Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
phish_alert_iocp_v1.4.48 - 2025-03-17T084047.721.eml

Overview

General Information

Sample name:phish_alert_iocp_v1.4.48 - 2025-03-17T084047.721.eml
Analysis ID:1640737
MD5:2bab93f3dc18ae6aeac4ba56e4726125
SHA1:f2ee48046a5c543104ad0c5e4a267c696004e066
SHA256:cfd1fef2eea301d091591171e715203f4ff52870e353769eb28d79558c5d20b1
Infos:

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected suspicious elements in Email content
AI detected suspicious elements in Email header
Creates files inside the system directory
Deletes files inside the Windows folder
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Suspicious Office Outbound Connections
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6444 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_iocp_v1.4.48 - 2025-03-17T084047.721.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7040 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "F9ACA226-BD77-4FD9-B33F-0722A3D6C145" "8ABC551F-092E-4229-92C7-46352E66104C" "6444" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 5900 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://clicktime.cloud.postoffice.net/clicktime.php?U=https://www.docusign.net/Signing/EmailStart.aspx%3Fa%3D0349abe6-59fd-4941-a3fa-c96839edd019%26etti%3D24%26acct%3D5997d405-bb04-4738-bc80-c2b109861a16%26er%3D3b506db4-b6da-43ee-8300-c5b681e9553f&E=jschlotfeldt%40firstfedweb.com&X=XID497dcmHtO6860Xd1&T=FF1001&HV=U,E,X,T&H=871a15a0444af75cc2f8e90b09335b14d83f6226 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 5284 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1928,i,4773977405421634386,6700473896864359675,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2016 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 2, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6444, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\ColleagueImport.ColleagueImportAddin\LoadCount
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.17, DestinationIsIpv6: false, DestinationPort: 49700, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, Initiated: true, ProcessId: 6444, Protocol: tcp, SourceIp: 52.123.130.14, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: EmailJoe Sandbox AI: Page contains button: 'REVIEW DOCUMENT' Source: 'Email'
Source: EmailJoe Sandbox AI: Email contains prominent button: 'review document'
AI detected suspicious elements in Email content
Source: EmailJoe Sandbox AI: Detected potential phishing email: The email uses clicktime.cloud.postoffice.net as an intermediary for all DocuSign links instead of direct DocuSign URLs. The sender's email domain (docusign.net) appears legitimate but the actual sender name/email combination is suspicious. The email creates urgency with an expiration notice while requesting electronic signature
AI detected suspicious elements in Email header
Source: EmailJoe Sandbox AI: Detected suspicious elements in Email header: The email claims to be from DocuSign (docusign.net) but shows suspicious routing patterns. The message contains an unusually long and complex x-microsoft-antispam-message-info value, which is atypical. The boundary string '00B0FEED_message_boundary' appears artificially constructed and is not typical of legitimate DocuSign emails. The x-forefront-antispam-report shows multiple spam categories and filtering attempts. Despite being supposedly whitelisted, the BCL (Bulk Compliant Level) is 3, indicating potential bulk/spam characteristics. The PTR record points to 'postin02.mbox.net' which is not consistent with legitimate DocuSign infrastructure. The combination of authentication headers and routing patterns suggests this is likely a sophisticated phishing attempt mimicking DocuSign
Source: EmailClassification: Credential Stealer
Source: unknownHTTPS traffic detected: 165.212.65.140:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 165.212.65.140:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 165.212.65.140:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 165.212.65.140:443 -> 192.168.2.17:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.248.184.180:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.184.228:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.16.202.98:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.248.184.180:443 -> 192.168.2.17:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.248.184.180:443 -> 192.168.2.17:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.16.202.98:443 -> 192.168.2.17:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.22.61.153:443 -> 192.168.2.17:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.186.241.51:443 -> 192.168.2.17:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 107.178.240.159:443 -> 192.168.2.17:49751 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 1MB later: 38MB
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.17:49700 -> 52.123.130.14:443
Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 184.86.251.25
Source: global trafficHTTP traffic detected: GET /clicktime.php?U=https://www.docusign.net/Signing/EmailStart.aspx%3Fa%3D0349abe6-59fd-4941-a3fa-c96839edd019%26etti%3D24%26acct%3D5997d405-bb04-4738-bc80-c2b109861a16%26er%3D3b506db4-b6da-43ee-8300-c5b681e9553f&E=jschlotfeldt%40firstfedweb.com&X=XID497dcmHtO6860Xd1&T=FF1001&HV=U,E,X,T&H=871a15a0444af75cc2f8e90b09335b14d83f6226 HTTP/1.1Host: clicktime.cloud.postoffice.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Signing/EmailStart.aspx?a=0349abe6-59fd-4941-a3fa-c96839edd019&etti=24&acct=5997d405-bb04-4738-bc80-c2b109861a16&er=3b506db4-b6da-43ee-8300-c5b681e9553f HTTP/1.1Host: www.docusign.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Signing/EmailStart.aspx?a=0349abe6-59fd-4941-a3fa-c96839edd019&etti=24&acct=5997d405-bb04-4738-bc80-c2b109861a16&er=3b506db4-b6da-43ee-8300-c5b681e9553f&AspxAutoDetectCookieSupport=1 HTTP/1.1Host: www.docusign.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pv=SE102FE61_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1=!pljlfTxolIN4NjL17aWdENg448Gnd1tX/8EGGBWhw5Nbanv7MPHgtOQI6I7oAxlGDwRExuqR94xApAQ=
Source: global trafficHTTP traffic detected: GET /Signing/EmailStart.aspx?a=0349abe6-59fd-4941-a3fa-c96839edd019&etti=24&acct=5997d405-bb04-4738-bc80-c2b109861a16&er=3b506db4-b6da-43ee-8300-c5b681e9553f&AspxAutoDetectCookieSupport=1&persistent_auth_token=no_client_token HTTP/1.1Host: www.docusign.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.docusign.net/Signing/EmailStart.aspx?a=0349abe6-59fd-4941-a3fa-c96839edd019&etti=24&acct=5997d405-bb04-4738-bc80-c2b109861a16&er=3b506db4-b6da-43ee-8300-c5b681e9553f&AspxAutoDetectCookieSupport=1Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pv=SE102FE61_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1=!pljlfTxolIN4NjL17aWdENg448Gnd1tX/8EGGBWhw5Nbanv7MPHgtOQI6I7oAxlGDwRExuqR94xApAQ=; ssid=l513jo5fwybnzk3uvz5nufsj; MemberConsoleMobile=
Source: global trafficHTTP traffic detected: GET /Signing/Error.aspx?e=229cea61-7c68-4664-a170-e80ef501058a&scope=031b1d9a-2c35-4be7-887c-0922f1f3bda3 HTTP/1.1Host: www.docusign.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.docusign.net/Signing/EmailStart.aspx?a=0349abe6-59fd-4941-a3fa-c96839edd019&etti=24&acct=5997d405-bb04-4738-bc80-c2b109861a16&er=3b506db4-b6da-43ee-8300-c5b681e9553f&AspxAutoDetectCookieSupport=1Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pv=SE102FE61_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1=!pljlfTxolIN4NjL17aWdENg448Gnd1tX/8EGGBWhw5Nbanv7MPHgtOQI6I7oAxlGDwRExuqR94xApAQ=; ssid=l513jo5fwybnzk3uvz5nufsj; MemberConsoleMobile=; DSSessionAttributes=EnvelopeId:229cea61-7c68-4664-a170-e80ef501058a,SenderAccountId:9712da09-95f8-484f-955d-fc2afe5ae7fa,RecipientAccountId:5997d405-bb04-4738-bc80-c2b109861a16,RecipientId:3b506db4-b6da-43ee-8300-c5b681e9553f
Source: global trafficHTTP traffic detected: GET /Signing/StyleSheets/Framework.css HTTP/1.1Host: www.docusign.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.docusign.net/Signing/Error.aspx?e=229cea61-7c68-4664-a170-e80ef501058a&scope=031b1d9a-2c35-4be7-887c-0922f1f3bda3Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pv=SE102FE61_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1=!pljlfTxolIN4NjL17aWdENg448Gnd1tX/8EGGBWhw5Nbanv7MPHgtOQI6I7oAxlGDwRExuqR94xApAQ=; ssid=l513jo5fwybnzk3uvz5nufsj; MemberConsoleMobile=; DSSessionAttributes=EnvelopeId:229cea61-7c68-4664-a170-e80ef501058a,SenderAccountId:9712da09-95f8-484f-955d-fc2afe5ae7fa,RecipientAccountId:5997d405-bb04-4738-bc80-c2b109861a16,RecipientId:3b506db4-b6da-43ee-8300-c5b681e9553f
Source: global trafficHTTP traffic detected: GET /production/1ds/widgets/@ds/signing/25.3.41-7/css/font-faces.css?cs=516634927 HTTP/1.1Host: docucdn-a.akamaihd.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://www.docusign.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Signing/StyleSheetsDev/ErrorExpired.css HTTP/1.1Host: www.docusign.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.docusign.net/Signing/Error.aspx?e=229cea61-7c68-4664-a170-e80ef501058a&scope=031b1d9a-2c35-4be7-887c-0922f1f3bda3Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pv=SE102FE61_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1=!pljlfTxolIN4NjL17aWdENg448Gnd1tX/8EGGBWhw5Nbanv7MPHgtOQI6I7oAxlGDwRExuqR94xApAQ=; ssid=l513jo5fwybnzk3uvz5nufsj; MemberConsoleMobile=; DSSessionAttributes=EnvelopeId:229cea61-7c68-4664-a170-e80ef501058a,SenderAccountId:9712da09-95f8-484f-955d-fc2afe5ae7fa,RecipientAccountId:5997d405-bb04-4738-bc80-c2b109861a16,RecipientId:3b506db4-b6da-43ee-8300-c5b681e9553f
Source: global trafficHTTP traffic detected: GET /Signing/client_scripts/jQuery/jquery-3.6.4.min.js HTTP/1.1Host: www.docusign.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.docusign.net/Signing/Error.aspx?e=229cea61-7c68-4664-a170-e80ef501058a&scope=031b1d9a-2c35-4be7-887c-0922f1f3bda3Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pv=SE102FE61_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1=!pljlfTxolIN4NjL17aWdENg448Gnd1tX/8EGGBWhw5Nbanv7MPHgtOQI6I7oAxlGDwRExuqR94xApAQ=; ssid=l513jo5fwybnzk3uvz5nufsj; MemberConsoleMobile=; DSSessionAttributes=EnvelopeId:229cea61-7c68-4664-a170-e80ef501058a,SenderAccountId:9712da09-95f8-484f-955d-fc2afe5ae7fa,RecipientAccountId:5997d405-bb04-4738-bc80-c2b109861a16,RecipientId:3b506db4-b6da-43ee-8300-c5b681e9553f
Source: global trafficHTTP traffic detected: GET /Signing/client_scripts/jQuery/jquery-migrate-3.4.1.min.js HTTP/1.1Host: www.docusign.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.docusign.net/Signing/Error.aspx?e=229cea61-7c68-4664-a170-e80ef501058a&scope=031b1d9a-2c35-4be7-887c-0922f1f3bda3Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pv=SE102FE61_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1=!pljlfTxolIN4NjL17aWdENg448Gnd1tX/8EGGBWhw5Nbanv7MPHgtOQI6I7oAxlGDwRExuqR94xApAQ=; ssid=l513jo5fwybnzk3uvz5nufsj; MemberConsoleMobile=; DSSessionAttributes=EnvelopeId:229cea61-7c68-4664-a170-e80ef501058a,SenderAccountId:9712da09-95f8-484f-955d-fc2afe5ae7fa,RecipientAccountId:5997d405-bb04-4738-bc80-c2b109861a16,RecipientId:3b506db4-b6da-43ee-8300-c5b681e9553f
Source: global trafficHTTP traffic detected: GET /Signing/Image.aspx?i=logo&l=e3765763-f09c-491f-96d8-93abfc74234d HTTP/1.1Host: www.docusign.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.docusign.net/Signing/Error.aspx?e=229cea61-7c68-4664-a170-e80ef501058a&scope=031b1d9a-2c35-4be7-887c-0922f1f3bda3Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pv=SE102FE61_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1=!pljlfTxolIN4NjL17aWdENg448Gnd1tX/8EGGBWhw5Nbanv7MPHgtOQI6I7oAxlGDwRExuqR94xApAQ=; ssid=l513jo5fwybnzk3uvz5nufsj; MemberConsoleMobile=; DSSessionAttributes=EnvelopeId:229cea61-7c68-4664-a170-e80ef501058a,SenderAccountId:9712da09-95f8-484f-955d-fc2afe5ae7fa,RecipientAccountId:5997d405-bb04-4738-bc80-c2b109861a16,RecipientId:3b506db4-b6da-43ee-8300-c5b681e9553f
Source: global trafficHTTP traffic detected: GET /Signing/Images/linkExpired/linkExpiredResentAuto.png HTTP/1.1Host: www.docusign.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.docusign.net/Signing/Error.aspx?e=229cea61-7c68-4664-a170-e80ef501058a&scope=031b1d9a-2c35-4be7-887c-0922f1f3bda3Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pv=SE102FE61_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1=!pljlfTxolIN4NjL17aWdENg448Gnd1tX/8EGGBWhw5Nbanv7MPHgtOQI6I7oAxlGDwRExuqR94xApAQ=; ssid=l513jo5fwybnzk3uvz5nufsj; MemberConsoleMobile=; DSSessionAttributes=EnvelopeId:229cea61-7c68-4664-a170-e80ef501058a,SenderAccountId:9712da09-95f8-484f-955d-fc2afe5ae7fa,RecipientAccountId:5997d405-bb04-4738-bc80-c2b109861a16,RecipientId:3b506db4-b6da-43ee-8300-c5b681e9553f
Source: global trafficHTTP traffic detected: GET /olive/images/2.63.0/global-assets/ds-logo-inverse.svg HTTP/1.1Host: docucdn-a.akamaihd.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://www.docusign.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Signing/Image.aspx?i=logo&l=e3765763-f09c-491f-96d8-93abfc74234d HTTP/1.1Host: www.docusign.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pv=SE102FE61_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1=!pljlfTxolIN4NjL17aWdENg448Gnd1tX/8EGGBWhw5Nbanv7MPHgtOQI6I7oAxlGDwRExuqR94xApAQ=; ssid=l513jo5fwybnzk3uvz5nufsj; MemberConsoleMobile=; DSSessionAttributes=EnvelopeId:229cea61-7c68-4664-a170-e80ef501058a,SenderAccountId:9712da09-95f8-484f-955d-fc2afe5ae7fa,RecipientAccountId:5997d405-bb04-4738-bc80-c2b109861a16,RecipientId:3b506db4-b6da-43ee-8300-c5b681e9553f
