Edit tour
Windows
Analysis Report
https://eu.docusign.net/Signing/EmailStart.aspx?a=4f36596b-bff7-4c3c-919f-93ae8c465376&etti=24&acct=fb5f22a1-f0a2-42c9-bd4c-56db9630e6df&er=58eaa311-c8bf-4f24-b282-c3af529b87b9
Overview
General Information
| Sample URL: | https://eu.docusign.net/Signing/EmailStart.aspx?a=4f36596b-bff7-4c3c-919f-93ae8c465376&etti=24&acct=fb5f22a1-f0a2-42c9-bd4c-56db9630e6df&er=58eaa311-c8bf-4f24-b282-c3af529b87b9 |
| Analysis ID: | 1546692 |
| Infos: | |
 | |
Detection
| Score: | 2 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
HTML body contains low number of good links
HTML page contains hidden javascript code
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Classification
- System is w10x64_ra
chrome.exe (PID: 6336 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6956 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2184 --fi eld-trial- handle=189 2,i,116461 7470395514 1776,15474 4459824277 08700,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6576 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://eu.do cusign.net /Signing/E mailStart. aspx?a=4f3 6596b-bff7 -4c3c-919f -93ae8c465 376&etti=2 4&acct=fb5 f22a1-f0a2 -42c9-bd4c -56db9630e 6df&er=58e aa311-c8bf -4f24-b282 -c3af529b8 7b9" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-01T13:40:10.332874+0100 | 2022930 | 1 | A Network Trojan was detected | 20.109.210.53 | 443 | 192.168.2.16 | 49735 | TCP |
| 2024-11-01T13:40:47.647605+0100 | 2022930 | 1 | A Network Trojan was detected | 172.202.163.200 | 443 | 192.168.2.16 | 49744 | TCP |
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | Window detected: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| www.google.com | 172.217.18.100 | true | false | unknown | |
| api.mixpanel.com | 35.190.25.25 | true | false | unknown | |
| account.docusign.com | unknown | unknown | false | unknown | |
| eu.docusign.net | unknown | unknown | false | unknown | |
| telemetry.docusign.net | unknown | unknown | false | unknown | |
| docucdn-a.akamaihd.net | unknown | unknown | false | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | unknown | ||
| false | unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 130.211.34.183 | unknown | United States | 15169 | GOOGLEUS | false | |
| 35.190.25.25 | api.mixpanel.com | United States | 15169 | GOOGLEUS | false | |
| 239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
| 172.217.18.100 | www.google.com | United States | 15169 | GOOGLEUS | false |
| IP |
|---|
| 192.168.2.16 |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1546692 |
| Start date and time: | 2024-11-01 13:39:31 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 3m 34s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
| Sample URL: | https://eu.docusign.net/Signing/EmailStart.aspx?a=4f36596b-bff7-4c3c-919f-93ae8c465376&etti=24&acct=fb5f22a1-f0a2-42c9-bd4c-56db9630e6df&er=58eaa311-c8bf-4f24-b282-c3af529b87b9 |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 13 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | CLEAN |
| Classification: | clean2.win@18/56@24/5 |
| EGA Information: | Failed |
| HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 172.217.16.195, 172.217.18.14, 142.251.168.84, 185.81.100.28, 34.104.35.123, 2.16.168.5, 2.16.168.6, 2.19.126.227, 2.19.126.218, 185.81.100.38, 185.81.100.37, 2.20.245.133, 2.20.245.140, 142.250.186.74, 142.250.184.202, 142.250.185.138, 172.217.18.106, 142.250.185.202, 142.250.186.106, 142.250.185.234, 142.250.185.170, 142.250.181.234, 142.250.186.42, 142.250.185.74, 142.250.186.138, 172.217.18.10, 142.250.186.170, 142.250.184.234, 172.217.16.202, 142.250.185.99, 185.81.101.86, 142.250.186.142
- Excluded domains from analysis (whitelisted): clients1.google.com, eu.docusign.net.akadns.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, eu-northeast.docusign.net.akadns.net, clientservices.googleapis.com, telemetry-eu.docusign.net.akadns.net, docucdn-a.akamaihd.net.edgesuite.net, account-eu.docusign.com.akadns.net, fe3cr.delivery.mp.microsoft.com, account-geo.docusign.com.akadns.net, a1737.b.akamai.net, clients2.google.com, edgedl.me.gvt1.com, telemetry-geo.docusign.net.akadns.net, update.googleapis.com, clients.l.google.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: https://eu.docusign.net/Signing/EmailStart.aspx?a=4f36596b-bff7-4c3c-919f-93ae8c465376&etti=24&acct=fb5f22a1-f0a2-42c9-bd4c-56db9630e6df&er=58eaa311-c8bf-4f24-b282-c3af529b87b9
⊘No simulations
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2673 |
| Entropy (8bit): | 3.980910772900234 |
| Encrypted: | false |
| SSDEEP: | 48:8edxoTRs+pHgidAKZdA1FehwiZUklqehry+3:83Pcky |
| MD5: | 9119950AF18B0ACD73C111F033C826B1 |
| SHA1: | 8BFDF550219D62AD7E1CDBF7D244C4A2CBB37047 |
| SHA-256: | 381DF4B5E7CFAF3F4BC045C99EF7D551B833254B54EFACDB7660FB1925713794 |
| SHA-512: | 039BA027A4B9482017BD936598DD53869342269153032AE3C3727FF1C11649D073F974FA9D9AA14A8C67ABCD362B94525C230E2AD58AA3C664CECFA189E1411B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2675 |
| Entropy (8bit): | 3.9950630030779277 |
| Encrypted: | false |
| SSDEEP: | 48:8AdxoTRs+pHgidAKZdA1seh/iZUkAQkqehUy+2:8hPS9Qpy |
| MD5: | BEA086A53B60FFC86B36B33FE01F8965 |
| SHA1: | 5AEB143432FC1A8A55C4BA5648C11EBD3B529623 |
| SHA-256: | D493010923CE471832AE41B2E4F279539765C4BEA7B5BB640D0FE44A3CAC38FB |
| SHA-512: | 116D1459397DD49D078BD2B0867D6AF3B94F28553757347125480ED5D41652D2410103AF5216C92DA4C62FA3B0CD7490597F81C3F2C9AE0B3DBE069C67BD0289 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2689 |
| Entropy (8bit): | 4.0052799248147695 |
| Encrypted: | false |
| SSDEEP: | 48:8adxoTRs+AHgidAKZdA14meh7sFiZUkmgqeh7siy+BX:8DP9noy |
| MD5: | DA89EF74E1313785F596D158A377D6C5 |
| SHA1: | 59A7C7E8A116FECDC977C9A57D05AF0243426D15 |
| SHA-256: | E8869F0A4440A5A023DD58F6CFF466746D53069A62C2E63B62F94EDE25E6C4D9 |
| SHA-512: | 24946002FFA7791E70EFD9DFDDC29AEECE356CAA9616F43F8981F6860AE1357AE0F1CBAE1860C870FB39C41656533C147913C4040D2958A75A9AA574DA3ACB2F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2677 |
| Entropy (8bit): | 3.9942778990687895 |
| Encrypted: | false |
| SSDEEP: | 48:8XtOdxoTRs+pHgidAKZdA1TehDiZUkwqehgy+R:89nPJay |
| MD5: | 608AC4A85A67BDA8D8EF1220C5720D4D |
| SHA1: | 321065740D2A947326B199B12F5C4D52190BBBD7 |
| SHA-256: | 5AFE39F51A721C2B78AE27D50AE9B36AA140B010666422B485326D9CD97C9AB4 |
| SHA-512: | 6F3EECB26F4A6BC628A11A0D1B3647CD4283C50121365CFBB0CF801BBEEFFA0BCC7C1DDAF3CADDDE0256380111105BFCA8581A02CBFBA835FC4846234D93D4AA |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2677 |
| Entropy (8bit): | 3.9831194826303458 |
| Encrypted: | false |
| SSDEEP: | 48:8FdxoTRs+pHgidAKZdA1dehBiZUk1W1qehmy+C:8iPZ9Gy |
| MD5: | 5FCD6633FA46D0A2FDBDAD892C980C8F |
