI1LsaqX2agSH6tAMeGfht9J2hRCU0iOH7KZs+y3SiJGAO4qysRYfQva49dSFSs1NOO4DKevB15+cJmWHWkmPQsa9LHNHHrMoHsdKt0NGIxUGbmffLRm5BUWrJk8KEyAqkTpaLAnKA5+JeAhQT2skJY9LujJrnSOtGOxTN9q3j8Bqu7s9A2Z1gegDpLaGfzfhzvoRNW52s+okpQ3zgxi+/37zkTIDwtcwN1Ra1ui1cT92/dUB2n+a8Tju76qDjQXICMKN7QA5M2r+z/dTwp+dDeJuVCIaUr/W94FAMbFFVc2B9nsIKWgEQlveIcOlLUFSsGj4qafcQNIahmGpfbtvPyaaSSfzjJEGESw7PcVfXqwO3arxuiksx+GrRsnZVwX9SmS0Zr9MdsP6OfYbC0ei8rQBxlbIVxbTagH6xLxrxV8zxR5FJPmyc7/A8DdCunhed7yZnKYj3VpGcJOyyJ6/8+E0+sDOZ30LB/Yxw+KUFP9z+liE+HVw1l3IBufoy/V38fEVCcJhuOAvNtBg+7AkOMzi1jAKGupBguZUw26fIYPhpy2Y3x0XI33x8YWCBLh5onSdETmBYVEbOe77SqhC0wIIDxf3Xx/ynIdHpVAUaE6ErSVvsSgb20daS81e9oGMwXlU9fKlqmzmukMkNpJLSFG0wcWGO2a7t4KfvUKfWU4b9TG6MVEQhiie5PJ/9MVDWYJD0JV2qTjBNa+4PAXhWmUTRRziArZbeIURK8c25r5WUXDvaC6Q3dlS/7x5qHNFIxPRvUsV8B96t2k9gYT15mGdYV7zzCwub3aNygjpWHw+m0UQMdpUpLUBgMoluN06jz6lhsUNqE1LHHrvlSTuhN+X1oBl2ag1oPE6FJE+rVyqR2qxRGix1ynxvnbSm9fXIUrmStKPeEwaiQTzQO742SU8yrFGSGj5CgWbkHiqyEfzU9qre+rIrlFsizGcWMeui/IcjnG3p4NwXNE/N/b3/kabR0ji8IIi+opXThkg1PbyPLB47nGyBqLfKrhYhZlW7Tc2lIl7iDZkoQSoA24EmLOAKRrA8DsOyzpt8Rxr4daGTVmtgs91AkS6VZYm55yV8xbs0b/KFhRioGBzFCmSY8OnVewqGj2iO+EqzHj7JulXGg72Q1TxvdhAIm1IKZNE+ZEFVs1pKtNOJHJYWMDqqpaRboNpWL5o+HyLJzEnAXpj/2SK6LwVfriHh0FTzUUyEtzY5eyatEI1q+iXQFPNX+neyJ9/C0D4/TeZ8lS4sUONvvBEIN7wXreXDMVAGtgAm413BFDZPxSb20z/cnchUONgL42vwazRW5brCDCQAMFqYac0hcLD5Rs7AVPMQZpDVGNVmbEiUd9EBNUnTJbv1Aij72gkEcIcG2z7AEyYC1MqwiyzA2gR7WqTUKk+MVi1WdWVismV1ODFs+gChNKoMsPSwwEx/FI5+ke0EIvTcdyfK2dM7OBsYFxobuT9gDAXSonoyg8dnNFrB257Spewbu+x3cdeFBuDvNcO8sWemcdMTWdxuAhkEUJh4TUBgbXwf1L9b+n28Z2zlYKbUM65Mn1PLdIfnSsx6elT7AqdK+hcf1qvfOLk0BN1cqCgurg+8ZMkopZsyVLx1abUq+4QuZkCsYSH72gbiqlphn8/VdRs0klGwzxuNhxjVDKbkKzwVtXsSk+DGITsMO30eoy4w7Zh1Sod1Cqd8mKqtQZvVqBXyx2JrEi0QXlSxVYIJOodhtQEbURixFuhHdNXLYmqzL1VOGehWIVRq4MtHQvCGPGPk= |
Content-Transfer-Encoding | 7bit |
date | Mon, 22 Apr 2024 16:26:55 +0200 |
Icon Hash: | c4e1928eacb280a2 |