Source: global trafficHTTP traffic detected: GET /Signing/Images/controls/btn_arrow_u.png HTTP/1.1Host: www.docusign.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.docusign.net/Signing/Error.aspx?e=229cea61-7c68-4664-a170-e80ef501058a&scope=031b1d9a-2c35-4be7-887c-0922f1f3bda3Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pv=SE102FE61_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1=!pljlfTxolIN4NjL17aWdENg448Gnd1tX/8EGGBWhw5Nbanv7MPHgtOQI6I7oAxlGDwRExuqR94xApAQ=; ssid=l513jo5fwybnzk3uvz5nufsj; MemberConsoleMobile=; DSSessionAttributes=EnvelopeId:229cea61-7c68-4664-a170-e80ef501058a,SenderAccountId:9712da09-95f8-484f-955d-fc2afe5ae7fa,RecipientAccountId:5997d405-bb04-4738-bc80-c2b109861a16,RecipientId:3b506db4-b6da-43ee-8300-c5b681e9553f
Source: global trafficHTTP traffic detected: GET /Signing/Images/linkExpired/linkExpiredResentAuto.png HTTP/1.1Host: www.docusign.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pv=SE102FE61_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1=!pljlfTxolIN4NjL17aWdENg448Gnd1tX/8EGGBWhw5Nbanv7MPHgtOQI6I7oAxlGDwRExuqR94xApAQ=; ssid=l513jo5fwybnzk3uvz5nufsj; MemberConsoleMobile=; DSSessionAttributes=EnvelopeId:229cea61-7c68-4664-a170-e80ef501058a,SenderAccountId:9712da09-95f8-484f-955d-fc2afe5ae7fa,RecipientAccountId:5997d405-bb04-4738-bc80-c2b109861a16,RecipientId:3b506db4-b6da-43ee-8300-c5b681e9553f
Source: global trafficHTTP traffic detected: GET /v/static/mixpanel-2-2-1b.js HTTP/1.1Host: docucdn-a.akamaihd.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://www.docusign.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /production/1ds/widgets/@ds/signing/25.3.41-7/fonts/maven-pro/MavenPro-Regular.woff HTTP/1.1Host: docucdn-a.akamaihd.netConnection: keep-aliveOrigin: https://www.docusign.netsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://docucdn-a.akamaihd.net/production/1ds/widgets/@ds/signing/25.3.41-7/css/font-faces.css?cs=516634927Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Signing/Images/controls/btn_arrow_u.png HTTP/1.1Host: www.docusign.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pv=SE102FE61_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1=!pljlfTxolIN4NjL17aWdENg448Gnd1tX/8EGGBWhw5Nbanv7MPHgtOQI6I7oAxlGDwRExuqR94xApAQ=; ssid=l513jo5fwybnzk3uvz5nufsj; MemberConsoleMobile=; DSSessionAttributes=EnvelopeId:229cea61-7c68-4664-a170-e80ef501058a,SenderAccountId:9712da09-95f8-484f-955d-fc2afe5ae7fa,RecipientAccountId:5997d405-bb04-4738-bc80-c2b109861a16,RecipientId:3b506db4-b6da-43ee-8300-c5b681e9553f
Source: global trafficHTTP traffic detected: GET /olive/images/2.63.0/global-assets/ds-logo-inverse.svg HTTP/1.1Host: docucdn-a.akamaihd.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyIkb3MiOiAiV2luZG93cyIsIiRicm93c2VyIjogIkNocm9tZSIsIiRyZWZlcnJpbmdfZG9tYWluIjogInd3dy5kb2N1c2lnbi5uZXQiLCIkc2NyZWVuX2hlaWdodCI6IDEwMjQsIiRzY3JlZW5fd2lkdGgiOiAxMjgwLCJtcF9saWIiOiAid2ViIiwiZGlzdGluY3RfaWQiOiAiOUEzREFCNEREQjM0MjMxRjIzNTE0MUY5OTQzRjJDNDBDMDI1MzE4NSIsIiRpbml0aWFsX3JlZmVycmluZ19kb21haW4iOiAid3d3LmRvY3VzaWduLm5ldCIsIm1wX3BhZ2UiOiAid3d3LmRvY3VzaWduLm5ldCIsIm1wX3JlZmVycmVyIjogInd3dy5kb2N1c2lnbi5uZXQiLCJtcF9icm93c2VyIjogIkNocm9tZSIsIm1wX3BsYXRmb3JtIjogIldpbmRvd3MiLCJ0b2tlbiI6ICIzMDRjY2JkZTI0ZDNiMTVmZmUyZDVkZTMwYzEwZGFiMiJ9fQ%3D%3D&ip=1&_=1742226147847 HTTP/1.1Host: api.mixpanel.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: https://www.docusign.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://www.docusign.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /olive/images/2.63.0/global-assets/ds-icons-favicon-default-16x16.png HTTP/1.1Host: docucdn-a.akamaihd.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://www.docusign.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyIkb3MiOiAiV2luZG93cyIsIiRicm93c2VyIjogIkNocm9tZSIsIiRyZWZlcnJpbmdfZG9tYWluIjogInd3dy5kb2N1c2lnbi5uZXQiLCIkc2NyZWVuX2hlaWdodCI6IDEwMjQsIiRzY3JlZW5fd2lkdGgiOiAxMjgwLCJtcF9saWIiOiAid2ViIiwiZGlzdGluY3RfaWQiOiAiOUEzREFCNEREQjM0MjMxRjIzNTE0MUY5OTQzRjJDNDBDMDI1MzE4NSIsIiRpbml0aWFsX3JlZmVycmluZ19kb21haW4iOiAid3d3LmRvY3VzaWduLm5ldCIsIm1wX3BhZ2UiOiAid3d3LmRvY3VzaWduLm5ldCIsIm1wX3JlZmVycmVyIjogInd3dy5kb2N1c2lnbi5uZXQiLCJtcF9icm93c2VyIjogIkNocm9tZSIsIm1wX3BsYXRmb3JtIjogIldpbmRvd3MiLCJ0b2tlbiI6ICIzMDRjY2JkZTI0ZDNiMTVmZmUyZDVkZTMwYzEwZGFiMiJ9fQ%3D%3D&ip=1&_=1742226147847 HTTP/1.1Host: api.mixpanel.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /olive/images/2.63.0/global-assets/ds-icons-favicon-default-16x16.png HTTP/1.1Host: docucdn-a.akamaihd.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: clicktime.cloud.postoffice.net
Source: global trafficDNS traffic detected: DNS query: www.docusign.net
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: docucdn-a.akamaihd.net
Source: global trafficDNS traffic detected: DNS query: api.mixpanel.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 165.212.65.140:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 165.212.65.140:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 165.212.65.140:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 165.212.65.140:443 -> 192.168.2.17:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.248.184.180:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.184.228:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.16.202.98:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.248.184.180:443 -> 192.168.2.17:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.248.184.180:443 -> 192.168.2.17:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.16.202.98:443 -> 192.168.2.17:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.22.61.153:443 -> 192.168.2.17:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.186.241.51:443 -> 192.168.2.17:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 107.178.240.159:443 -> 192.168.2.17:49751 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5900_1586482781
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir5900_1586482781
Source: classification engineClassification label: mal52.winEML@23/15@16/186
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250317T1142060719-6444.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_iocp_v1.4.48 - 2025-03-17T084047.721.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "F9ACA226-BD77-4FD9-B33F-0722A3D6C145" "8ABC551F-092E-4229-92C7-46352E66104C" "6444" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "F9ACA226-BD77-4FD9-B33F-0722A3D6C145" "8ABC551F-092E-4229-92C7-46352E66104C" "6444" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://clicktime.cloud.postoffice.net/clicktime.php?U=https://www.docusign.net/Signing/EmailStart.aspx%3Fa%3D0349abe6-59fd-4941-a3fa-c96839edd019%26etti%3D24%26acct%3D5997d405-bb04-4738-bc80-c2b109861a16%26er%3D3b506db4-b6da-43ee-8300-c5b681e9553f&E=jschlotfeldt%40firstfedweb.com&X=XID497dcmHtO6860Xd1&T=FF1001&HV=U,E,X,T&H=871a15a0444af75cc2f8e90b09335b14d83f6226
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1928,i,4773977405421634386,6700473896864359675,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2016 /prefetch:3
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://clicktime.cloud.postoffice.net/clicktime.php?U=https://www.docusign.net/Signing/EmailStart.aspx%3Fa%3D0349abe6-59fd-4941-a3fa-c96839edd019%26etti%3D24%26acct%3D5997d405-bb04-4738-bc80-c2b109861a16%26er%3D3b506db4-b6da-43ee-8300-c5b681e9553f&E=jschlotfeldt%40firstfedweb.com&X=XID497dcmHtO6860Xd1&T=FF1001&HV=U,E,X,T&H=871a15a0444af75cc2f8e90b09335b14d83f6226
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1928,i,4773977405421634386,6700473896864359675,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2016 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935} DeviceTicket
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation21
Browser Extensions		1
Process Injection		11
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Modify Registry		LSASS Memory12
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
File Deletion		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Extra Window Memory Injection		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.docusign.net/Signing/EmailStart.aspx?a=0349abe6-59fd-4941-a3fa-c96839edd019&etti=24&acct=5997d405-bb04-4738-bc80-c2b109861a16&er=3b506db4-b6da-43ee-8300-c5b681e9553f&AspxAutoDetectCookieSupport=10%Avira URL Cloudsafe
https://www.docusign.net/Signing/EmailStart.aspx?a=0349abe6-59fd-4941-a3fa-c96839edd019&etti=24&acct=5997d405-bb04-4738-bc80-c2b109861a16&er=3b506db4-b6da-43ee-8300-c5b681e9553f&AspxAutoDetectCookieSupport=1&persistent_auth_token=no_client_token0%Avira URL Cloudsafe
https://www.docusign.net/Signing/Error.aspx?e=229cea61-7c68-4664-a170-e80ef501058a&scope=031b1d9a-2c35-4be7-887c-0922f1f3bda30%Avira URL Cloudsafe
https://clicktime.cloud.postoffice.net/clicktime.php?U=https://www.docusign.net/Signing/EmailStart.aspx%3Fa%3D0349abe6-59fd-4941-a3fa-c96839edd019%26etti%3D24%26acct%3D5997d405-bb04-4738-bc80-c2b109861a16%26er%3D3b506db4-b6da-43ee-8300-c5b681e9553f&E=jschlotfeldt%40firstfedweb.com&X=XID497dcmHtO6860Xd1&T=FF1001&HV=U,E,X,T&H=871a15a0444af75cc2f8e90b09335b14d83f62260%Avira URL Cloudsafe
https://www.docusign.net/Signing/EmailStart.aspx?a=0349abe6-59fd-4941-a3fa-c96839edd019&etti=24&acct=5997d405-bb04-4738-bc80-c2b109861a16&er=3b506db4-b6da-43ee-8300-c5b681e9553f0%Avira URL Cloudsafe
https://www.docusign.net/Signing/client_scripts/jQuery/jquery-migrate-3.4.1.min.js0%Avira URL Cloudsafe
https://www.docusign.net/Signing/StyleSheets/Framework.css0%Avira URL Cloudsafe
https://docucdn-a.akamaihd.net/production/1ds/widgets/@ds/signing/25.3.41-7/css/font-faces.css?cs=5166349270%Avira URL Cloudsafe
https://www.docusign.net/Signing/Image.aspx?i=logo&l=e3765763-f09c-491f-96d8-93abfc74234d0%Avira URL Cloudsafe
https://docucdn-a.akamaihd.net/production/1ds/widgets/@ds/signing/25.3.41-7/fonts/maven-pro/MavenPro-Regular.woff0%Avira URL Cloudsafe
https://www.docusign.net/Signing/Images/controls/btn_arrow_u.png0%Avira URL Cloudsafe
https://www.docusign.net/Signing/client_scripts/jQuery/jquery-3.6.4.min.js0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
a1737.b.akamai.net
2.16.202.98
truefalse
    		high
    clicktime.cloud.postoffice.net
    		165.212.65.140
    		truetrue
      		unknown
      na1-se.docusign.net.akadns.net
      		162.248.184.180
      		truefalse
        		high
        www.google.com
        		142.250.184.228
        		truefalse
          		high
          s-0005.dual-s-dc-msedge.net
          		52.123.130.14
          		truefalse
            		high
            api.mixpanel.com
            		35.186.241.51
            		truefalse
              		high
              www.docusign.net
              		unknown
              		unknownfalse
                		unknown
                docucdn-a.akamaihd.net
                		unknown
                		unknownfalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://docucdn-a.akamaihd.net/production/1ds/widgets/@ds/signing/25.3.41-7/fonts/maven-pro/MavenPro-Regular.wofffalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://www.docusign.net/Signing/EmailStart.aspx?a=0349abe6-59fd-4941-a3fa-c96839edd019&etti=24&acct=5997d405-bb04-4738-bc80-c2b109861a16&er=3b506db4-b6da-43ee-8300-c5b681e9553f&AspxAutoDetectCookieSupport=1true
                  • Avira URL Cloud: safe
                  		unknown
                  https://clicktime.cloud.postoffice.net/clicktime.php?U=https://www.docusign.net/Signing/EmailStart.aspx%3Fa%3D0349abe6-59fd-4941-a3fa-c96839edd019%26etti%3D24%26acct%3D5997d405-bb04-4738-bc80-c2b109861a16%26er%3D3b506db4-b6da-43ee-8300-c5b681e9553f&E=jschlotfeldt%40firstfedweb.com&X=XID497dcmHtO6860Xd1&T=FF1001&HV=U,E,X,T&H=871a15a0444af75cc2f8e90b09335b14d83f6226true
                  • Avira URL Cloud: safe
                  		unknown
                  https://www.docusign.net/Signing/Images/controls/btn_arrow_u.pngfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://docucdn-a.akamaihd.net/production/1ds/widgets/@ds/signing/25.3.41-7/css/font-faces.css?cs=516634927false
                  • Avira URL Cloud: safe
                  		unknown
                  https://www.docusign.net/Signing/client_scripts/jQuery/jquery-migrate-3.4.1.min.jsfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://docucdn-a.akamaihd.net/olive/images/2.63.0/global-assets/ds-icons-favicon-default-16x16.pngfalse
                    		high
                    https://www.docusign.net/Signing/Image.aspx?i=logo&l=e3765763-f09c-491f-96d8-93abfc74234dfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.docusign.net/Signing/client_scripts/jQuery/jquery-3.6.4.min.jsfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.docusign.net/Signing/EmailStart.aspx?a=0349abe6-59fd-4941-a3fa-c96839edd019&etti=24&acct=5997d405-bb04-4738-bc80-c2b109861a16&er=3b506db4-b6da-43ee-8300-c5b681e9553ftrue
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.docusign.net/Signing/Error.aspx?e=229cea61-7c68-4664-a170-e80ef501058a&scope=031b1d9a-2c35-4be7-887c-0922f1f3bda3false
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.docusign.net/Signing/StyleSheets/Framework.cssfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.docusign.net/Signing/EmailStart.aspx?a=0349abe6-59fd-4941-a3fa-c96839edd019&etti=24&acct=5997d405-bb04-4738-bc80-c2b109861a16&er=3b506db4-b6da-43ee-8300-c5b681e9553f&AspxAutoDetectCookieSupport=1&persistent_auth_token=no_client_tokentrue
                    • Avira URL Cloud: safe
                    		unknown
                    https://docucdn-a.akamaihd.net/olive/images/2.63.0/global-assets/ds-logo-inverse.svgfalse
                      		high