| SHA1: | 02AB7505AE825B716422E2B6A3D6BF75B75514B4 |
| SHA-256: | 3799A91B09307448D54AF176D98D0A2EA7D95CD3EBDADDCEE4F046202A75F210 |
| SHA-512: | 40DD0707F3259178D50A520D4EDE54745DEFA0F841F0E37FD67775931B8904A09B9FFFCF607FB28A33E8F4D5E8647417BC532BE1E4B2BFE1C8C2FD98741B3F2B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2679 |
| Entropy (8bit): | 3.9917644006485657 |
| Encrypted: | false |
| SSDEEP: | 48:88dxoTRs+pHgidAKZdA1duTeehOuTbbiZUk5OjqehOuTboy+yT+:89PhTfTbxWOvTboy7T |
| MD5: | 6A742311A12BB6F709695299BF152876 |
| SHA1: | 5FC2CE66B4662AE593BA4F4E82DBB508432F9D69 |
| SHA-256: | 6506B74232A8B47A4A2B46F596EFC56D65C5AA088821D8A7CAE19088429C9763 |
| SHA-512: | 18B88FD217702A5B34EE387C0D75BECEA1AB31025C723E0C78E190D2546870FAF653BB90E0803035F0DD2DE01D50729AD4228D0E9732FC200321CC1A867F7351 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1103 |
| Entropy (8bit): | 4.966187896639915 |
| Encrypted: | false |
| SSDEEP: | 24:SpkpXfnRZMyeo/MxNqyPdUs4zhlGsOa1oo1ndy/wzMbWERr+Wqv7f:zpfMbgHjBOa1RzuXsDT |
| MD5: | 3DF93052C874FAB3C7D48B4E25B927A2 |
| SHA1: | D71DB5B307735280048C30D2B693B2FDF20D647E |
| SHA-256: | 8A062190DACEF122BE3BDC0411D765F75C1C9CE63CD5A3E51AD53857A1FFEBAD |
| SHA-512: | 39B135A6465C82CE5122F5BB0BA0F9E9CFB557ACC9E20DCE83EE62BC6AF4905E8668B3E5EA2460935865E58C45A46EF2D5463AB239FF780C43355909677AC8B7 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 89797 |
| Entropy (8bit): | 5.291128696884303 |
| Encrypted: | false |
| SSDEEP: | 1536:VjjxXUHunxDjoXEZxkMV4PYDt0zxxf6gP3f8cApoEGOzZTBqUsuy8WnKdXwhLQvv:VeeIygP3fulzhsz8jlvaDioQ47GKK |
| MD5: | 954F70F07F05742168ADCEBA796DDA72 |
| SHA1: | EDF8A6A066F201B1FFAD32C585BD79C9982D4433 |
| SHA-256: | 4DA87C258ECA460D39CDB0F6158CBF69AF539D05A1D14F1BC011518511D02228 |
| SHA-512: | 66EE57172810E0002C308C1FD5FC008C1C64573602627CA0313D97742D830C72BB7D26DD3B069E1835C5E3D6F8721F856809EB9CCEF18CE8934FF7758F645717 |
| Malicious: | false |
| Reputation: | low |
| URL: | https://eu.docusign.net/Signing/client_scripts/jQuery/jquery-3.6.4.min.js |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 3896 |
| Entropy (8bit): | 4.786686051422741 |
| Encrypted: | false |
| SSDEEP: | 96:JvfEcgJcu5leSCSvraBYw9o01tedRnCKEpyWgoY:5EcgJ0SDvraBc0EEp+ |
| MD5: | 855476199961A10981ADCA7432CEC048 |
| SHA1: | 7995725A0CAC73EB6A2A1B5A8D5B162DBF47988E |
| SHA-256: | 6DD60FAA0E35F2DFE342C452ED414A084D384D11793BD0F0EB03C2B1C6F1405C |
| SHA-512: | A9E61582FA18BCC1DD57DE8A7C194BAB0D6F733897F541A6E13B94906ADC115D65004F5A2649919FA8B8545F0C67C9313A14EAEAF42C34F630DA13CD38E17994 |
| Malicious: | false |
| Reputation: | low |
| URL: | https://docucdn-a.akamaihd.net/olive/images/2.63.0/global-assets/ds-logo-inverse.svg |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 32 |
| Entropy (8bit): | 4.202819531114783 |
| Encrypted: | false |
| SSDEEP: | 3:Wx6G3XWVnCAd:oXjAd |
| MD5: | 034382B161C0E0D57F4551AB2A364633 |
| SHA1: | CA82E7949B7450871C11B6924A0307D6FFE51CB0 |
| SHA-256: | 8D8802B33957424700F5386511BD85B1745219E05162A333C4BDBEEC083CE3E6 |
| SHA-512: | 6359D87E28108A96755EFC5E4EEEA4D1CA2CAF0A3493CDEC2D0824528A208FE187075DC26E0570B487665DDD7FE1AACA754AEDD9BC0B0BC800A248AB9B9F3417 |
| Malicious: | false |
| Reputation: | low |
| URL: | https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAk2V9J8E6A9GhIFDYOoWz0=?alt=proto |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 1103 |
| Entropy (8bit): | 4.966187896639915 |
| Encrypted: | false |
| SSDEEP: | 24:SpkpXfnRZMyeo/MxNqyPdUs4zhlGsOa1oo1ndy/wzMbWERr+Wqv7f:zpfMbgHjBOa1RzuXsDT |
| MD5: | 3DF93052C874FAB3C7D48B4E25B927A2 |
| SHA1: | D71DB5B307735280048C30D2B693B2FDF20D647E |
| SHA-256: | 8A062190DACEF122BE3BDC0411D765F75C1C9CE63CD5A3E51AD53857A1FFEBAD |
| SHA-512: | 39B135A6465C82CE5122F5BB0BA0F9E9CFB557ACC9E20DCE83EE62BC6AF4905E8668B3E5EA2460935865E58C45A46EF2D5463AB239FF780C43355909677AC8B7 |
| Malicious: | false |
| Reputation: | low |
| URL: | https://account.docusign.com/ReactApp/src/vendor/html-domparser.js |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 4739 |
| Entropy (8bit): | 4.736490039075709 |
| Encrypted: | false |
| SSDEEP: | 96:mbr63wlBqhA2/EB9CkxgfFLFA31vlKn4aXtYly:mQwlBqh8PaF5A3ZlKn4CtYly |
| MD5: | 4B86605C4B80FA75342703878E7DFF13 |
| SHA1: | 6EF59F904C58E88B3E143BA3DA464AFE63FDC188 |
| SHA-256: | 2F186CDFA13B6CA51F69D44BAC8A7D5B69E1D5409A68D21F5768A87C6DFDB3A1 |
| SHA-512: | B493241426AB5A1B75D1455720E84AB27A2B7E176FDF782ECB14B26004F5553FD306DCAE14C17CE788891FDBCAE9A32A5E22CB187C6BCE66486B89A0E5028AD9 |
| Malicious: | false |
| Reputation: | low |
| URL: | https://eu.docusign.net/Signing/StyleSheets/Framework.css |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 119869 |
| Entropy (8bit): | 4.18401975910281 |
| Encrypted: | false |
| SSDEEP: | 1536:h5nLZxjaZ8x2R3Ud4FqBW92ZgyFqBW9sLBHdyoXwIWc1GO9GwIw6CTq14e7pnvaM:h5LZxjml1GO9xqB7pnva38 |
| MD5: | ECE7A224F69AB2205D90900589AE1D05 |
| SHA1: | 3D861B816A5DA892C8A88D5755A5537C036239DE |
| SHA-256: | FFA8C6A4CE199BFD9E32B05E0E4DECE330C6A577FB3A0E8518291619C658C486 |
| SHA-512: | EEF4BDD54AF95BE42224FFE605BB627293DAEA0C58A50B328ACC8B56040C81FDCB5EC8406F56856FC617A552E4D6DD28BB892467666889D27F03EE8BFCD16D7B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2961 |
| Entropy (8bit): | 7.876188909726169 |
| Encrypted: | false |
| SSDEEP: | 48:VvVe5e5QkDntvY2jl4qHftvx1qtZQ9J7kxzahysneTDLfZJDsbOWeKO4x:VvyWDtvYQtHfxKc7OnseTDLfZJDsR |
| MD5: | C863DB426897325CB4805B2C20F51F30 |
| SHA1: | A426FE43F0CE1A489CE091CC27768CDCC2991210 |
| SHA-256: | 2A5179B8851C8E3DFC77D7DCB33B3963AFA037608336D6AE412ACAA38AD59D22 |
| SHA-512: | 90DA76303CDE0B81F183709D94DC96B5C3EA7B7766948AF5B81E1EBE4B887012FC611F6A0CFC50873E80AF7B73077F7CB8BD5F254A4F4848C632A68733522A68 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12033 |
| Entropy (8bit): | 7.13014241128748 |
| Encrypted: | false |
| SSDEEP: | 192:qHlUf70z4Rdiun3chrRBPGomkY9/ymS86UEr+zSRzi7VlKCC1KTVakOjv:y6wOsht8yJ8sK2RziPKCOKT/Oj |
| MD5: | 70687C499CDB7A1B32FD60B7940266C7 |
| SHA1: | B1FF3895C29AE52B505A7E320AB49616490D8D30 |
| SHA-256: | 841DFCFCE5DCDE2641FF3FA006F81B6498426B855E95892041D46715044D02BF |
| SHA-512: | BB9B1D0F1244CE3E796BEC99DDBC29122A0DC6D4D47C7B6A15064B7DDA3F8C2037E6C89DBC458A58855C6A7AA35D6467EC707D1EA73E63F353EA117D3124E2CC |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3896 |
| Entropy (8bit): | 4.786686051422741 |
| Encrypted: | false |
| SSDEEP: | 96:JvfEcgJcu5leSCSvraBYw9o01tedRnCKEpyWgoY:5EcgJ0SDvraBc0EEp+ |
| MD5: | 855476199961A10981ADCA7432CEC048 |
| SHA1: | 7995725A0CAC73EB6A2A1B5A8D5B162DBF47988E |
| SHA-256: | 6DD60FAA0E35F2DFE342C452ED414A084D384D11793BD0F0EB03C2B1C6F1405C |
| SHA-512: | A9E61582FA18BCC1DD57DE8A7C194BAB0D6F733897F541A6E13B94906ADC115D65004F5A2649919FA8B8545F0C67C9313A14EAEAF42C34F630DA13CD38E17994 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 119869 |
