Windows Analysis Report
https://eu.docusign.net/Signing/EmailStart.aspx?a=4f36596b-bff7-4c3c-919f-93ae8c465376&etti=24&acct=fb5f22a1-f0a2-42c9-bd4c-56db9630e6df&er=58eaa311-c8bf-4f24-b282-c3af529b87b9

Overview

General Information

Sample URL: https://eu.docusign.net/Signing/EmailStart.aspx?a=4f36596b-bff7-4c3c-919f-93ae8c465376&etti=24&acct=fb5f22a1-f0a2-42c9-bd4c-56db9630e6df&er=58eaa311-c8bf-4f24-b282-c3af529b87b9
Analysis ID: 1546692
Infos:

Detection

Score: 2
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

HTML body contains low number of good links
HTML page contains hidden javascript code
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic

Classification

HTML body contains low number of good links
Source: https://account.docusign.com/ HTTP Parser: Number of links: 1
HTML page contains hidden javascript code
Source: https://eu.docusign.net/Signing/ActivateNotFound.aspx?active=false&e=6bf25f0a-afd1-423d-bfda-1024d360360f&la=en-GB&scope=1b25b3f9-649a-4d5a-80dd-0dc43a66be73 HTTP Parser: Base64 decoded: documentElement) != 'undefined' && typeof(document.documentElement.offsetWidth) != 'undefined' && document.documentElement.offsetWidth != 0) { size = [ document.documentElement.offsetWidth, document.documentElement.offsetheight ]; } else { size = [ doc...
Source: https://account.docusign.com/ HTTP Parser: No <meta name="author".. found
Source: https://account.docusign.com/ HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49744 version: TLS 1.2
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.16:49744
Source: Network traffic Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.16:49735
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: global traffic HTTP traffic detected: GET /track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyIkb3MiOiAiV2luZG93cyIsIiRicm93c2VyIjogIkNocm9tZSIsIiRyZWZlcnJpbmdfZG9tYWluIjogImV1LmRvY3VzaWduLm5ldCIsIiRzY3JlZW5faGVpZ2h0IjogMTAyNCwiJHNjcmVlbl93aWR0aCI6IDEyODAsIm1wX2xpYiI6ICJ3ZWIiLCJkaXN0aW5jdF9pZCI6ICI5RDFCNUNGN0U3OTc3QzE1NzE2M0E1MURGRjQ3NjZDNzZENTdBQzU2IiwiJGluaXRpYWxfcmVmZXJyaW5nX2RvbWFpbiI6ICJldS5kb2N1c2lnbi5uZXQiLCJtcF9wYWdlIjogImV1LmRvY3VzaWduLm5ldCIsIm1wX3JlZmVycmVyIjogImV1LmRvY3VzaWduLm5ldCIsIm1wX2Jyb3dzZXIiOiAiQ2hyb21lIiwibXBfcGxhdGZvcm0iOiAiV2luZG93cyIsInRva2VuIjogIjMwNGNjYmRlMjRkM2IxNWZmZTJkNWRlMzBjMTBkYWIyIn19&ip=1&_=1730464806922 HTTP/1.1Host: api.mixpanel.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://eu.docusign.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.docusign.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyIkb3MiOiAiV2luZG93cyIsIiRicm93c2VyIjogIkNocm9tZSIsIiRyZWZlcnJpbmdfZG9tYWluIjogImV1LmRvY3VzaWduLm5ldCIsIiRzY3JlZW5faGVpZ2h0IjogMTAyNCwiJHNjcmVlbl93aWR0aCI6IDEyODAsIm1wX2xpYiI6ICJ3ZWIiLCJkaXN0aW5jdF9pZCI6ICI5RDFCNUNGN0U3OTc3QzE1NzE2M0E1MURGRjQ3NjZDNzZENTdBQzU2IiwiJGluaXRpYWxfcmVmZXJyaW5nX2RvbWFpbiI6ICJldS5kb2N1c2lnbi5uZXQiLCJtcF9wYWdlIjogImV1LmRvY3VzaWduLm5ldCIsIm1wX3JlZmVycmVyIjogImV1LmRvY3VzaWduLm5ldCIsIm1wX2Jyb3dzZXIiOiAiQ2hyb21lIiwibXBfcGxhdGZvcm0iOiAiV2luZG93cyIsInRva2VuIjogIjMwNGNjYmRlMjRkM2IxNWZmZTJkNWRlMzBjMTBkYWIyIn19&ip=1&_=1730464806922 HTTP/1.1Host: api.mixpanel.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=+6lmBHO9doagBW6&MD=pC+Y5gnr HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=+6lmBHO9doagBW6&MD=pC+Y5gnr HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic DNS traffic detected: DNS query: eu.docusign.net
Source: global traffic DNS traffic detected: DNS query: docucdn-a.akamaihd.net
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: api.mixpanel.com
Source: global traffic DNS traffic detected: DNS query: account.docusign.com
Source: global traffic DNS traffic detected: DNS query: telemetry.docusign.net
Source: chromecache_74.1.dr String found in binary or memory: http://blog.55minutes.com/2012/04/iphone-text-resizing/
Source: chromecache_75.1.dr, chromecache_79.1.dr String found in binary or memory: http://dbj.org/dbj/?p=286
Source: chromecache_75.1.dr, chromecache_79.1.dr String found in binary or memory: http://dean.edwards.name/weblog/2005/10/add-event/
Source: chromecache_75.1.dr, chromecache_79.1.dr String found in binary or memory: http://documentcloud.github.com/underscore/
Source: chromecache_73.1.dr, chromecache_100.1.dr String found in binary or memory: http://eligrey.com
Source: chromecache_75.1.dr, chromecache_79.1.dr String found in binary or memory: http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/
Source: chromecache_75.1.dr, chromecache_79.1.dr String found in binary or memory: http://mixpanel.com/
Source: chromecache_75.1.dr, chromecache_79.1.dr String found in binary or memory: http://www.ecma-international.org/ecma-262/5.1/#sec-12.4
Source: chromecache_77.1.dr, chromecache_84.1.dr String found in binary or memory: http://www.gimp.org/xmp/
Source: chromecache_75.1.dr, chromecache_79.1.dr String found in binary or memory: https://developer.mozilla.org/en-US/docs/DOM/XMLHttpRequest#withCredentials
Source: chromecache_73.1.dr, chromecache_100.1.dr String found in binary or memory: https://gist.github.com/1129031