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      35.186.241.51
                      		api.mixpanel.comUnited States
                      		15169GOOGLEUSfalse
                      1.1.1.1
                      		unknownAustralia
                      		13335CLOUDFLARENETUSfalse
                      2.16.202.98
                      		a1737.b.akamai.netEuropean Union
                      		16625AKAMAI-ASUSfalse
                      52.123.130.14
                      		s-0005.dual-s-dc-msedge.netUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      172.217.16.206
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      142.250.186.163
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      20.189.173.2
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      2.22.61.153
                      		unknownEuropean Union
                      		20940AKAMAI-ASN1EUfalse
                      162.248.184.180
                      		na1-se.docusign.net.akadns.netUnited States
                      		62856DOCUS-6-PRODUSfalse
                      2.19.11.103
                      		unknownEuropean Union
                      		719ELISA-ASHelsinkiFinlandEUfalse
                      165.212.65.140
                      		clicktime.cloud.postoffice.netUnited States
                      		14454PERIMETER-ESECURITYUStrue
                      142.251.168.84
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      52.109.32.46
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      107.178.240.159
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      52.109.28.47
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      142.250.185.195
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      142.250.186.142
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      142.250.186.110
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      142.250.184.228
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse
                      172.217.16.195
                      		unknownUnited States
                      		15169GOOGLEUSfalse

                      Private

                      IP
                      192.168.2.17

                      General Information

                      Joe Sandbox version:42.0.0 Malachite
                      Analysis ID:1640737
                      Start date and time:2025-03-17 16:41:34 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:17
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • EGA enabled
                      Analysis Mode:stream
                      Analysis stop reason:Timeout
                      Sample name:phish_alert_iocp_v1.4.48 - 2025-03-17T084047.721.eml
                      Detection:MAL
                      Classification:mal52.winEML@23/15@16/186
                      Cookbook Comments:
                      • Found application associated with file extension: .eml

                      Warnings

                      • Exclude process from analysis (whitelisted): dllhost.exe
                      • Excluded IPs from analysis (whitelisted): 52.109.28.47, 2.19.11.103, 2.19.11.102, 199.232.214.172, 52.109.32.46, 52.109.32.38, 52.109.32.39, 52.109.32.47, 20.189.173.2, 142.250.185.195, 172.217.16.206, 142.250.186.142, 142.251.168.84, 142.250.184.238, 142.250.186.46, 52.123.130.14, 20.190.159.129, 23.60.203.209, 20.109.210.53
                      • Excluded domains from analysis (whitelisted): ecs.office.com, dual-s-0005-office.config.skype.com, ecs.office.trafficmanager.net
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtOpenFile calls found.
                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                      • VT rate limit hit for: clicktime.cloud.postoffice.net

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250317T1142060719-6444.etl

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:modified
                      Size (bytes):102400
                      Entropy (8bit):4.507963180637955
                      Encrypted:false
                      SSDEEP:
                      MD5:B714DE1322C6C4E74D210A50053A7B70
                      SHA1:D88A5CBE5A84FB5E051A78B83CAC5A559FC9AF8F
                      SHA-256:638BC72298A06ACCBE8987B1263522D920E9CD999816934D3F7D796205FCE1A8
                      SHA-512:2B59C8DE1838EA88AD9252A581D736C47E340D85A636EF9A1CB7D863E4F71B9D9C18E9D8DAAF42239047009C04ADDB04B82F9A693B57E79F73854F7F8E068337
                      Malicious:false
                      Reputation:unknown
                      Preview:............................................................................d...`...,...nSB#S...................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................|..5...........nSB#S...........v.2._.O.U.T.L.O.O.K.:.1.9.2.c.:.3.c.1.9.8.4.6.6.e.9.0.e.4.c.d.3.9.b.6.2.1.3.4.3.f.d.3.5.e.2.6.a...C.:.\.U.s.e.r.s.\.t.o.r.r.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.5.0.3.1.7.T.1.1.4.2.0.6.0.7.1.9.-.6.4.4.4...e.t.l...........P.P.`...,...nSB#S...................................................................................................................................................................................................................................................................................................