| Entropy (8bit): | 4.18401975910281 |
| Encrypted: | false |
| SSDEEP: | 1536:h5nLZxjaZ8x2R3Ud4FqBW92ZgyFqBW9sLBHdyoXwIWc1GO9GwIw6CTq14e7pnvaM:h5LZxjml1GO9xqB7pnva38 |
| MD5: | ECE7A224F69AB2205D90900589AE1D05 |
| SHA1: | 3D861B816A5DA892C8A88D5755A5537C036239DE |
| SHA-256: | FFA8C6A4CE199BFD9E32B05E0E4DECE330C6A577FB3A0E8518291619C658C486 |
| SHA-512: | EEF4BDD54AF95BE42224FFE605BB627293DAEA0C58A50B328ACC8B56040C81FDCB5EC8406F56856FC617A552E4D6DD28BB892467666889D27F03EE8BFCD16D7B |
| Malicious: | false |
| Reputation: | low |
| URL: | https://docucdn-a.akamaihd.net/v/static/mixpanel-2-2-1b.js |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 3530355 |
| Entropy (8bit): | 5.656655502785631 |
| Encrypted: | false |
| SSDEEP: | 24576:Pjis41cmbHPloJLIagfthGBMAKoqnvkh29Un21/e:hQoJLsfth2Koqvkg9n1/e |
| MD5: | 66C9EF3CAE156CEEE749BA09B316E499 |
| SHA1: | 5575D01E6543AD9D438E54ED44C6955014C62EEA |
| SHA-256: | 36A27889691A682ACE9DB126B5205584AF6B4784D791305110F1476C0F7CC153 |
| SHA-512: | 0AE2BA6A61FF47538DD387F4D3793CF2453D024C6AEA1D7FAECE8C13FB73027140ABE1E630E70D24FD963E615321E4B4943B537188A4EAE49BC090D33973C799 |
| Malicious: | false |
| Reputation: | low |
| URL: | https://account.docusign.com/ReactApp/dist/bundle.js?version=24.4.0.21066 |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 29516 |
| Entropy (8bit): | 7.993944632054563 |
| Encrypted: | true |
| SSDEEP: | 768:YDWMT03T1/sy4Upj+7eLeD2qaWOJEPiAnKJ/JJzySg41:l35/syg7eLeD2PaiaKAV41 |
| MD5: | 5D66C3D97D4F69A2B3527E3997CBB66B |
| SHA1: | 94EF4F31C1A1CD780A172EDFBF9E3DE61697EF5A |
| SHA-256: | 1BF53B33743C5C45D6C944815F74CBF58B228806858FB6E3A0B86C1204F4BE06 |
| SHA-512: | FEB229CF976DC037130CE7E7A6C0E32FA8BD0C63382B0FFAD82E4448767B88F8C17C431055BF834AF6A5E92E2D34A6EC7432AFDABCEA9FAE867517613AFD3621 |
| Malicious: | false |
| Reputation: | low |
| URL: | https://docucdn-a.akamaihd.net/olive/fonts/2.8.0/DSIndigo-Regular.woff2 |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 33752 |
| Entropy (8bit): | 7.984139047245452 |
| Encrypted: | false |
| SSDEEP: | 768:8VyJ64rZFHKtB7wvkAKE0/40pQeOSHKOfITzE1SRSgyTAIW4l8:mbeZJOSvkFB/40p/HKOfI8gyTAcC |
| MD5: | 4DE7535F6F5DF8D5437C21C068DDB0EC |
| SHA1: | 3553204B4624CA41CF1C4F3BD9B37D8C968CBA23 |
| SHA-256: | 8F6A520A392FF62149E5FC5AA87BFAB9B3816CD6010D4D4FCA194E8683CA498B |
| SHA-512: | E2A9B45F69BD1CBCF0D5F3710BECFACF6A28AF0A9FD034262F6AF4803628DADCE4C2FCC385758F88130AB68D362F3694ED786D0971CF7FD7E8FAF6CD1C2860DE |
| Malicious: | false |
| Reputation: | low |
| URL: | https://docucdn-a.akamaihd.net/production/1ds/widgets/@ds/signing/24.10.26-8/fonts/maven-pro/MavenPro-Bold.woff |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 89797 |
| Entropy (8bit): | 5.291128696884303 |
| Encrypted: | false |
| SSDEEP: | 1536:VjjxXUHunxDjoXEZxkMV4PYDt0zxxf6gP3f8cApoEGOzZTBqUsuy8WnKdXwhLQvv:VeeIygP3fulzhsz8jlvaDioQ47GKK |
| MD5: | 954F70F07F05742168ADCEBA796DDA72 |
| SHA1: | EDF8A6A066F201B1FFAD32C585BD79C9982D4433 |
| SHA-256: | 4DA87C258ECA460D39CDB0F6158CBF69AF539D05A1D14F1BC011518511D02228 |
| SHA-512: | 66EE57172810E0002C308C1FD5FC008C1C64573602627CA0313D97742D830C72BB7D26DD3B069E1835C5E3D6F8721F856809EB9CCEF18CE8934FF7758F645717 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 12033 |
| Entropy (8bit): | 7.13014241128748 |
| Encrypted: | false |
| SSDEEP: | 192:qHlUf70z4Rdiun3chrRBPGomkY9/ymS86UEr+zSRzi7VlKCC1KTVakOjv:y6wOsht8yJ8sK2RziPKCOKT/Oj |
| MD5: | 70687C499CDB7A1B32FD60B7940266C7 |
| SHA1: | B1FF3895C29AE52B505A7E320AB49616490D8D30 |
| SHA-256: | 841DFCFCE5DCDE2641FF3FA006F81B6498426B855E95892041D46715044D02BF |
| SHA-512: | BB9B1D0F1244CE3E796BEC99DDBC29122A0DC6D4D47C7B6A15064B7DDA3F8C2037E6C89DBC458A58855C6A7AA35D6467EC707D1EA73E63F353EA117D3124E2CC |
| Malicious: | false |
| Reputation: | low |
| URL: | https://eu.docusign.net/Signing/Image.aspx?i=logo&l=d6876136-43b8-44aa-8efb-bdba7b25e800 |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2940 |
| Entropy (8bit): | 4.174861243509924 |
| Encrypted: | false |
| SSDEEP: | 48:CHTxKDlA+lw1fxLEpHcztFfSFjcfzHaDKuC2Al2qXIU1HIoc9VLYotdoEBFH9nqQ:O/AODztIppE2WTIo2ZxOQdSc9 |
| MD5: | 55ACF27E6B517AF140D1C9FB147E31E8 |
| SHA1: | FD74318612D950AE56B82776D4507A703E2745EF |
| SHA-256: | 769113EED5ABF2BB8E472A29D439CC73CA6BCCFA82E3D8F0B36D6F7D9FD740B6 |
| SHA-512: | EF85F9034DE1D6F0C04E7DD24F9743D39D63D2273884C1F46F744D4514E25569F07A7E7D9DBD8F644F6AE0B80E383C91954629356BFFFEC06746947645008826 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 72 |
| Entropy (8bit): | 4.241202481433726 |
| Encrypted: | false |
| SSDEEP: | 3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY |
| MD5: | 9E576E34B18E986347909C29AE6A82C6 |
| SHA1: | 532C767978DC2B55854B3CA2D2DF5B4DB221C934 |
| SHA-256: | 88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D |
| SHA-512: | 5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 31436 |
| Entropy (8bit): | 7.993250168057893 |
| Encrypted: | true |
| SSDEEP: | 768:lIQXpJaSv1p16Copvvta/RKIxLD+fSw88A9mWLkYWsxMppOD95:eSNzxopta/8IZGA93LtxMppOL |
| MD5: | BA0E987E564CD3409E9D6F690D641F55 |
| SHA1: | 1C2684BD20C775B7497796C2FA66AD4943F6B824 |
| SHA-256: | 346CFD3DF3DBB80D08655AE396A413F66CBCCFCF201EAE36A6403DCF7ED372BC |
| SHA-512: | DFBA7D6B8114C9DD1A3288E053F6E7C18A1909F6CBBDF35E46B1972E15497D1C35FE1007FC90CAF111D20AB036D9E1C73C15EDD7B2BF24F24CA4A2A36EBA571D |
| Malicious: | false |
| Reputation: | low |
| URL: | https://docucdn-a.akamaihd.net/olive/fonts/2.8.0/DSIndigo-Semibold.woff2 |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 326 |
| Entropy (8bit): | 6.860674885804344 |
| Encrypted: | false |
| SSDEEP: | 6:6v/lhPe/6TsR/rnMXvFGVAkFjqYCm8BQ5XIYDg/jruT0l8pgVy6EybrNcVp:6v/7m/6Ts/rnAF4nFWF5BQWdae82yXys |
| MD5: | AFE00DB89CE086B91A541C227EDBF136 |
| SHA1: | 961B2EE6FB39C4D515BDC49EC1BA688B0916F104 |
| SHA-256: | E11827C678AF8519E702F364E525AC34509CAD49F8D839677E089949EDDA060E |
| SHA-512: | 85F265A917E83BA92FEDB2152FBFADA273FCFF2937A85B080641307FD2E61D0138493162883E016796C9F68062A01D79DA60F546EFC2CB1FB4078760EB3451F0 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 900 |
| Entropy (8bit): | 5.345449428555976 |
| Encrypted: | false |
| SSDEEP: | 12:TMHdPpxNi/nzVJ/KYf3n+jzHM3T3c+cbEzoZdGVlVdE9g9H9014jDLQnI:2dBLATLf3yMlzXbEK9e4jDLQnI |
| MD5: | 17A782F04369CC79F490A976243511F6 |
| SHA1: | 84622E41838BDCD204EE2CFAD064B4BA58D0B5D5 |
| SHA-256: | 500168AD65BAE9FC7D865A3A98704346E4313BEDFA401F50EBB24AFFBFFB71CB |
| SHA-512: | EA715C41758D9735C22FFF73CDD58CFBBECD6EF4F424E2380103D9D61E4B21A314DD51F8359211CBFC9AF5DFBFB8CF20FA00B1093C8F9F34C413A43CC82FF7CE |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 13579 |