Source: chromecache_75.1.dr, chromecache_79.1.dr String found in binary or memory: https://gist.github.com/1930440
Source: chromecache_75.1.dr, chromecache_79.1.dr String found in binary or memory: https://github.com/douglascrockford/JSON-js/blob/master/json_parse.js
Source: chromecache_91.1.dr String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_91.1.dr String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.25.0/LICENSE
Source: chromecache_91.1.dr String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.36.1/LICENSE
Source: chromecache_80.1.dr, chromecache_91.1.dr String found in binary or memory: https://www.docusign.ca/company/privacy-policy
Source: chromecache_80.1.dr, chromecache_91.1.dr String found in binary or memory: https://www.docusign.ca/company/terms-and-conditions/web
Source: chromecache_80.1.dr, chromecache_91.1.dr String found in binary or memory: https://www.docusign.co.uk/company/privacy-policy
Source: chromecache_80.1.dr, chromecache_91.1.dr String found in binary or memory: https://www.docusign.co.uk/company/terms-and-conditions/web
Source: chromecache_80.1.dr, chromecache_91.1.dr String found in binary or memory: https://www.docusign.com.au/company/privacy-policy
Source: chromecache_80.1.dr, chromecache_91.1.dr String found in binary or memory: https://www.docusign.com.au/company/terms-and-conditions/web
Source: chromecache_80.1.dr, chromecache_91.1.dr String found in binary or memory: https://www.docusign.com.br/politica-de-privacidade
Source: chromecache_80.1.dr, chromecache_91.1.dr String found in binary or memory: https://www.docusign.com.br/termos-uso
Source: chromecache_91.1.dr String found in binary or memory: https://www.docusign.com/company/privacy-policy
Source: chromecache_91.1.dr String found in binary or memory: https://www.docusign.com/company/terms-and-conditions/web
Source: chromecache_80.1.dr, chromecache_91.1.dr String found in binary or memory: https://www.docusign.de/unternehmen/agb
Source: chromecache_80.1.dr, chromecache_91.1.dr String found in binary or memory: https://www.docusign.de/unternehmen/datenschutz
Source: chromecache_80.1.dr, chromecache_91.1.dr String found in binary or memory: https://www.docusign.es/empresa/condiciones-de-uso/web
Source: chromecache_80.1.dr, chromecache_91.1.dr String found in binary or memory: https://www.docusign.es/empresa/politica-de-privacidad
Source: chromecache_80.1.dr, chromecache_91.1.dr String found in binary or memory: https://www.docusign.fr/conditions-generales-d-utilisation
Source: chromecache_80.1.dr, chromecache_91.1.dr String found in binary or memory: https://www.docusign.fr/societe/politique-de-confidentialite
Source: chromecache_80.1.dr, chromecache_91.1.dr String found in binary or memory: https://www.docusign.jp/company/privacy-policy
Source: chromecache_80.1.dr, chromecache_91.1.dr String found in binary or memory: https://www.docusign.jp/company/terms-and-conditions/web
Source: chromecache_80.1.dr, chromecache_91.1.dr String found in binary or memory: https://www.docusign.mx/compania/condiciones-de-uso/web
Source: chromecache_80.1.dr, chromecache_91.1.dr String found in binary or memory: https://www.docusign.mx/compania/politica-de-privacidad
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49744 version: TLS 1.2
Source: classification engine Classification label: clean2.win@18/56@24/5
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1892,i,11646174703955141776,15474445982427708700,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eu.docusign.net/Signing/EmailStart.aspx?a=4f36596b-bff7-4c3c-919f-93ae8c465376&etti=24&acct=fb5f22a1-f0a2-42c9-bd4c-56db9630e6df&er=58eaa311-c8bf-4f24-b282-c3af529b87b9"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1892,i,11646174703955141776,15474445982427708700,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1546692 URL: https://eu.docusign.net/Sig... Startdate: 01/11/2024 Architecture: WINDOWS Score: 2 5 chrome.exe 9 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.16, 138, 443, 49424 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 130.211.34.183, 443, 49733 GOOGLEUS United States 10->17 19 www.google.com 172.217.18.100, 443, 49716, 49756 GOOGLEUS United States 10->19 21 5 other IPs or domains 10->21
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
130.211.34.183
 unknown United States
15169 GOOGLEUS false
35.190.25.25
 api.mixpanel.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
172.217.18.100
 www.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.16

Contacted Domains

Name IP Active
www.google.com 172.217.18.100 true
api.mixpanel.com 35.190.25.25 true
account.docusign.com unknown unknown
eu.docusign.net unknown unknown
telemetry.docusign.net unknown unknown
docucdn-a.akamaihd.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://account.docusign.com/ false
    		unknown
    https://eu.docusign.net/Signing/ActivateNotFound.aspx?active=false&e=6bf25f0a-afd1-423d-bfda-1024d360360f&la=en-GB&scope=1b25b3f9-649a-4d5a-80dd-0dc43a66be73 false
      		unknown