                      C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:Microsoft Outlook email folder (>=2003)
                      Category:dropped
                      Size (bytes):271360
                      Entropy (8bit):3.2907446581291495
                      Encrypted:false
                      SSDEEP:
                      MD5:68105B4DE1CCF2FC4909FCCFE9BBD28C
                      SHA1:7E0F06D66385C52929B0B93CCA0E16CD33906BF0
                      SHA-256:B901511EAC3E6789FC14A07753902B9EFE29FC88D1F4546D7D62BA321CD705F0
                      SHA-512:E61C046E057FC999510E5A6785AD5D295CAAEAFA692D04D48C7A1C6B173D504A212DBF848F1BCE28454490A3A8D86B1FEB2F7AA5E7E838AC832771ECB3565CCA
                      Malicious:true
                      Reputation:unknown
                      Preview:!BDN).^.SM......\...............P.......`................@...........@...@...................................@...........................................................................$.......D.......2..............?...............N...........................................................................................................................................................................................................................................................................................(........[T.@'e.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):131072
                      Entropy (8bit):4.233092871890704
                      Encrypted:false
                      SSDEEP:
                      MD5:7F186BA96410316842744E1B3E085202
                      SHA1:161F393A64D61884657CF811E49B149517813D57
                      SHA-256:8FFE07427A7C6153DE36EDD2BA356D7C807AED2AADCDD283C59052258D8CA434
                      SHA-512:41825AEC88B86E6EFB7DE70E839C01FE849259F949BF5DD8EC9D69F223E8348A576D9D4801C9CD19D94D13418B10B05DB91F26DFC595FCC477B69E30E8897AE7
                      Malicious:true
                      Reputation:unknown
                      Preview:...0...l.......,...+4.#S........D............#.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................+.;g.D........g.0...m.......,...+4.#S........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                      Chrome Cache Entry: 63

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text
                      Category:downloaded
                      Size (bytes):788
                      Entropy (8bit):4.9019698351522845
                      Encrypted:false
                      SSDEEP:
                      MD5:CB4FD3AF4DEEBD7277FCD75A576BF633
                      SHA1:71A7BC5DE0F92581F2A9F8DCED86578E01B4856C
                      SHA-256:F6C29AE65E37D866FEFB836DB488C4D044414798EC995B2B69CD067949938DD9
                      SHA-512:1507C60248859484296F0CF5D1D0AB73BA4B2522A8D05C37773E45AE57C381BFC1FBFC1E38C2F1EE4DB626C1E4AF8C973B38FAD6C5FD74A4423FD78CFEE47E85
                      Malicious:false
                      Reputation:unknown
                      URL:https://docucdn-a.akamaihd.net/production/1ds/widgets/@ds/signing/25.3.41-7/css/font-faces.css?cs=516634927
                      Preview:/** mix ins **/..list-no-style {. list-style: none;. padding-left: 0;.}.@font-face {. font-family: 'Maven Pro';. src: url('../fonts/maven-pro/MavenPro-Regular.eot');. src: url('../fonts/maven-pro/MavenPro-Regular.eot?#iefix') format('embedded-opentype'), url('../fonts/maven-pro/MavenPro-Regular.woff') format('woff'), url('../fonts/maven-pro/MavenPro-Regular.ttf') format('truetype');. font-weight: normal;. font-style: normal;.}.@font-face {. font-family: 'Maven Pro';. src: url('../fonts/maven-pro/MavenPro-Bold.eot');. src: url('../fonts/maven-pro/MavenPro-Bold.eot?#iefix') format('embedded-opentype'), url('../fonts/maven-pro/MavenPro-Bold.woff') format('woff'), url('../fonts/maven-pro/MavenPro-Bold.ttf') format('truetype');. font-weight: bold;. font-style: normal;.}.

                      Chrome Cache Entry: 65

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PNG image data, 296 x 47, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):15408
                      Entropy (8bit):7.967239842995954
                      Encrypted:false
                      SSDEEP:
                      MD5:8FB0C8F1A5F6BEDB1582423361BB8269
                      SHA1:9156BB0608DC3D2ABF1724565ACC0C3AEBA4E900
                      SHA-256:9F91034D9D611AD1F61FD0D8BCB6418261CCF201B852A855E6CA22E6206E9E82
                      SHA-512:F753D4C28765A8C4E46A797A993003DAD76EE416258C29C55E24F0A4D0ACF2B6CA26579F128E1CD0555B0661D3410FCAC9FAF3F6E096BACAFE58620EAD3CBBAB
                      Malicious:false
                      Reputation:unknown
                      Preview:.PNG........IHDR...(.../.....PuW.....pHYs.........g..R....tIME......#..V.....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning........tEXtSource.........tEXtComment........tEXtTitle....'.. .IDATx..w|VE..?g......"..E.l`_..V4 .`E.*.t....T+*.K.$.(bY]......{C)!....{g....."..oy.^..S.....s.!f.1.q.c...G[.c..H.......W.s..8..:...h)..f..S..I..G[.c...).c..AI.....n...'.{...W..K.y%>}.g..'.i{4e<.....E.'.\..'.s.c.!.....N8i0..5.5.c.....1e.....9...%......=........4.w..[w........o....(.1..XTT...:.K...D{i9.....bu&.&m.z..&|......,/V.[2...G..c.y..%^J.E.X..)....6.:$.'.u..1.....UG......n.z.uZy..tw...ka.o.x....+....k...w....G...... .3...zKU.?..#".O..D..g.~,i...f..{..ap.@.p.g..[..\........[J........O.bz.w.W......N.....O..o.#.....p.%^..!.......H.7..a....|v.-..P..V..-.J......:R.%>5..$y..q.+..D........{.U...#.. ...-...NE.m...n.25|.e.-.....H....]^.Q.Kk..%.h.SX..m`..S...?...

                      Chrome Cache Entry: 66

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:Web Open Font Format, CFF, length 34820, version 0.0
                      Category:downloaded
                      Size (bytes):34820
                      Entropy (8bit):7.982902826695778
                      Encrypted:false
                      SSDEEP:
                      MD5:FD117C9EB999E35D64BE1515D5B2192D
                      SHA1:B0FAE4091AC17A28C47AF531A9D5B73B4C35F6BD
                      SHA-256:553582BE8A5D2779D1A9E9C3A6698FD4D365E01353D8876A7204DB68FCD1D12D
                      SHA-512:24D51DBAFDE7E5B7B1486BA3800BC8ECBAF369A2D28BBBF15096C723DC565247F9B956E8D0F28EDB535313E1B26934DFC30AF0AF700B8CB57F02926B889B2177
                      Malicious:false
                      Reputation:unknown
                      URL:https://docucdn-a.akamaihd.net/production/1ds/widgets/@ds/signing/25.3.41-7/fonts/maven-pro/MavenPro-Regular.woff
                      Preview:wOFFOTTO...........<........................CFF ......S....{..."FFTM............Z...GDEF..X4....... ....GPOS..Xt..-....DiP}7GSUB..XT... ... l.t.OS/2.......I...`.[.8cmap.......|....#G..head...0...3...6.h..hhea...d.......$....hmtx.......Q...X.xm.maxp..............P.name.......=...1.E.Lpost........... .j.fx.c`d```d8R!.0...+.7.....|Y...o.....v...``....MM...x.c`d``../.H.....1.F..............P.....x.c`b..8.....u..1...<.f........p...).,*fp`P...._......u05..X.......,......x.m.1O.@....aP.......K.B.N..&.......^...\......G../.Dc....{....\.......c.....p...u.c.W..q....q...2...gY.g.k.8...w.u.c...9n.Vu.7q..1...[.H.`...6..p."@...L.&.X....Cfg.I}..+..[.4G.q..>..Yn.4Y..v.....[...L...~.I..Rh.......Q%..Qh...u...8.N....q.c......z.9.9.....&/O...h..mR=..........ljr.. ......T....Sw`....x.c```f.`..F..8..1..,..........P..a)........L..(.(H).)().)X).QTz..........@....1.AU.+H(.UZBU2.................n...}.`...V=X.`.I...Q8.z..*..#..A.L.,.l...\.<.|...B.".b...R.2.r...J.*.j...Z.:.z...F.&.f...

                      Chrome Cache Entry: 67

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:SVG Scalable Vector Graphics image
                      Category:dropped
                      Size (bytes):3896
                      Entropy (8bit):4.786686051422741
                      Encrypted:false
                      SSDEEP:
                      MD5:855476199961A10981ADCA7432CEC048
                      SHA1:7995725A0CAC73EB6A2A1B5A8D5B162DBF47988E
                      SHA-256:6DD60FAA0E35F2DFE342C452ED414A084D384D11793BD0F0EB03C2B1C6F1405C
                      SHA-512:A9E61582FA18BCC1DD57DE8A7C194BAB0D6F733897F541A6E13B94906ADC115D65004F5A2649919FA8B8545F0C67C9313A14EAEAF42C34F630DA13CD38E17994
                      Malicious:false
                      Reputation:unknown
                      Preview:<?xml version="1.0" encoding="utf-8"?>. Generator: Adobe Illustrator 28.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->.<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px".. viewBox="0 0 1200 241.4" style="enable-background:new 0 0 1200 241.4;" xml:space="preserve">.<style type="text/css">...st0{fill:#FFFFFF;}...st1{fill:#4C00FF;}...st2{fill:#FF5252;}.</style>.<g>..<g>...<g>....<path class="st0" d="M1169.2,109.7v78.7h-28.9v-73.5c0-17.9-7.7-27.9-22.7-27.9s-24.9,10.5-27.7,28.1c-0.8,4.2-1,10.7-1,24.4.....v48.8H1060v-125h25.6c0.1,1.1,0.7,12.3,0.7,13c0,0.9,1.1,1.4,1.8,0.8c10.6-8.4,22.3-16.2,38.6-16.2.....C1153.5,60.9,1169.2,79,1169.2,109.7z"/>....<path class="st0" d="M1013.4,63.4l-0.9,14.3c-0.1,0.9-1.2,1.4-1.8,0.8c-3.5-3.3-16.4-17.5-38.3-17.5c-31.4,0-54.5,27.1-54.5,63.9.....l0,0c0,37.3,22.9,64.5,54.5,64.5c21.1,0,34-13.7,36.4-16.7c0.7-0.8,2-0.3,2,0.7c-0.3,3.8-0.8,13.3-4,21.4.....c-4,10.2-13,19.7-31.1,19.7