| Entropy (8bit): | 5.27337657330958 |
| Encrypted: | false |
| SSDEEP: | 192:5mprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORd:5mprxaefKI0LP19m4q1WW+h4Mjg |
| MD5: | 2779F5D2F1F22353C726240E530016CC |
| SHA1: | 2B3F380F212C8C64E79DB1F47FA25C114AFE6FBB |
| SHA-256: | 16496529F57AC8915F194E00479B04AF942C33D7897BCFD9A55DD072BBEC1411 |
| SHA-512: | 14F4E6DB8D21EFA0A01DFE6AC5C6941807B3DA8875864D736476D480167A9C7B02E60E8BE19CC2F9526B3027684661F5B11D36D3A9D44096DF86B120AF8904E6 |
| Malicious: | false |
| Reputation: | low |
| URL: | https://eu.docusign.net/Signing/client_scripts/jQuery/jquery-migrate-3.4.1.min.js |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3530355 |
| Entropy (8bit): | 5.656655502785631 |
| Encrypted: | false |
| SSDEEP: | 24576:Pjis41cmbHPloJLIagfthGBMAKoqnvkh29Un21/e:hQoJLsfth2Koqvkg9n1/e |
| MD5: | 66C9EF3CAE156CEEE749BA09B316E499 |
| SHA1: | 5575D01E6543AD9D438E54ED44C6955014C62EEA |
| SHA-256: | 36A27889691A682ACE9DB126B5205584AF6B4784D791305110F1476C0F7CC153 |
| SHA-512: | 0AE2BA6A61FF47538DD387F4D3793CF2453D024C6AEA1D7FAECE8C13FB73027140ABE1E630E70D24FD963E615321E4B4943B537188A4EAE49BC090D33973C799 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 13579 |
| Entropy (8bit): | 5.27337657330958 |
| Encrypted: | false |
| SSDEEP: | 192:5mprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORd:5mprxaefKI0LP19m4q1WW+h4Mjg |
| MD5: | 2779F5D2F1F22353C726240E530016CC |
| SHA1: | 2B3F380F212C8C64E79DB1F47FA25C114AFE6FBB |
| SHA-256: | 16496529F57AC8915F194E00479B04AF942C33D7897BCFD9A55DD072BBEC1411 |
| SHA-512: | 14F4E6DB8D21EFA0A01DFE6AC5C6941807B3DA8875864D736476D480167A9C7B02E60E8BE19CC2F9526B3027684661F5B11D36D3A9D44096DF86B120AF8904E6 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 2961 |
| Entropy (8bit): | 7.876188909726169 |
| Encrypted: | false |
| SSDEEP: | 48:VvVe5e5QkDntvY2jl4qHftvx1qtZQ9J7kxzahysneTDLfZJDsbOWeKO4x:VvyWDtvYQtHfxKc7OnseTDLfZJDsR |
| MD5: | C863DB426897325CB4805B2C20F51F30 |
| SHA1: | A426FE43F0CE1A489CE091CC27768CDCC2991210 |
| SHA-256: | 2A5179B8851C8E3DFC77D7DCB33B3963AFA037608336D6AE412ACAA38AD59D22 |
| SHA-512: | 90DA76303CDE0B81F183709D94DC96B5C3EA7B7766948AF5B81E1EBE4B887012FC611F6A0CFC50873E80AF7B73077F7CB8BD5F254A4F4848C632A68733522A68 |
| Malicious: | false |
| Reputation: | low |
| URL: | https://eu.docusign.net/Signing/Images/controls/btn_arrow_u.png |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 2940 |
| Entropy (8bit): | 4.174861243509924 |
| Encrypted: | false |
| SSDEEP: | 48:CHTxKDlA+lw1fxLEpHcztFfSFjcfzHaDKuC2Al2qXIU1HIoc9VLYotdoEBFH9nqQ:O/AODztIppE2WTIo2ZxOQdSc9 |
| MD5: | 55ACF27E6B517AF140D1C9FB147E31E8 |
| SHA1: | FD74318612D950AE56B82776D4507A703E2745EF |
| SHA-256: | 769113EED5ABF2BB8E472A29D439CC73CA6BCCFA82E3D8F0B36D6F7D9FD740B6 |
| SHA-512: | EF85F9034DE1D6F0C04E7DD24F9743D39D63D2273884C1F46F744D4514E25569F07A7E7D9DBD8F644F6AE0B80E383C91954629356BFFFEC06746947645008826 |
| Malicious: | false |
| Reputation: | low |
| URL: | https://docucdn-a.akamaihd.net/olive/images/2.72.0/global-assets/ds-logo-default.svg |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 34820 |
| Entropy (8bit): | 7.982902826695778 |
| Encrypted: | false |
| SSDEEP: | 768:f+vYQAKPEPXbeWpwNy/QyMmQHXbvwv53Cv9J1LOfITzE1SRSgyTAIW4iC:f+AZgULe7k/QyMmMX7oSvXlOfI8gyTAc |
| MD5: | FD117C9EB999E35D64BE1515D5B2192D |
| SHA1: | B0FAE4091AC17A28C47AF531A9D5B73B4C35F6BD |
| SHA-256: | 553582BE8A5D2779D1A9E9C3A6698FD4D365E01353D8876A7204DB68FCD1D12D |
| SHA-512: | 24D51DBAFDE7E5B7B1486BA3800BC8ECBAF369A2D28BBBF15096C723DC565247F9B956E8D0F28EDB535313E1B26934DFC30AF0AF700B8CB57F02926B889B2177 |
| Malicious: | false |
| Reputation: | low |
| URL: | https://docucdn-a.akamaihd.net/production/1ds/widgets/@ds/signing/24.10.26-8/fonts/maven-pro/MavenPro-Regular.woff |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 900 |
| Entropy (8bit): | 5.345449428555976 |
| Encrypted: | false |
| SSDEEP: | 12:TMHdPpxNi/nzVJ/KYf3n+jzHM3T3c+cbEzoZdGVlVdE9g9H9014jDLQnI:2dBLATLf3yMlzXbEK9e4jDLQnI |
| MD5: | 17A782F04369CC79F490A976243511F6 |
| SHA1: | 84622E41838BDCD204EE2CFAD064B4BA58D0B5D5 |
| SHA-256: | 500168AD65BAE9FC7D865A3A98704346E4313BEDFA401F50EBB24AFFBFFB71CB |
| SHA-512: | EA715C41758D9735C22FFF73CDD58CFBBECD6EF4F424E2380103D9D61E4B21A314DD51F8359211CBFC9AF5DFBFB8CF20FA00B1093C8F9F34C413A43CC82FF7CE |
| Malicious: | false |
| Reputation: | low |
| URL: | https://docucdn-a.akamaihd.net/olive/images/2.64.0/global-assets/ds-icons-favicon-default-64x64.svg |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 31644 |
| Entropy (8bit): | 7.993065566948634 |
| Encrypted: | true |
| SSDEEP: | 768:QpME5mXXDrh5SBgD1LiXEBZiLKLWWPTO45o/fdQIdJAL:QpFEhFDRiXUoReOO4QId6L |
| MD5: | 89C979CFF1EBCBD06171DCD15927EB3A |
| SHA1: | DDFB17DA64F896EA2682BEC12499ED9D8F65F69D |
| SHA-256: | F2C05D1D723BD31646C2C5ADB65C29F317FEAB778A02511FBDCBC180853CA042 |
| SHA-512: | AD58C49E307E87D94BCD1AD7DD7D729B752817DC2451D5869A7ECB652622FDC0BE51C4BAA263747D986898756D6B178570BA9AC839AF748FA808DC9B7CECED9E |
| Malicious: | false |
| Reputation: | low |
| URL: | https://docucdn-a.akamaihd.net/olive/fonts/2.8.0/DSIndigo-Medium.woff2 |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 326 |
| Entropy (8bit): | 6.860674885804344 |
| Encrypted: | false |
| SSDEEP: | 6:6v/lhPe/6TsR/rnMXvFGVAkFjqYCm8BQ5XIYDg/jruT0l8pgVy6EybrNcVp:6v/7m/6Ts/rnAF4nFWF5BQWdae82yXys |
| MD5: | AFE00DB89CE086B91A541C227EDBF136 |
| SHA1: | 961B2EE6FB39C4D515BDC49EC1BA688B0916F104 |
| SHA-256: | E11827C678AF8519E702F364E525AC34509CAD49F8D839677E089949EDDA060E |
| SHA-512: | 85F265A917E83BA92FEDB2152FBFADA273FCFF2937A85B080641307FD2E61D0138493162883E016796C9F68062A01D79DA60F546EFC2CB1FB4078760EB3451F0 |
| Malicious: | false |
| Reputation: | low |
| URL: | https://docucdn-a.akamaihd.net/olive/images/2.63.0/global-assets/ds-icons-favicon-default-16x16.png |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 788 |
| Entropy (8bit): | 4.9019698351522845 |
| Encrypted: | false |
| SSDEEP: | 24:LrOb6MnezMoVTAN/jYme6MfzMVVTJ2jYy4:LrOG1jV0Njrr6AVMj74 |
| MD5: | CB4FD3AF4DEEBD7277FCD75A576BF633 |
| SHA1: | 71A7BC5DE0F92581F2A9F8DCED86578E01B4856C |
| SHA-256: | F6C29AE65E37D866FEFB836DB488C4D044414798EC995B2B69CD067949938DD9 |
| SHA-512: | 1507C60248859484296F0CF5D1D0AB73BA4B2522A8D05C37773E45AE57C381BFC1FBFC1E38C2F1EE4DB626C1E4AF8C973B38FAD6C5FD74A4423FD78CFEE47E85 |
| Malicious: | false |
| Reputation: | low |
| URL: | https://docucdn-a.akamaihd.net/production/1ds/widgets/@ds/signing/24.10.26-8/css/font-faces.css?cs=7aa34814 |
| Preview: |
⊘No static file info
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-01T13:40:10.332874+0100 | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 1 | 20.109.210.53 | 443 | 192.168.2.16 | 49735 | TCP |
| 2024-11-01T13:40:47.647605+0100 | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 1 | 172.202.163.200 | 443 | 192.168.2.16 | 49744 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 1, 2024 13:40:04.238339901 CET | 49716 | 443 | 192.168.2.16 | 172.217.18.100 |
| Nov 1, 2024 13:40:04.238368988 CET | 443 | 49716 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:40:04.238457918 CET | 49716 | 443 | 192.168.2.16 | 172.217.18.100 |
| Nov 1, 2024 13:40:04.238646984 CET | 49716 | 443 | 192.168.2.16 | 172.217.18.100 |
| Nov 1, 2024 13:40:04.238657951 CET | 443 | 49716 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:40:05.111865044 CET | 443 | 49716 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:40:05.112071037 CET | 49716 | 443 | 192.168.2.16 | 172.217.18.100 |
| Nov 1, 2024 13:40:05.112086058 CET | 443 | 49716 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:40:05.113003969 CET | 443 | 49716 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:40:05.113060951 CET | 49716 | 443 | 192.168.2.16 | 172.217.18.100 |
| Nov 1, 2024 13:40:05.113920927 CET | 49716 | 443 | 192.168.2.16 | 172.217.18.100 |
| Nov 1, 2024 13:40:05.113981962 CET | 443 | 49716 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:40:05.164094925 CET | 49716 | 443 | 192.168.2.16 | 172.217.18.100 |
| Nov 1, 2024 13:40:05.164113045 CET | 443 | 49716 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:40:05.210105896 CET | 49716 | 443 | 192.168.2.16 | 172.217.18.100 |
| Nov 1, 2024 13:40:05.226402998 CET | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
| Nov 1, 2024 13:40:05.527136087 CET | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
| Nov 1, 2024 13:40:06.133135080 CET | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
| Nov 1, 2024 13:40:07.340121984 CET | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
| Nov 1, 2024 13:40:07.813802958 CET | 49732 | 443 | 192.168.2.16 | 35.190.25.25 |
| Nov 1, 2024 13:40:07.813810110 CET | 443 | 49732 | 35.190.25.25 | 192.168.2.16 |
| Nov 1, 2024 13:40:07.813869953 CET | 49732 | 443 | 192.168.2.16 | 35.190.25.25 |
| Nov 1, 2024 13:40:07.814030886 CET | 49732 | 443 | 192.168.2.16 | 35.190.25.25 |
| Nov 1, 2024 13:40:07.814039946 CET | 443 | 49732 | 35.190.25.25 | 192.168.2.16 |
| Nov 1, 2024 13:40:08.186259031 CET | 49689 | 80 | 192.168.2.16 | 192.229.211.108 |
| Nov 1, 2024 13:40:08.459729910 CET | 443 | 49732 | 35.190.25.25 | 192.168.2.16 |
| Nov 1, 2024 13:40:08.459995985 CET | 49732 | 443 | 192.168.2.16 | 35.190.25.25 |
| Nov 1, 2024 13:40:08.460020065 CET | 443 | 49732 | 35.190.25.25 | 192.168.2.16 |
| Nov 1, 2024 13:40:08.460987091 CET | 443 | 49732 | 35.190.25.25 | 192.168.2.16 |
| Nov 1, 2024 13:40:08.461056948 CET | 49732 | 443 | 192.168.2.16 | 35.190.25.25 |
| Nov 1, 2024 13:40:08.462052107 CET | 49732 | 443 | 192.168.2.16 | 35.190.25.25 |
| Nov 1, 2024 13:40:08.462109089 CET | 443 | 49732 | 35.190.25.25 | 192.168.2.16 |
| Nov 1, 2024 13:40:08.462327003 CET | 49732 | 443 | 192.168.2.16 | 35.190.25.25 |
| Nov 1, 2024 13:40:08.462333918 CET | 443 | 49732 | 35.190.25.25 | 192.168.2.16 |
| Nov 1, 2024 13:40:08.515120983 CET | 49732 | 443 | 192.168.2.16 | 35.190.25.25 |
| Nov 1, 2024 13:40:08.611519098 CET | 443 | 49732 | 35.190.25.25 | 192.168.2.16 |
| Nov 1, 2024 13:40:08.613147020 CET | 443 | 49732 | 35.190.25.25 | 192.168.2.16 |
| Nov 1, 2024 13:40:08.613223076 CET | 49732 | 443 | 192.168.2.16 | 35.190.25.25 |
| Nov 1, 2024 13:40:08.613358021 CET | 49732 | 443 | 192.168.2.16 | 35.190.25.25 |
| Nov 1, 2024 13:40:08.613369942 CET | 443 | 49732 | 35.190.25.25 | 192.168.2.16 |
| Nov 1, 2024 13:40:08.623473883 CET | 49733 | 443 | 192.168.2.16 | 130.211.34.183 |
| Nov 1, 2024 13:40:08.623531103 CET | 443 | 49733 | 130.211.34.183 | 192.168.2.16 |
| Nov 1, 2024 13:40:08.623610020 CET | 49733 | 443 | 192.168.2.16 | 130.211.34.183 |
| Nov 1, 2024 13:40:08.623784065 CET | 49733 | 443 | 192.168.2.16 | 130.211.34.183 |
| Nov 1, 2024 13:40:08.623806000 CET | 443 | 49733 | 130.211.34.183 | 192.168.2.16 |
| Nov 1, 2024 13:40:09.206816912 CET | 49735 | 443 | 192.168.2.16 | 20.109.210.53 |
| Nov 1, 2024 13:40:09.206866026 CET | 443 | 49735 | 20.109.210.53 | 192.168.2.16 |
| Nov 1, 2024 13:40:09.206929922 CET | 49735 | 443 | 192.168.2.16 | 20.109.210.53 |
| Nov 1, 2024 13:40:09.208558083 CET | 49735 | 443 | 192.168.2.16 | 20.109.210.53 |
| Nov 1, 2024 13:40:09.208575010 CET | 443 | 49735 | 20.109.210.53 | 192.168.2.16 |
| Nov 1, 2024 13:40:09.233405113 CET | 443 | 49733 | 130.211.34.183 | 192.168.2.16 |
| Nov 1, 2024 13:40:09.233714104 CET | 49733 | 443 | 192.168.2.16 | 130.211.34.183 |
| Nov 1, 2024 13:40:09.233730078 CET | 443 | 49733 | 130.211.34.183 | 192.168.2.16 |
| Nov 1, 2024 13:40:09.234615088 CET | 443 | 49733 | 130.211.34.183 | 192.168.2.16 |
| Nov 1, 2024 13:40:09.234684944 CET | 49733 | 443 | 192.168.2.16 | 130.211.34.183 |
| Nov 1, 2024 13:40:09.234956980 CET | 49733 | 443 | 192.168.2.16 | 130.211.34.183 |
| Nov 1, 2024 13:40:09.235012054 CET | 443 | 49733 | 130.211.34.183 | 192.168.2.16 |
| Nov 1, 2024 13:40:09.235074043 CET | 49733 | 443 | 192.168.2.16 | 130.211.34.183 |
| Nov 1, 2024 13:40:09.275348902 CET | 443 | 49733 | 130.211.34.183 | 192.168.2.16 |
| Nov 1, 2024 13:40:09.280119896 CET | 49733 | 443 | 192.168.2.16 | 130.211.34.183 |
| Nov 1, 2024 13:40:09.280128002 CET | 443 | 49733 | 130.211.34.183 | 192.168.2.16 |
| Nov 1, 2024 13:40:09.328110933 CET | 49733 | 443 | 192.168.2.16 | 130.211.34.183 |
| Nov 1, 2024 13:40:09.385027885 CET | 443 | 49733 | 130.211.34.183 | 192.168.2.16 |
| Nov 1, 2024 13:40:09.386432886 CET | 443 | 49733 | 130.211.34.183 | 192.168.2.16 |
| Nov 1, 2024 13:40:09.386488914 CET | 49733 | 443 | 192.168.2.16 | 130.211.34.183 |
| Nov 1, 2024 13:40:09.386598110 CET | 49733 | 443 | 192.168.2.16 | 130.211.34.183 |
| Nov 1, 2024 13:40:09.386612892 CET | 443 | 49733 | 130.211.34.183 | 192.168.2.16 |
| Nov 1, 2024 13:40:09.743182898 CET | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
| Nov 1, 2024 13:40:10.003946066 CET | 443 | 49735 | 20.109.210.53 | 192.168.2.16 |
| Nov 1, 2024 13:40:10.004055977 CET | 49735 | 443 | 192.168.2.16 | 20.109.210.53 |
| Nov 1, 2024 13:40:10.006714106 CET | 49735 | 443 | 192.168.2.16 | 20.109.210.53 |
| Nov 1, 2024 13:40:10.006730080 CET | 443 | 49735 | 20.109.210.53 | 192.168.2.16 |
| Nov 1, 2024 13:40:10.006934881 CET | 443 | 49735 | 20.109.210.53 | 192.168.2.16 |
| Nov 1, 2024 13:40:10.060117960 CET | 49735 | 443 | 192.168.2.16 | 20.109.210.53 |
| Nov 1, 2024 13:40:10.070770025 CET | 49735 | 443 | 192.168.2.16 | 20.109.210.53 |
| Nov 1, 2024 13:40:10.115334988 CET | 443 | 49735 | 20.109.210.53 | 192.168.2.16 |
| Nov 1, 2024 13:40:10.331646919 CET | 443 | 49735 | 20.109.210.53 | 192.168.2.16 |