                      Chrome Cache Entry: 68

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text
                      Category:downloaded
                      Size (bytes):119869
                      Entropy (8bit):4.18401975910281
                      Encrypted:false
                      SSDEEP:
                      MD5:ECE7A224F69AB2205D90900589AE1D05
                      SHA1:3D861B816A5DA892C8A88D5755A5537C036239DE
                      SHA-256:FFA8C6A4CE199BFD9E32B05E0E4DECE330C6A577FB3A0E8518291619C658C486
                      SHA-512:EEF4BDD54AF95BE42224FFE605BB627293DAEA0C58A50B328ACC8B56040C81FDCB5EC8406F56856FC617A552E4D6DD28BB892467666889D27F03EE8BFCD16D7B
                      Malicious:false
                      Reputation:unknown
                      URL:https://docucdn-a.akamaihd.net/v/static/mixpanel-2-2-1b.js
                      Preview:/*. * DocuSign modified version of Mixpanel JS Library v2.2.1. * $initial_referer and $referer have been removed, as not to send any senstive information. * $initial_referring_domain and referring_domain have been retained.. *. * Mixpanel JS Library v2.2.1. *. *. * Copyright 2012, Mixpanel, Inc. All Rights Reserved. * http://mixpanel.com/. *. * Includes portions of Underscore.js. * http://documentcloud.github.com/underscore/. * (c) 2011 Jeremy Ashkenas, DocumentCloud Inc.. * Released under the MIT License.. */..// ==ClosureCompiler==.// @compilation_level ADVANCED_OPTIMIZATIONS.// @output_file_name mixpanel-2.2.min.js.// ==/ClosureCompiler==../*.Will export window.mixpanel.*/../*.SIMPLE STYLE GUIDE:..this.x == public function.this._x == internal - only use within this file.this.__x == private - only use within the class..Globals should be all caps.*/.(function(mixpanel) {. /*. * Saved references to long variable names, so that closure compiler can. * minimize file size.. */. var

                      Chrome Cache Entry: 70

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                      Category:downloaded
                      Size (bytes):2023
                      Entropy (8bit):4.885246691753262
                      Encrypted:false
                      SSDEEP:
                      MD5:F6F4CEEFAD7F8B4AD4FA3633576020D7
                      SHA1:9B6F58AEA2CC665F6CF21D7C0E2891E316057735
                      SHA-256:EF55C5012CBBA529C624FEA1A428779BEFB53ED3E40839606A4EC8AD3A63F344
                      SHA-512:C77D9D82AFFE340AA6859EF1CAF0B7A0CCE682C62B3E82276B4F7DF3C68734ED7344E4F930707B9E3646621940016F3A0840CB10A2D147F34E5DC46A3B13F130
                      Malicious:false
                      Reputation:unknown
                      URL:https://www.docusign.net/Signing/StyleSheetsDev/ErrorExpired.css
                      Preview:..btn {.. background: #111;.. border: 1px solid #111;.. border-radius: 2px;.. cursor: pointer;.. color: #fff;.. display: inline-block;.. font-family: "Maven Pro","DSIndigo",Helvetica,Arial,sans-serif; font-size: 12px;.. letter-spacing: .6px;.. line-height: 1;.. min-width: 55px;.. margin: 0;.. padding: 7px 14px;.. position: relative;.. text-align: center;.. text-decoration: none!important;.. text-transform: uppercase;.. font-weight: bold;..}.....btn-main, .btn-main.disabled:hover, .btn-main[disabled]:hover {.. background: #ffc820;.. border-color: #ffc820;.. color: #333;..}.....btn-lg {.. font-size: 14px;.. padding: 9px 18px;..}.....expireActionDiv {.. float: left;.. width:50%;..}.....expireActionDiv .newLink {.. margin-left: 50px;..}.....expireActionAccountless{.. text-align: center;..}.....expireActionAccountless .newLink{..}.....freshLink {.. margin-top: 10px;..}.....expireActionDiv .login {.. margin

                      Chrome Cache Entry: 71

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (13479), with CRLF line terminators
                      Category:downloaded
                      Size (bytes):13579
                      Entropy (8bit):5.27337657330958
                      Encrypted:false
                      SSDEEP:
                      MD5:2779F5D2F1F22353C726240E530016CC
                      SHA1:2B3F380F212C8C64E79DB1F47FA25C114AFE6FBB
                      SHA-256:16496529F57AC8915F194E00479B04AF942C33D7897BCFD9A55DD072BBEC1411
                      SHA-512:14F4E6DB8D21EFA0A01DFE6AC5C6941807B3DA8875864D736476D480167A9C7B02E60E8BE19CC2F9526B3027684661F5B11D36D3A9D44096DF86B120AF8904E6
                      Malicious:false
                      Reputation:unknown
                      URL:https://www.docusign.net/Signing/client_scripts/jQuery/jquery-migrate-3.4.1.min.js
                      Preview:/*! jQuery Migrate v3.4.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */.."undefined"==typeof jQuery.migrateMute&&(jQuery.migrateMute=!0),function(t){"use strict";"function"==typeof define&&define.amd?define(["jquery"],function(e){return t(e,window)}):"object"==typeof module&&module.exports?module.exports=t(require("jquery"),window):t(jQuery,window)}(function(s,n){"use strict";function e(e){return 0<=function(e,t){for(var r=/^(\d+)\.(\d+)\.(\d+)/,n=r.exec(e)||[],o=r.exec(t)||[],a=1;a<=3;a++){if(+o[a]<+n[a])return 1;if(+n[a]<+o[a])return-1}return 0}(s.fn.jquery,e)}s.migrateVersion="3.4.1";var t=Object.create(null);s.migrateDisablePatches=function(){for(var e=0;e<arguments.length;e++)t[arguments[e]]=!0},s.migrateEnablePatches=function(){for(var e=0;e<arguments.length;e++)delete t[arguments[e]]},s.migrateIsPatchEnabled=function(e){return!t[e]},n.console&&n.console.log&&(s&&e("3.0.0")&&!e("5.0.0")||n.console.log("JQMIGRATE: jQuery 3.x-4.x REQUIRED"),s.migrateWarning

                      Chrome Cache Entry: 72

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PNG image data, 10 x 10, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):2961
                      Entropy (8bit):7.876188909726169
                      Encrypted:false
                      SSDEEP:
                      MD5:C863DB426897325CB4805B2C20F51F30
                      SHA1:A426FE43F0CE1A489CE091CC27768CDCC2991210
                      SHA-256:2A5179B8851C8E3DFC77D7DCB33B3963AFA037608336D6AE412ACAA38AD59D22
                      SHA-512:90DA76303CDE0B81F183709D94DC96B5C3EA7B7766948AF5B81E1EBE4B887012FC611F6A0CFC50873E80AF7B73077F7CB8BD5F254A4F4848C632A68733522A68
                      Malicious:false
                      Reputation:unknown
                      Preview:.PNG........IHDR..............2.....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0..z..0... ..Q.f......Ml..@D...E......H..b!(.`.H.Pb0...dF.J|yy.......g.s..{....$O../... .'..z8.W.G....x....0Y.A..@$/7.z........H..e..O...O.T...._..lN:K.."N.....3"..$..F../JP.rb.[.}..Q..d.[..S..l1..x{..#b.G...\N..o.X3I....[ql2.....$..8.x.......t..r.p../8...p...C...f.q....K.njm.{r2.8...?......).L^6..g.,.qm."[.Z[Z....~Q....7%.."....3......R..`.j...[.~.:.. w....!.$E}k...yh.y...Rm..333..........:..}.=#.v.....e...tq.X)I)B>==......<..8..X....9<QD.h..8Q.yl....sy....0.OZ.k.(...5..H....>.....yP..........:.8......p.........Lg....k.k...$.......t.!0.V..8.7....`.........2A....@.....JP..A#h.'@.8.....:....`....`......a!2D..!UH.2.. .d..A>P ..ECq...B.....*.*.Z....:.]..B..=h...~....L...2...........5p.......N..........:|......@...QC.....!.H,.G6 .H9R.. ]H/r..A..w(......Q.(OT...JCm@..*QGQ...-.(j...MF+...6h/.*t.:.]..G7....w...7......Xa<1..

                      Chrome Cache Entry: 73

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PNG image data, 132 x 120, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):3335
                      Entropy (8bit):7.918320115454146
                      Encrypted:false
                      SSDEEP:
                      MD5:CBF7619F46ACFF9D8357EFD3561B85C5
                      SHA1:44588A0524CD6A43C4E109F0CBD315BE7234B5ED
                      SHA-256:A48E537078DF3A83F64E64715B65F2A35ED749885FB2737D3EC597D6E010ACFA
                      SHA-512:03975A72503EE0406EBEC6031ABDFA012C8586401AA99016FA4CE88FAA34A6BCFC9B431B17E816CDB5B4165B09A2E8055BC93DF03EF0A4D48B08C40E8957F454
                      Malicious:false
                      Reputation:unknown
                      Preview:.PNG........IHDR.......x.....3.Z.....gAMA......a.....IDATx..]kl.W.>3..z.k;..Z88n...G..iH...P"D.R[$..Tm1.."..DD....D)._......@...4.Kr.*.Z.@.M..u.8.;^.z...1.....wvv=3{....{...~s.Y......F4...~KTU...9." IRvbb.....?V.Z._...#....=---u..$.].FFF....v.X..9.\....[.."..C.......|N4.r,...U"y. .L.N..d3.B..y'u+..x..j @....>J....FV..d2....(..(`.^.e.........7!...d.d....?..I.....c5....o...2....t...D..Y2..0..?..j!.e.V...L....j.A{{;444h.zK...F.....s.^.Y.n....<.........).~.......y.By.'.?...a....L..V>..FG.0..{[B...,Z]].:..0p.at.V..F..E..0..X.$D<..d2..........P.....<.a.B..|=.l.T......~c.........'.....k..\.R`D..9.!PX.2.}`v....$..H$.....v-..'@..D...M....h$.^.8...=455.4........#.Cp.n...}U&[B`ip:.8...o$...H..I)...{...B`%..UE.2.....P.\.|.Q..=...!0.....N.......].v-d7x.v.d...z.T.:....2.Yl*...D.+dj..Q..oUl"..25.O....*6......'B.h.[...a.L..sMLu=.f....b.....3H-...;B".......!\.....!.].....:........s=.D..!.w.\..~...L.R..!=u...JkE......ACl..-...x..=....}...L.....$a...~.7,..