| Nov 1, 2024 13:40:10.331677914 CET | 443 | 49735 | 20.109.210.53 | 192.168.2.16 |
| Nov 1, 2024 13:40:10.331686020 CET | 443 | 49735 | 20.109.210.53 | 192.168.2.16 |
| Nov 1, 2024 13:40:10.331707954 CET | 443 | 49735 | 20.109.210.53 | 192.168.2.16 |
| Nov 1, 2024 13:40:10.331723928 CET | 443 | 49735 | 20.109.210.53 | 192.168.2.16 |
| Nov 1, 2024 13:40:10.331734896 CET | 443 | 49735 | 20.109.210.53 | 192.168.2.16 |
| Nov 1, 2024 13:40:10.331748962 CET | 49735 | 443 | 192.168.2.16 | 20.109.210.53 |
| Nov 1, 2024 13:40:10.331772089 CET | 443 | 49735 | 20.109.210.53 | 192.168.2.16 |
| Nov 1, 2024 13:40:10.331799984 CET | 49735 | 443 | 192.168.2.16 | 20.109.210.53 |
| Nov 1, 2024 13:40:10.331823111 CET | 49735 | 443 | 192.168.2.16 | 20.109.210.53 |
| Nov 1, 2024 13:40:10.332707882 CET | 443 | 49735 | 20.109.210.53 | 192.168.2.16 |
| Nov 1, 2024 13:40:10.332771063 CET | 49735 | 443 | 192.168.2.16 | 20.109.210.53 |
| Nov 1, 2024 13:40:10.332777977 CET | 443 | 49735 | 20.109.210.53 | 192.168.2.16 |
| Nov 1, 2024 13:40:10.332825899 CET | 49735 | 443 | 192.168.2.16 | 20.109.210.53 |
| Nov 1, 2024 13:40:10.341478109 CET | 49735 | 443 | 192.168.2.16 | 20.109.210.53 |
| Nov 1, 2024 13:40:10.341496944 CET | 443 | 49735 | 20.109.210.53 | 192.168.2.16 |
| Nov 1, 2024 13:40:10.341507912 CET | 49735 | 443 | 192.168.2.16 | 20.109.210.53 |
| Nov 1, 2024 13:40:10.341512918 CET | 443 | 49735 | 20.109.210.53 | 192.168.2.16 |
| Nov 1, 2024 13:40:11.412750959 CET | 49737 | 443 | 192.168.2.16 | 184.28.90.27 |
| Nov 1, 2024 13:40:11.412782907 CET | 443 | 49737 | 184.28.90.27 | 192.168.2.16 |
| Nov 1, 2024 13:40:11.412864923 CET | 49737 | 443 | 192.168.2.16 | 184.28.90.27 |
| Nov 1, 2024 13:40:11.413781881 CET | 49737 | 443 | 192.168.2.16 | 184.28.90.27 |
| Nov 1, 2024 13:40:11.413798094 CET | 443 | 49737 | 184.28.90.27 | 192.168.2.16 |
| Nov 1, 2024 13:40:12.288150072 CET | 443 | 49737 | 184.28.90.27 | 192.168.2.16 |
| Nov 1, 2024 13:40:12.288269997 CET | 49737 | 443 | 192.168.2.16 | 184.28.90.27 |
| Nov 1, 2024 13:40:12.290719032 CET | 49737 | 443 | 192.168.2.16 | 184.28.90.27 |
| Nov 1, 2024 13:40:12.290730000 CET | 443 | 49737 | 184.28.90.27 | 192.168.2.16 |
| Nov 1, 2024 13:40:12.291054964 CET | 443 | 49737 | 184.28.90.27 | 192.168.2.16 |
| Nov 1, 2024 13:40:12.322577953 CET | 49737 | 443 | 192.168.2.16 | 184.28.90.27 |
| Nov 1, 2024 13:40:12.363332033 CET | 443 | 49737 | 184.28.90.27 | 192.168.2.16 |
| Nov 1, 2024 13:40:12.574659109 CET | 443 | 49737 | 184.28.90.27 | 192.168.2.16 |
| Nov 1, 2024 13:40:12.574733019 CET | 443 | 49737 | 184.28.90.27 | 192.168.2.16 |
| Nov 1, 2024 13:40:12.574836016 CET | 49737 | 443 | 192.168.2.16 | 184.28.90.27 |
| Nov 1, 2024 13:40:12.574836016 CET | 49737 | 443 | 192.168.2.16 | 184.28.90.27 |
| Nov 1, 2024 13:40:12.574861050 CET | 443 | 49737 | 184.28.90.27 | 192.168.2.16 |
| Nov 1, 2024 13:40:12.574893951 CET | 49737 | 443 | 192.168.2.16 | 184.28.90.27 |
| Nov 1, 2024 13:40:12.574898958 CET | 443 | 49737 | 184.28.90.27 | 192.168.2.16 |
| Nov 1, 2024 13:40:12.604145050 CET | 49738 | 443 | 192.168.2.16 | 184.28.90.27 |
| Nov 1, 2024 13:40:12.604175091 CET | 443 | 49738 | 184.28.90.27 | 192.168.2.16 |
| Nov 1, 2024 13:40:12.604372978 CET | 49738 | 443 | 192.168.2.16 | 184.28.90.27 |
| Nov 1, 2024 13:40:12.604609966 CET | 49738 | 443 | 192.168.2.16 | 184.28.90.27 |
| Nov 1, 2024 13:40:12.604624033 CET | 443 | 49738 | 184.28.90.27 | 192.168.2.16 |
| Nov 1, 2024 13:40:13.393409014 CET | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
| Nov 1, 2024 13:40:13.444021940 CET | 443 | 49738 | 184.28.90.27 | 192.168.2.16 |
| Nov 1, 2024 13:40:13.444142103 CET | 49738 | 443 | 192.168.2.16 | 184.28.90.27 |
| Nov 1, 2024 13:40:13.445175886 CET | 49738 | 443 | 192.168.2.16 | 184.28.90.27 |
| Nov 1, 2024 13:40:13.445184946 CET | 443 | 49738 | 184.28.90.27 | 192.168.2.16 |
| Nov 1, 2024 13:40:13.445380926 CET | 443 | 49738 | 184.28.90.27 | 192.168.2.16 |
| Nov 1, 2024 13:40:13.446355104 CET | 49738 | 443 | 192.168.2.16 | 184.28.90.27 |
| Nov 1, 2024 13:40:13.491337061 CET | 443 | 49738 | 184.28.90.27 | 192.168.2.16 |
| Nov 1, 2024 13:40:13.689120054 CET | 443 | 49738 | 184.28.90.27 | 192.168.2.16 |
| Nov 1, 2024 13:40:13.689181089 CET | 443 | 49738 | 184.28.90.27 | 192.168.2.16 |
| Nov 1, 2024 13:40:13.690160036 CET | 49738 | 443 | 192.168.2.16 | 184.28.90.27 |
| Nov 1, 2024 13:40:13.690196037 CET | 49738 | 443 | 192.168.2.16 | 184.28.90.27 |
| Nov 1, 2024 13:40:13.690212965 CET | 443 | 49738 | 184.28.90.27 | 192.168.2.16 |
| Nov 1, 2024 13:40:13.690222979 CET | 49738 | 443 | 192.168.2.16 | 184.28.90.27 |
| Nov 1, 2024 13:40:13.690227985 CET | 443 | 49738 | 184.28.90.27 | 192.168.2.16 |
| Nov 1, 2024 13:40:13.694186926 CET | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
| Nov 1, 2024 13:40:14.301237106 CET | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
| Nov 1, 2024 13:40:14.557126045 CET | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
| Nov 1, 2024 13:40:15.100188971 CET | 443 | 49716 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:40:15.100264072 CET | 443 | 49716 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:40:15.100305080 CET | 49716 | 443 | 192.168.2.16 | 172.217.18.100 |
| Nov 1, 2024 13:40:15.514132023 CET | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
| Nov 1, 2024 13:40:15.627609015 CET | 49716 | 443 | 192.168.2.16 | 172.217.18.100 |
| Nov 1, 2024 13:40:15.627645969 CET | 443 | 49716 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:40:17.862267971 CET | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
| Nov 1, 2024 13:40:17.925132990 CET | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
| Nov 1, 2024 13:40:18.164158106 CET | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
| Nov 1, 2024 13:40:18.770153046 CET | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
| Nov 1, 2024 13:40:19.985141993 CET | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
| Nov 1, 2024 13:40:22.396143913 CET | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
| Nov 1, 2024 13:40:22.732198000 CET | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
| Nov 1, 2024 13:40:24.167143106 CET | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
| Nov 1, 2024 13:40:27.198275089 CET | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
| Nov 1, 2024 13:40:32.342297077 CET | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
| Nov 1, 2024 13:40:36.801321030 CET | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
| Nov 1, 2024 13:40:46.615508080 CET | 49744 | 443 | 192.168.2.16 | 172.202.163.200 |
| Nov 1, 2024 13:40:46.615545988 CET | 443 | 49744 | 172.202.163.200 | 192.168.2.16 |