                      Chrome Cache Entry: 74

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):326
                      Entropy (8bit):6.860674885804344
                      Encrypted:false
                      SSDEEP:
                      MD5:AFE00DB89CE086B91A541C227EDBF136
                      SHA1:961B2EE6FB39C4D515BDC49EC1BA688B0916F104
                      SHA-256:E11827C678AF8519E702F364E525AC34509CAD49F8D839677E089949EDDA060E
                      SHA-512:85F265A917E83BA92FEDB2152FBFADA273FCFF2937A85B080641307FD2E61D0138493162883E016796C9F68062A01D79DA60F546EFC2CB1FB4078760EB3451F0
                      Malicious:false
                      Reputation:unknown
                      Preview:.PNG........IHDR................a....pHYs.................sRGB.........gAMA......a.....IDATx.....0...Uq...UP.|..v.K.>.O`.$.[.B....'pvJ}..B..P.h...I.!.rs.%.$....O"r!.I.m....J..........U.. ..F[.....j4<...6.b6.T!x..Y..]..;._.,..........K.F..b.~.$..M.......M....,...i....*.z...x8."C.r.{.2~.~........x...B.G.6.....IEND.B`.

                      Chrome Cache Entry: 75

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:downloaded
                      Size (bytes):4715
                      Entropy (8bit):4.741767939349022
                      Encrypted:false
                      SSDEEP:
                      MD5:2C78E50AA65E0A3EDB385617063747A0
                      SHA1:A3ABC60A1E3A9987CDADBE2960691B3EDDCA9948
                      SHA-256:BF5330A366AD2F222158251B840070469429863390494E1BCD0425E735284D85
                      SHA-512:F5F07ADBDD29646AD11D3A2FDF6E9DBE67EB5FF065291A98B22BC464067B92BA2ED2C1AA6EBF322384A90C9CFA37C185E3225B43D1B45393921FEA91C066059B
                      Malicious:false
                      Reputation:unknown
                      URL:https://www.docusign.net/Signing/StyleSheets/Framework.css
                      Preview:/*-----------------------*/..../* needs brackets to swallow error on dev */..{..}..../* This file contains the styles needed for the 2014 rebrand */..html {.. /* Prevent font scaling in landscape while allowing user zoom */.. /* Use 100% here, NEVER none. See http://blog.55minutes.com/2012/04/iphone-text-resizing/ */.. -webkit-text-size-adjust: 100%;..}..body {.. margin: 0;.. background-image: none;.. background-color: #EAEAEA;.. font-family: "DSIndigo", Arial, sans-serif !important;..}...Header {.. display: none;..}...scroll-area {.. position: absolute;.. overflow: auto;.. overflow-x: hidden;.. top: 0;.. left: 0;.. right: 0;.. bottom: 0;.. min-width: 1024px;..}...scroll-area, .Border.scroll-area {.. overflow-x: auto;..}...scroll-container {.. border-bottom: none;.. position: static;..}...clear {.. clear: both;..}..../* site content - centered w/ max-width and padding */...site-content {.. margin: 0 auto;.. max-width: 15

                      Chrome Cache Entry: 77

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (65446), with CRLF line terminators
                      Category:downloaded
                      Size (bytes):89797
                      Entropy (8bit):5.291128696884303
                      Encrypted:false
                      SSDEEP:
                      MD5:954F70F07F05742168ADCEBA796DDA72
                      SHA1:EDF8A6A066F201B1FFAD32C585BD79C9982D4433
                      SHA-256:4DA87C258ECA460D39CDB0F6158CBF69AF539D05A1D14F1BC011518511D02228
                      SHA-512:66EE57172810E0002C308C1FD5FC008C1C64573602627CA0313D97742D830C72BB7D26DD3B069E1835C5E3D6F8721F856809EB9CCEF18CE8934FF7758F645717
                      Malicious:false
                      Reputation:unknown
                      URL:https://www.docusign.net/Signing/client_scripts/jQuery/jquery-3.6.4.min.js
                      Preview:/*! jQuery v3.6.4 | (c) OpenJS Foundation and other contributors | jquery.org/license */..!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),v={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}func

                      Static File Info

                      General

                      File type:RFC 822 mail, ASCII text, with very long lines (410), with CRLF line terminators
                      Entropy (8bit):5.948309460551932
                      TrID:
                      • E-Mail message (Var. 5) (54515/1) 100.00%
                      File name:phish_alert_iocp_v1.4.48 - 2025-03-17T084047.721.eml
                      File size:35'392 bytes
                      MD5:2bab93f3dc18ae6aeac4ba56e4726125
                      SHA1:f2ee48046a5c543104ad0c5e4a267c696004e066
                      SHA256:cfd1fef2eea301d091591171e715203f4ff52870e353769eb28d79558c5d20b1
                      SHA512:8a3aba0a580279df8a0533ed5386fbfb755b6cc91fe491bcdee48430278cf0cc95a542b8aa0554c37c529b52bbc5bb86909b53f31f5e8fd0da915105914cfd27
                      SSDEEP:384:2RQKjXF8furl7Yn6WwWIVJkaeKjF/JIKUr1iEoaMBRvm/02odK4ttE3pFQRAwseX:2TZmurVYnckalh/4rRovg3LreX
                      TLSH:ADF25CE24412643AEEBA11287F017EDCA9323DCF5DF6E9E4B05B30275C9B46227513CA
                      File Content Preview:Received: from PH7PR22MB3613.namprd22.prod.outlook.com.. (2603:10b6:510:1d0::19) by MW4PR22MB3434.namprd22.prod.outlook.com with.. HTTPS; Thu, 13 Mar 2025 07:45:52 +0000..ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass;.. b=JxXwM

                      Static Mail

                      General

                      Subject:Expiration Pending: Documents for your DocuSign Signature
                      From:Tyler Richardson via Docusign <dse@docusign.net>
                      To:Jim Schlotfeldt <JSchlotfeldt@FirstFedWeb.com>
                      Cc:
                      BCC:
                      Date:Thu, 13 Mar 2025 00:45:39 -0700
                      Communications:
                      • [EXTERNAL EMAIL: Take caution with links and attachments. ] <https://www.docusign.net/Member/Image.aspx?i=logo&l=5fed9096-5ab2-4bfc-affa-8a7ebd261d39> <https://docucdn-a.akamaihd.net/olive/images/2.76.0/email/iconSignWhite.png> Tyler Richardson sent you a document to review and sign. REVIEW DOCUMENT <https://clicktime.cloud.postoffice.net/clicktime.php?U=https://www.docusign.net/Signing/EmailStart.aspx%3Fa%3D0349abe6-59fd-4941-a3fa-c96839edd019%26etti%3D24%26acct%3D5997d405-bb04-4738-bc80-c2b109861a16%26er%3D3b506db4-b6da-43ee-8300-c5b681e9553f&E=jschlotfeldt%40firstfedweb.com&X=XID497dcmHtO6860Xd1&T=FF1001&HV=U,E,X,T&H=871a15a0444af75cc2f8e90b09335b14d83f6226> Tyler Richardson Tyler.Richardson1@STERICYCLE.com I am sending you this request for your electronic signature, please review and electronically sign by following the link below. Expiration Pending: This document will expire on 3/18/2025 | 5:59:59 PM. Powered by <https://docucdn-a.akamaihd.net/olive/images/2.62.0/global-assets/email-templates/email-logo.png> Do Not Share This Email This email contains a secure link to Docusign. Please do not share this email, link, or access code with others. Alternate Signing Method Visit Docusign.com, click 'Access Documents', and enter the security code: 0349ABE659FD4941A3FAC96839EDD0191 About Docusign Sign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- Docusign provides a professional trusted solution for Digital Transaction Management. Questions about the Document? If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly. Stop receiving this email Report this email <https://clicktime.cloud.postoffice.net/clicktime.php?U=https://protect.docusign.net/report-abuse%3Fe%3DAUtomjpFak9GlbPL0zFFi13xiJ6O8BgCsBMiiiY7CRCy1baDmN4jEDCcX8_flSCGUkRGbOamgPrJWw5Hf2lxyYaDPZvObYVDjJj0F2jeI92oTXyjnTfgOP7zTbPzNZfcs-K-Pynn_s_2oiUnmysaWEdQxx71DOAGiIlV0FDDtimP9gOBxrjYT_xFVbkYPAOzuTDgqY5FGUfgpgpeO7RRDoaQwTxGHLBCJJgtrDKd58aptp5o100z5ttiL4y8_72Xkugjuu94K6-9mLNIB2DjJ188y9OppDbtVxEdfX7gqiqbFbCtOENTRdVV2RhwZ6g4tX10dge2L8P9k_zG8JhCfLP9hzxVtdQ2TxjseSOa694ntvVHQqTNKPyIfWGOjV2ycmDUThY-0h1CT6VJ-nRiAkF9hrsDDhEfEFdDoBvciPg_vn-OGvXdqXf8X9Ei989CCQ%26lang%3Den&E=jschlotfeldt%40firstfedweb.com&X=XID497dcmHtO6860Xd1&T=FF1001&HV=U,E,X,T&H=c6479a1f4522662640e7a4acab9d7b4979a942da> or read more about Declining to sign <https://clicktime.cloud.postoffice.net/clicktime.php?U=https://support.docusign.com/en/guides/Declining-to-sign-DocuSign-Signer-Guide&E=jschlotfeldt%40firstfedweb.com&X=XID497dcmHtO6860Xd1&T=FF1001&HV=U,E,X,T&H=c207d738bd2504628e5511a4bc04f77928a5411e> and Managing notifications <https://clicktime.cloud.postoffice.net/clicktime.php?U=https://support.docusign.com/en/articles/How-do-I-manage-my-email-notifications&E=jschlotfeldt%40firstfedweb.com&X=XID497dcmHtO6860Xd1&T=FF1001&HV=U,E,X,T&H=fc33276605456d3599d8b7c2659f4a35964ca95e> . If you have trouble signing, visit "How to Sign a Document <https://clicktime.cloud.postoffice.net/clicktime.php?U=https://support.docusign.com/s/articles/How-do-I-sign-a-DocuSign-document-Basic-Signing%3Flanguage%3Den_US%26utm_campaign%3DGBL_XX_DBU_UPS_2211_SignNotificationEmailFooter%26utm_medium%3Dproduct%26utm_source%3Dpostsend&E=jschlotfeldt%40firstfedweb.com&X=XID497dcmHtO6860Xd1&T=FF1001&HV=U,E,X,T&H=6ec955218ff9811fa72337987d44a1050609889f> " on our Docusign Support Center <https://clicktime.cloud.postoffice.net/clicktime.php?U=https://support.docusign.com/&E=jschlotfeldt%40firstfedweb.com&X=XID497dcmHtO6860Xd1&T=FF1001&HV=U,E,X,T&H=508571ec4f6a067d7ed83548a86598f008d08830> , or become part of the Docusign Community <https://clicktime.cloud.postoffice.net/clicktime.php?U=https://community.docusign.com/new-member-guide-142%3Futm_campaign%3DGBL_US_PRD_AWA_2405_CommunityCTA%26utm_medium%3Demail%26utm_source%3Dpostsend&E=jschlotfeldt%40firstfedweb.com&X=XID497dcmHtO6860Xd1&T=FF1001&HV=U,E,X,T&H=0826e43eb85c3eb27dfca95a27b79012d7ba0287> to access tips and guidance from peers. Download the Docusign App <https://clicktime.cloud.postoffice.net/clicktime.php?U=https://www.docusign.com/features-and-benefits/mobile%3Futm_campaign%3DGBL_XX_DBU_UPS_2211_SignNotificationEmailFooter%26utm_medium%3Dproduct%26utm_source%3Dpostsend&E=jschlotfeldt%40firstfedweb.com&X=XID497dcmHtO6860Xd1&T=FF1001&HV=U,E,X,T&H=05e9e9dcf12b2085750c903f03b9e2cd027dc40c> This message was sent to you by Tyler Richardson who is using the Docusign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request.
                      Attachments:

                        Headers

                        Key Value
                        ReceivedThu, 13 Mar 2025 00:45:53 -0700
                        ARC-Seali=1; a=rsa-sha256; d=silversky.com; s=silversky-20150623192408; t=1741851946; cv=none; b=jWw2y0L2lA67C0fMC0Uqdp3VZ9XoC8Oh+6TSMg6n4nHh11LRtYbYaDROeUstpQYRlvWgp0B0+85WQoF4X8blVMfqYt/fYrUpZ7ShLVeYyuqBUOYs9UB4CLaQo00SYVbfgwQ+/MVPe0B2y9tgXMjlUfxeyq2HMlMqppBYDiLk57I=
                        ARC-Message-Signaturei=1; a=rsa-sha256; d=silversky.com; s=silversky-20150623192408; t=1741851946; c=relaxed/simple; bh=+9xBK8o0Ib1SqvPDIk2qUAzctv08hJqtfT4xxtuqx7Q=; h=Reply-To:From:To:Date:Subject; b=fX4GD2bbNB8qC4e81CKfN4DgtPXxAeRQL70lkpAzQcxyxtW/HLNTy4UWYORY+qIvn058s4BwokAHewKuYG6lB7vtPB5jta/pSwaKP20de+f+KD7EFpJMaNTEe+qUUDuAu0zY7Y3vKL3sxMPAZ7LlvT20+ZYxRcjIyfEwJeXPikE=
                        ARC-Authentication-Resultsi=1; gwsin.silversky.com; dmarc=pass policy.dmarc=none header.from=docusign.net; dkim=pass header.d=docusign.net; spf=pass smtp.mailfrom=docusign.net; arc=none smtp.remote-ip=64.207.219.71
                        authentication-resultsspf=fail (sender IP is 165.212.64.15) smtp.mailfrom=docusign.net; dkim=fail (body hash did not verify) header.d=docusign.net;dmarc=fail action=oreject header.from=docusign.net;compauth=none reason=451
                        received-spfFail (protection.outlook.com: domain of docusign.net does not designate 165.212.64.15 as permitted sender) receiver=protection.outlook.com; client-ip=165.212.64.15; helo=postin02.mbox.net;
                        x-usanet-receivedfrom emd1.mbox.net [165.212.64.8] by gws5.mbox.net via mtad (GIT.BUILD.5.0.3133) with ESMTP id 913dcmHtn7472Ms5; Thu, 13 Mar 2025 07:45:39 -0000
                        X-USANET-TAP-Score0
                        X-USANET-Receivedfrom emd1.mbox.net [165.212.64.8] by gws5.mbox.net via mtad (GIT.BUILD.5.0.3133) with ESMTP id 913dcmHtn7472Ms5; Thu, 13 Mar 2025 07:45:39 -0000
                        Authentication-Results-Originalgwsin.silversky.com; dmarc=pass policy.dmarc=none header.from=docusign.net; dkim=pass header.d=docusign.net; spf=pass smtp.mailfrom=docusign.net; arc=none smtp.remote-ip=64.207.219.71
                        x-usanet-routed100 IN-RELAY R:gwsin-int:625
                        X-USANET-Routed100 IN-RELAY R:gwsin-int:625
                        X-USANET-GWS2-Servicegwsdin-tap preclick-never
                        X-USANET-GWS2-Tenantfirstfedweb.com
                        X-USANET-GWS2-TagidFF1001
                        X-USANET-GWS2-MailFromDnsResultDnsFound
                        X-USANET-GWS2-SecurityTLSv1.2;ECDHE-RSA-AES256-GCM-SHA384
                        x-usanet-source64.207.219.71 IN dse@docusign.net mailch.docusign.net TLS
                        x-usanet-msgidXID497dcmHtO6860Xd1
                        X-BAEAI-Trust-Score97
                        X-BAEAI-Trust-ReasonsSNDRAUTH; SNDRFRG,dse@docusign.net,dse@docusign.net,tyler.richardson1@stericycle.com; DOMFRQ,docusign.net; RCPTVIP;
                        dkim-signaturev=1; a=rsa-sha256; c=relaxed/simple; d=docusign.net; s=mail1; t=1741851929; bh=cz6JpVemvudBMoVbuuqTsyAvWoQOw9MPRmK/2PhQxCI=; h=Reply-To:Feedback-ID:From:To:Date:Subject; b=tYsH9mfLMOokHRh+zz/m//1KfWMjuLfDhc7qpRVxxuoVB7qJMedjItskHV7uR0lWH R9mHWNLR3rCarIJhzb9HdBeHZ83tQtgjk8PILSYk5wSGNe+3Oq7FRLMUhg2KZLqnt0 u2jSdgxWuzXMxGd0fXYiJSvAuN6s02Fh1suqFpx31UC3ez3AGxlPDffHoWXP7f3sB4 FKFdQYMnU4cGGNB7jVPDSqgmlO0Cj0LRVvIUp9MJjypNNv5PUmDXjfLulVEhWRckOS XaffADT53b152T6KiI9Dx+7vUMR332voVR6GYQUaPOtRR9BQMEwRhrP1ivnpPI6JQR J+CTOoPwEAXkA==
                        Recipient-Id3b506db4-b6da-43ee-8300-c5b681e9553f
                        X-DebugFalse
                        X-Email-Rejection-ModeLearningMode
                        X-Api-Hostna1.docusign.net
                        Site-Id1
                        X-BounceEmailVersion1
                        Feedback-ID 0:9712da09-95f8-484f-955d-fc2afe5ae7fa:EnvelopeActivation:Docusign_Prod
                        X-DS-Score0
                        x-originalarrivaltime13 Mar 2025 07:45:39.0073 (UTC) FILETIME=[EA0AB710:01DB93EB]
                        X-Cloudmark-Trackerv=2.4 cv=ceMZrWDM c=1 sm=1 tr=0 ts=67d28d24 b=1 cx=a_idp_d a=nb181B13qOHDySznLoq9Hw==:117 a=nb181B13qOHDySznLoq9Hw==:17 a=Vs1iUdzkB0EA:10 a=WStxHjF3j_cA:10 a=NVGBbsVXgV4A:10 a=kNsQ7D3dAAAA:20 a=BIwwpuNhAAAA:8 a=39N2h3pWAAAA:8 a=feiOQqQsDdauGTVo7eIA:9 a=QEXdDO2ut3YA:10 a=yUJ0qsD4UwsA:10 a=eBBaYUbfAAAA:8 a=KkoJFNyfAAAA:8 a=TeuQqM9sAAAA:8 a=iT_SDntDhyu4L0eqmsUA:9 a=vZptwmewwnDXdNmZ:21 a=_W_S_7VecoQA:10 a=grHilTsErcwA:10 a=t-sU-SsiEqZ4E3vAOG6D:22 a=sL09LJqxiHQXj28m4smb:22
                        X-LASED-VersionAntispam-Engine: 5.1.4, AntispamData: 2025.3.13.65728
                        X-LASED-SpamProbability0.087066
                        X-LASED-SpamNonSpam
                        X-LASED-HitsBODYTEXTH_SIZE_10000_LESS 0.000000, BODYTEXTH_SIZE_3000_MORE 0.000000, BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_SIZE_10000_PLUS 0.000000, DATE_TZ_NA 0.000000, DKIM_ALIGNS 0.000000, DKIM_SIGNATURE 0.000000, FORGERY_TARGET 0.050000, FROM_NAME_PHRASE 0.000000, HREF_LABEL_TEXT_NO_URI 0.000000, HTML_70_90 0.100000, IMGSPAM_TABLE_1 0.000000, KNOWN_MSGID 0.000000, KNOWN_MTA_TFX 0.000000, LINK_TO_IMAGE 0.000000, LIST_HEADER 0.000000, MIME_BOUND_NEXTPART 0.000000, PHISH_TRUSTED_RDNS 0.000000, REPLYTO_FROM_DIFF_ADDY 0.100000, SENDER_NO_AUTH 0.000000, SUPERLONG_LINE 0.050000, SUSP_DH_NEG 0.000000, SXL_IP_TFX_WM 0.000000, TEXT_DIRECTION 0.000000, __ANY_URI 0.000000, __ATTACH_CTE_QUOTED_PRINTABLE 0.000000, __BODY_NO_MAILTO 0.000000, __BODY_TEXT_X4 0.000000, __CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTYPE_HAS_BOUNDARY 0.000000, __CTYPE_MULTIPART 0.000000, __CTYPE_MULTIPART_ALT 0.000000, __DKIM_ALIGNS_1 0.000000, __DKIM_ALIGNS_2 0.000000, __DOCUSIGN_DKIM 0.000000, __DOCUSIGN_MSGID 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __FILESHARE_PHRASE 0.000000, __FROM_3RD_PARTY 0.000000, __FROM_DOCUSIGN 0.000000, __FROM_DOMAIN_DOCUSIGN 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FROM_SHIPPING 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_HTML 0.000000, __HAS_MSGID 0.000000, __HAS_REPLYTO 0.000000, __HAS_SENDER 0.000000, __HAS_XOAT 0.000000, __HEADER_ORDER_FROM 0.000000, __HELO_SHIPPING 0.000000, __HREF_LABEL_IMG 0.000000, __HREF_LABEL_PHISH 0.000000, __HREF_LABEL_TEXT 0.000000, __HTML_AHREF_TAG 0.000000, __HTML_ATTR_DIR 0.000000, __HTML_BAD_END 0.000000, __HTML_BOLD 0.000000, __HTML_ENTITIES_X4 0.000000, __HTML_HREF_TAG_X2 0.000000, __HTML_TAG_CENTER 0.000000, __HTML_TAG_DIV 0.000000, __HTML_TAG_IMG_X2 0.000000, __HTML_TAG_TABLE 0.000000, __HTTPS_URI 0.000000, __HTTP_IMAGE_TAG 0.000000, __IMGSPAM_TABLE_1 0.000000, __IMG_THEN_TEXT 0.000000, __IMP_BRAND_DN 0.000000, __IMP_BRAND_DN_WORDS 0.000000, __IMP_BRAND_ORG_DOMAINS 0.000000, __IMP_FROM_IN_EXCLUSION_LIST 0.000000, __MIME_HTML 0.000000, __MIME_TEXT_H 0.000000, __MIME_TEXT_H1 0.000000, __MIME_TEXT_H2 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_TEXT_P2 0.000000, __MIME_VERSION 0.000000, __MSGID_32HEX 0.000000, __MULTIPLE_URI_HTML 0.000000, __MULTIPLE_URI_TEXT 0.000000, __NEXTPART_ALL 0.000000, __PART_TYPE_HTML 0.000000, __PHISH_PHRASE10 0.000000, __PHISH_SPEAR_SUBJECT 0.000000, __PHISH_SPEAR_SUBJ_PREDICATE 0.000000, __PHISH_SPEAR_SUBJ_SUBJECT 0.000000, __RCVD_DOCUSIGN 0.000000, __RCVD_FROM_DOMAIN 0.000000, __RCVD_SHIPPING 0.000000, __RDNS_DOCUSIGN 0.000000, __SANE_MSGID 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000, __TAG_EXISTS_BODY 0.000000, __TAG_EXISTS_HEAD 0.000000, __TAG_EXISTS_HTML 0.000000, __TAG_EXISTS_META 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_ENDS_IN_SLASH 0.000000, __URI_HAS_HYPHEN_USC 0.000000, __URI_IN_BODY 0.000000, __URI_IN_BODY_HTTP_X10 0.000000, __URI_MAILTO 0.000000, __URI_NOT_IMG 0.000000, __URI_NS 0.000000, __URI_WITHOUT_PATH 0.000000, __URI_WITH_PATH 0.000000