| Nov 1, 2024 13:40:46.615613937 CET | 49744 | 443 | 192.168.2.16 | 172.202.163.200 |
| Nov 1, 2024 13:40:46.615998030 CET | 49744 | 443 | 192.168.2.16 | 172.202.163.200 |
| Nov 1, 2024 13:40:46.616008997 CET | 443 | 49744 | 172.202.163.200 | 192.168.2.16 |
| Nov 1, 2024 13:40:47.388550997 CET | 443 | 49744 | 172.202.163.200 | 192.168.2.16 |
| Nov 1, 2024 13:40:47.388643980 CET | 49744 | 443 | 192.168.2.16 | 172.202.163.200 |
| Nov 1, 2024 13:40:47.390264988 CET | 49744 | 443 | 192.168.2.16 | 172.202.163.200 |
| Nov 1, 2024 13:40:47.390274048 CET | 443 | 49744 | 172.202.163.200 | 192.168.2.16 |
| Nov 1, 2024 13:40:47.390496016 CET | 443 | 49744 | 172.202.163.200 | 192.168.2.16 |
| Nov 1, 2024 13:40:47.391856909 CET | 49744 | 443 | 192.168.2.16 | 172.202.163.200 |
| Nov 1, 2024 13:40:47.439351082 CET | 443 | 49744 | 172.202.163.200 | 192.168.2.16 |
| Nov 1, 2024 13:40:47.517021894 CET | 49697 | 80 | 192.168.2.16 | 199.232.214.172 |
| Nov 1, 2024 13:40:47.517091036 CET | 49698 | 80 | 192.168.2.16 | 199.232.214.172 |
| Nov 1, 2024 13:40:47.522454023 CET | 80 | 49697 | 199.232.214.172 | 192.168.2.16 |
| Nov 1, 2024 13:40:47.522516966 CET | 49697 | 80 | 192.168.2.16 | 199.232.214.172 |
| Nov 1, 2024 13:40:47.522526979 CET | 80 | 49698 | 199.232.214.172 | 192.168.2.16 |
| Nov 1, 2024 13:40:47.522572994 CET | 49698 | 80 | 192.168.2.16 | 199.232.214.172 |
| Nov 1, 2024 13:40:47.645617962 CET | 443 | 49744 | 172.202.163.200 | 192.168.2.16 |
| Nov 1, 2024 13:40:47.645637989 CET | 443 | 49744 | 172.202.163.200 | 192.168.2.16 |
| Nov 1, 2024 13:40:47.645652056 CET | 443 | 49744 | 172.202.163.200 | 192.168.2.16 |
| Nov 1, 2024 13:40:47.645689964 CET | 49744 | 443 | 192.168.2.16 | 172.202.163.200 |
| Nov 1, 2024 13:40:47.645699024 CET | 443 | 49744 | 172.202.163.200 | 192.168.2.16 |
| Nov 1, 2024 13:40:47.645720959 CET | 49744 | 443 | 192.168.2.16 | 172.202.163.200 |
| Nov 1, 2024 13:40:47.645742893 CET | 49744 | 443 | 192.168.2.16 | 172.202.163.200 |
| Nov 1, 2024 13:40:47.647161007 CET | 443 | 49744 | 172.202.163.200 | 192.168.2.16 |
| Nov 1, 2024 13:40:47.647196054 CET | 443 | 49744 | 172.202.163.200 | 192.168.2.16 |
| Nov 1, 2024 13:40:47.647214890 CET | 49744 | 443 | 192.168.2.16 | 172.202.163.200 |
| Nov 1, 2024 13:40:47.647221088 CET | 443 | 49744 | 172.202.163.200 | 192.168.2.16 |
| Nov 1, 2024 13:40:47.647234917 CET | 443 | 49744 | 172.202.163.200 | 192.168.2.16 |
| Nov 1, 2024 13:40:47.647245884 CET | 49744 | 443 | 192.168.2.16 | 172.202.163.200 |
| Nov 1, 2024 13:40:47.647284985 CET | 49744 | 443 | 192.168.2.16 | 172.202.163.200 |
| Nov 1, 2024 13:40:47.648240089 CET | 49744 | 443 | 192.168.2.16 | 172.202.163.200 |
| Nov 1, 2024 13:40:47.648248911 CET | 443 | 49744 | 172.202.163.200 | 192.168.2.16 |
| Nov 1, 2024 13:40:47.648267031 CET | 49744 | 443 | 192.168.2.16 | 172.202.163.200 |
| Nov 1, 2024 13:40:47.648272038 CET | 443 | 49744 | 172.202.163.200 | 192.168.2.16 |
| Nov 1, 2024 13:41:04.286425114 CET | 49756 | 443 | 192.168.2.16 | 172.217.18.100 |
| Nov 1, 2024 13:41:04.286492109 CET | 443 | 49756 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:41:04.286585093 CET | 49756 | 443 | 192.168.2.16 | 172.217.18.100 |
| Nov 1, 2024 13:41:04.286881924 CET | 49756 | 443 | 192.168.2.16 | 172.217.18.100 |
| Nov 1, 2024 13:41:04.286901951 CET | 443 | 49756 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:41:05.311652899 CET | 443 | 49756 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:41:05.311994076 CET | 49756 | 443 | 192.168.2.16 | 172.217.18.100 |
| Nov 1, 2024 13:41:05.312033892 CET | 443 | 49756 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:41:05.312519073 CET | 443 | 49756 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:41:05.312911987 CET | 49756 | 443 | 192.168.2.16 | 172.217.18.100 |
| Nov 1, 2024 13:41:05.313004017 CET | 443 | 49756 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:41:05.359249115 CET | 49756 | 443 | 192.168.2.16 | 172.217.18.100 |
| Nov 1, 2024 13:41:15.317257881 CET | 443 | 49756 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:41:15.317337990 CET | 443 | 49756 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:41:15.317518950 CET | 49756 | 443 | 192.168.2.16 | 172.217.18.100 |
| Nov 1, 2024 13:41:15.634320021 CET | 49756 | 443 | 192.168.2.16 | 172.217.18.100 |
| Nov 1, 2024 13:41:15.634375095 CET | 443 | 49756 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:41:37.213524103 CET | 49699 | 443 | 192.168.2.16 | 20.190.159.68 |
| Nov 1, 2024 13:41:37.213538885 CET | 49700 | 80 | 192.168.2.16 | 192.229.221.95 |
| Nov 1, 2024 13:41:37.219670057 CET | 80 | 49700 | 192.229.221.95 | 192.168.2.16 |
| Nov 1, 2024 13:41:37.219737053 CET | 49700 | 80 | 192.168.2.16 | 192.229.221.95 |
| Nov 1, 2024 13:41:37.220271111 CET | 443 | 49699 | 20.190.159.68 | 192.168.2.16 |
| Nov 1, 2024 13:41:37.220340014 CET | 49699 | 443 | 192.168.2.16 | 20.190.159.68 |
| Nov 1, 2024 13:41:39.877548933 CET | 49701 | 443 | 192.168.2.16 | 20.190.159.68 |
| Nov 1, 2024 13:41:39.883692980 CET | 443 | 49701 | 20.190.159.68 | 192.168.2.16 |
| Nov 1, 2024 13:41:39.883773088 CET | 49701 | 443 | 192.168.2.16 | 20.190.159.68 |
| Nov 1, 2024 13:42:04.351242065 CET | 49761 | 443 | 192.168.2.16 | 172.217.18.100 |
| Nov 1, 2024 13:42:04.351255894 CET | 443 | 49761 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:42:04.351424932 CET | 49761 | 443 | 192.168.2.16 | 172.217.18.100 |
| Nov 1, 2024 13:42:04.351658106 CET | 49761 | 443 | 192.168.2.16 | 172.217.18.100 |
| Nov 1, 2024 13:42:04.351667881 CET | 443 | 49761 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:42:05.235949039 CET | 443 | 49761 | 172.217.18.100 | 192.168.2.16 |
| Nov 1, 2024 13:42:05.277450085 CET | 49761 | 443 | 192.168.2.16 | 172.217.18.100 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 1, 2024 13:39:59.391115904 CET | 53 | 56802 | 1.1.1.1 | 192.168.2.16 |
| Nov 1, 2024 13:39:59.418133020 CET | 53 | 63684 | 1.1.1.1 | 192.168.2.16 |
| Nov 1, 2024 13:40:00.319101095 CET | 50344 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:40:00.319233894 CET | 58582 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:40:00.676742077 CET | 53 | 60742 | 1.1.1.1 | 192.168.2.16 |
| Nov 1, 2024 13:40:03.838757992 CET | 53257 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:40:03.838943005 CET | 63353 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:40:04.229135036 CET | 54828 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:40:04.230096102 CET | 56528 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:40:04.236274958 CET | 53 | 54828 | 1.1.1.1 | 192.168.2.16 |
| Nov 1, 2024 13:40:04.237669945 CET | 53 | 56528 | 1.1.1.1 | 192.168.2.16 |