                        X-LASED-ImpersonationFalse
                        X-Sophos-Tracker0.087066 5522e05493c547fb7beffe84d9248813e07c48fa
                        X-BAEAI-Source-GeoIP"US" "N/A" "N/A"
                        X-BAEAI-SPFPASS
                        X-BAEAI-DKIMPASS
                        X-BAEAI-DMARCpass
                        X-SilverSky-ARCnone
                        X-BAEAI-Authentication-Ratingstrong
                        x-spam-statusWHITELISTED
                        X-BAEAI-Trust-Levelgreen
                        Return-Pathdse@docusign.net
                        X-MS-Exchange-Organization-ExpirationStartTime13 Mar 2025 07:45:47.2964 (UTC)
                        X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                        X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                        X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                        X-MS-Exchange-Organization-Network-Message-Id 02555b8e-8937-40f0-82ca-08dd62031168
                        X-EOPAttributedMessage0
                        X-EOPTenantAttributedMessage3778f0b2-789a-4d43-b25e-d4fe25a4c3c0:0
                        X-MS-Exchange-Organization-MessageDirectionalityIncoming
                        x-ms-publictraffictypeEmail
                        x-ms-traffictypediagnostic CH3PEPF00000013:EE_|PH7PR22MB3613:EE_|MW4PR22MB3434:EE_
                        x-ms-exchange-organization-authsource CH3PEPF00000013.namprd21.prod.outlook.com
                        x-ms-exchange-organization-authasAnonymous
                        x-ms-office365-filtering-correlation-id 02555b8e-8937-40f0-82ca-08dd62031168
                        x-ms-exchange-atpmessagepropertiesSA|SL
                        X-MS-Exchange-Organization-SCL-1
                        X-MS-Exchange-Organization-BypassClutter$true
                        x-microsoft-antispam BCL:3;ARA:13230040|3092899012|5062899012|13102899012|2092899012|82310400026|1032899013|5063199012|6062899009|5082899009|35002699018|4123199012|3072899012|5073199012|13012899012|4092899012|69100299015|12012899012|13003099007|8096899003|2066899003|5023399003|40103499003;
                        x-forefront-antispam-report CIP:165.212.64.15;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:NSPM;H:postin02.mbox.net;PTR:postin02.mbox.net;CAT:NONE;SFS:(13230040)(3092899012)(5062899012)(13102899012)(2092899012)(82310400026)(1032899013)(5063199012)(6062899009)(5082899009)(35002699018)(4123199012)(3072899012)(5073199012)(13012899012)(4092899012)(69100299015)(12012899012)(13003099007)(8096899003)(2066899003)(5023399003)(40103499003);DIR:INB;
                        x-ms-exchange-crosstenant-originalarrivaltime13 Mar 2025 07:45:47.0933 (UTC)
                        x-ms-exchange-crosstenant-network-message-id 02555b8e-8937-40f0-82ca-08dd62031168
                        x-ms-exchange-crosstenant-id3778f0b2-789a-4d43-b25e-d4fe25a4c3c0
                        x-ms-exchange-crosstenant-authsource CH3PEPF00000013.namprd21.prod.outlook.com
                        x-ms-exchange-crosstenant-authasAnonymous
                        x-ms-exchange-crosstenant-fromentityheaderInternet
                        x-ms-exchange-transport-crosstenantheadersstampedPH7PR22MB3613
                        x-ms-exchange-transport-endtoendlatency00:00:05.4396340
                        x-ms-exchange-processed-by-bccfoldering15.20.8534.017
                        X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910005)(944506478)(944626604)(4710137)(4713020)(4714040)(470014026)(920097)(930097)(140003);
                        X-Microsoft-Antispam-Message-Info cRhwwjjTcOKNY8Hr4B7CAlpYDGIkvPsNQ2WjdKD82QsAV7at0wiIUovp/ebR8XnvvaoXvVSmNUCmrL/JSEhDDsB18ADT1GcfRI5uid019TLxN5wUskrdJEtaWyo+vbxYagMRd0K2/h9eWn4XzVwegAyKzFVaUV6C/fM75pPWFKVPEcO35IH+jgimUW553gFF4dYumIqvzYZDPT+7+ECzAoNonFZUbeKZLjlKXaSoiIGWdtQDqcHB4whJUJdYFUPYeC/RB9pIhIdFYyirS/doniT34DXWg9mXJm5CouEll+4eq6/P5lKfX/JOCoLQc56gO0NS92Zbuvi5NO20QbcUgXhSpbt/zWNb8HXwigNCREgLU0V8Z8BliSgnSvoCgxdEbFsy4lB48Ooj5jENMjdj5PLU1F6rdktws6KBGacrYosEE4EXJybxT6Uej7A/dfaeqLFEJmn47/yQq9oSB+aLOVq4A3CLjXWEIiPqhRoSzgNESKWuLUvKRNAw/25plW++PYjfk80FhH9slVOxQdvoYcNGHVjI+VbyJlVw8zzyJmaCzw9uilTOYabVKf6af2myxQIjw/XyytMSzFTL+Q5w+0PT4UadBCk+TLS1wZ/6AcQv2wEPDdwH1lTHTPWPAzpKPIWU3L8oAAy8Ttr81sR+dyEBpRf/czvAGLuu2Y6r7If92t6nkAkVhARbr0ox/IsEbHy3UqTpcBUJ63n+lXK6ci0+Xt/y5LeTYbI/Wn5y2AR6eZ7WoDwwOZY2YA0k9FLNBTzy/zHKrUDy+eAJRqQBwIeKTbI6wM0vLFTYRthV/yxhiQ1yS6PYQsz2HTnW+picq1LG2cDR317LDqKqH4QB5aAb+Swd0e0626HBbwDt+RNkaRw7uRWmWwhp7O621BUrP5MS5lCZyMy5OAUQzyEHWQlYNSwY4rWDp3q5oCMgQ78+VH/CHk8iGII5kIm4QcH2laSrES5eZOI6MPRqhHBweeXU2ZbjEyKgMA4euuIF4szpIgVIyFgWUzP0EZ6N7u+DvRVGI0wWS65UUpIHUZDfPzG2VWESPD89T2N3jiClVwg5+qh3TRER4vWGlr/iTdJt0IonKMcCNj42x4JwoarD46vL75Rc+WaMMwHJYriIJROtjFG4sedkqETK+EMQluPX/ez27Y4dQtLmKS3HsdT9LSLDaMa2+2NOAp7sEcT7BHsE1GPzyvaUdEPG0N01PblD4XZiwKbbkx334T1f6987hoFmTTA5QK6qpput+6+l/5f0rA3K5AbKoQFJs3W5jxhcUs8PUhAiPnMYzxSNIYzUTEAU0piz1X60EtWGWL4CT1RkkAJ6zjT51xQQDBzONpD+Su4MHxiVSt55ldpBMOkk0VrFOCNLEYTEqppkeegm5bRzvlyK1HtjZKcOWwl/Q6aPp6rO0md1h2qFY8NDZapJwJrZrkJQPDsiOGK3W/gPJsvaSbvz8AJFWeu8nDIbQTdcmeKdjbSzZmdJpysGSLgK10pgEt2qxuaUKPHjwhCfFRvJ86t0nS8BHh8OMEEHSqoSP5DstdeHIN4UKk0f9VfAiBWHYC4zWBTS04iSd+PC3Ut5nTaD2pcX2VmtG7ftvTDCuAKCO6sr7n+grWDuFfFlpli/OP72LgDOjXT2DWMzj4aknjzAlOGxx1bVemVyco7FDwpvqql7KyI3HDN5RJ6Pc7sFPXmpqf/WEiV/hD1Trh67z/NJVbHJhN5fkHEBHadqAXzLEvuoGyrDB9L+wJo9/+azXA87VkvUq/XlQ6E/IZe3mzP44poustZnNthM24wcVrsSYyg9129YUCLQwj5PC4uoP/Dg+lmcw1enWGADYJJNQuN3CHO331mUh45kJO5x4vOCBRNR3J4jy0kBxcJWcA8+C0b/SRxtmKSfEy9yfZprM1mnWe6ooa8uozr3gN77SSsoFQjYMb01rkmfDqhH5YJ9t6CFq2fNw5F1LNb/pBvADecnWBA/2e7wFpBWRlPakeCbkNX+peI8S2OvEoBh7ae6w8QIjWRmNoT1hi6h5607DXkUZA7tWd9y5fxwT7u658Gje7l3jJHhM3MfAUcA8GrSaAeiwol+JfH6ZtNwBVyYtJWIDaiQ7ABWxvnSepxgPGKwViVf1rVhr4+k+RSJDhzbJxvPJ4SPJ4Nqc4z0xRvj2SlbppqIPoCagsOa5Ga3E3OQ12OyYJZhBxUuXwd5ywl1hgYwxxR2vh4syTYYiNwY1fnENJtdY4LDNxcZJQSrZWTEHkJcEV6Qq9QxUqu0gx1GPleHDzHmEx66/k4QjYvDaEYuJrs0rEHILtI+0QlWhxQNk7mWwLtXsZ0FZh6/Y2TqEX+HeXltw2592LvSVDE=
                        x-ms-exchange-organization-originalclientipaddress165.212.64.15
                        x-ms-exchange-organization-originalserveripaddress10.167.244.118
                        SenderDocuSign System <dse@docusign.net>
                        X-Priority3
                        X-MSMail-PriorityNormal
                        Thread-IndexAQHbk+vyp+0RS1TOW0mhIOdDgzsMpQ==
                        Message-ID<8bace477ddcb4bf98ea7e49750f59703@docusign.net>
                        FromTyler Richardson via Docusign <dse@docusign.net>
                        ToJim Schlotfeldt <JSchlotfeldt@FirstFedWeb.com>
                        SubjectExpiration Pending: Documents for your DocuSign Signature
                        DateThu, 13 Mar 2025 00:45:39 -0700
                        Reply-ToTyler Richardson <Tyler.Richardson1@STERICYCLE.com>
                        MIME-Version1.0
                        Content-typeMultipart/alternative; charset="utf-8"; boundary="00B0FEED_message_boundary"
                        Content-DescriptionMultipart message

                        File Icon

                        Icon Hash:46070c0a8e0c67d6