| Nov 1, 2024 13:40:05.070424080 CET | 60784 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:40:05.070585966 CET | 55197 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:40:05.072424889 CET | 58606 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:40:05.072617054 CET | 52534 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:40:07.806528091 CET | 62535 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:40:07.806736946 CET | 57401 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:40:07.813277006 CET | 53 | 57401 | 1.1.1.1 | 192.168.2.16 |
| Nov 1, 2024 13:40:07.813415051 CET | 53 | 62535 | 1.1.1.1 | 192.168.2.16 |
| Nov 1, 2024 13:40:08.615734100 CET | 49424 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:40:08.615928888 CET | 62995 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:40:08.622986078 CET | 53 | 62995 | 1.1.1.1 | 192.168.2.16 |
| Nov 1, 2024 13:40:08.623130083 CET | 53 | 49424 | 1.1.1.1 | 192.168.2.16 |
| Nov 1, 2024 13:40:17.661823034 CET | 53 | 57256 | 1.1.1.1 | 192.168.2.16 |
| Nov 1, 2024 13:40:36.377345085 CET | 53 | 64316 | 1.1.1.1 | 192.168.2.16 |
| Nov 1, 2024 13:40:44.339560032 CET | 57989 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:40:44.339746952 CET | 62817 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:40:46.911061049 CET | 54029 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:40:46.911186934 CET | 56687 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:40:56.605921984 CET | 56246 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:40:56.606096983 CET | 59244 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:40:56.631026983 CET | 53 | 54522 | 1.1.1.1 | 192.168.2.16 |
| Nov 1, 2024 13:40:58.900959969 CET | 53 | 64024 | 1.1.1.1 | 192.168.2.16 |
| Nov 1, 2024 13:40:59.364594936 CET | 53 | 57256 | 1.1.1.1 | 192.168.2.16 |
| Nov 1, 2024 13:41:09.549498081 CET | 138 | 138 | 192.168.2.16 | 192.168.2.255 |
| Nov 1, 2024 13:41:11.557904959 CET | 64661 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:41:11.558109045 CET | 55112 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:41:14.231152058 CET | 51244 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:41:14.231365919 CET | 53073 | 53 | 192.168.2.16 | 1.1.1.1 |
| Nov 1, 2024 13:41:27.767561913 CET | 53 | 54201 | 1.1.1.1 | 192.168.2.16 |
| Timestamp | Source IP | Dest IP | Checksum | Code | Type |
|---|---|---|---|---|---|
| Nov 1, 2024 13:40:00.367441893 CET | 192.168.2.16 | 1.1.1.1 | c273 | (Port unreachable) | Destination Unreachable |
| Nov 1, 2024 13:40:05.124016047 CET | 192.168.2.16 | 1.1.1.1 | c273 | (Port unreachable) | Destination Unreachable |
| Nov 1, 2024 13:40:56.631371975 CET | 192.168.2.16 | 1.1.1.1 | c281 | (Port unreachable) | Destination Unreachable |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Nov 1, 2024 13:40:00.319101095 CET | 192.168.2.16 | 1.1.1.1 | 0x90c8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 1, 2024 13:40:00.319233894 CET | 192.168.2.16 | 1.1.1.1 | 0x1802 | Standard query (0) | 65 | IN (0x0001) | false | |
| Nov 1, 2024 13:40:03.838757992 CET | 192.168.2.16 | 1.1.1.1 | 0x73b9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 1, 2024 13:40:03.838943005 CET | 192.168.2.16 | 1.1.1.1 | 0x4ec1 | Standard query (0) | 65 | IN (0x0001) | false | |
| Nov 1, 2024 13:40:04.229135036 CET | 192.168.2.16 | 1.1.1.1 | 0xb504 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 1, 2024 13:40:04.230096102 CET | 192.168.2.16 | 1.1.1.1 | 0x2121 | Standard query (0) | 65 | IN (0x0001) | false | |
| Nov 1, 2024 13:40:05.070424080 CET | 192.168.2.16 | 1.1.1.1 | 0x521d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 1, 2024 13:40:05.070585966 CET | 192.168.2.16 | 1.1.1.1 | 0xe2fa | Standard query (0) | 65 | IN (0x0001) | false | |
| Nov 1, 2024 13:40:05.072424889 CET | 192.168.2.16 | 1.1.1.1 | 0x3ef8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 1, 2024 13:40:05.072617054 CET | 192.168.2.16 | 1.1.1.1 | 0xf273 | Standard query (0) | 65 | IN (0x0001) | false | |
| Nov 1, 2024 13:40:07.806528091 CET | 192.168.2.16 | 1.1.1.1 | 0x2ece | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 1, 2024 13:40:07.806736946 CET | 192.168.2.16 | 1.1.1.1 | 0x252f | Standard query (0) | 65 | IN (0x0001) | false | |
| Nov 1, 2024 13:40:08.615734100 CET | 192.168.2.16 | 1.1.1.1 | 0x41db | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 1, 2024 13:40:08.615928888 CET | 192.168.2.16 | 1.1.1.1 | 0x266 | Standard query (0) | 65 | IN (0x0001) | false | |
| Nov 1, 2024 13:40:44.339560032 CET | 192.168.2.16 | 1.1.1.1 | 0xf604 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 1, 2024 13:40:44.339746952 CET | 192.168.2.16 | 1.1.1.1 | 0x24d | Standard query (0) | 65 | IN (0x0001) | false | |
| Nov 1, 2024 13:40:46.911061049 CET | 192.168.2.16 | 1.1.1.1 | 0x2144 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 1, 2024 13:40:46.911186934 CET | 192.168.2.16 | 1.1.1.1 | 0xe739 | Standard query (0) | 65 | IN (0x0001) | false | |
| Nov 1, 2024 13:40:56.605921984 CET | 192.168.2.16 | 1.1.1.1 | 0x70f1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 1, 2024 13:40:56.606096983 CET | 192.168.2.16 | 1.1.1.1 | 0x6fa9 | Standard query (0) | 65 | IN (0x0001) | false | |
| Nov 1, 2024 13:41:11.557904959 CET | 192.168.2.16 | 1.1.1.1 | 0xf59e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 1, 2024 13:41:11.558109045 CET | 192.168.2.16 | 1.1.1.1 | 0x80f0 | Standard query (0) | 65 | IN (0x0001) | false | |
| Nov 1, 2024 13:41:14.231152058 CET | 192.168.2.16 | 1.1.1.1 | 0x5dd2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 1, 2024 13:41:14.231365919 CET | 192.168.2.16 | 1.1.1.1 | 0x8e70 | Standard query (0) | 65 | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Nov 1, 2024 13:40:00.327078104 CET | 1.1.1.1 | 192.168.2.16 | 0x90c8 | No error (0) | eu.docusign.net.akadns.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:00.367382050 CET | 1.1.1.1 | 192.168.2.16 | 0x1802 | No error (0) | eu.docusign.net.akadns.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:03.846221924 CET | 1.1.1.1 | 192.168.2.16 | 0x73b9 | No error (0) | docucdn-a.akamaihd.net.edgesuite.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:03.846240997 CET | 1.1.1.1 | 192.168.2.16 | 0x4ec1 | No error (0) | docucdn-a.akamaihd.net.edgesuite.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:04.236274958 CET | 1.1.1.1 | 192.168.2.16 | 0xb504 | No error (0) | 172.217.18.100 | A (IP address) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:04.237669945 CET | 1.1.1.1 | 192.168.2.16 | 0x2121 | No error (0) | 65 | IN (0x0001) | false | |||
| Nov 1, 2024 13:40:05.077760935 CET | 1.1.1.1 | 192.168.2.16 | 0x521d | No error (0) | eu.docusign.net.akadns.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:05.079895973 CET | 1.1.1.1 | 192.168.2.16 | 0xf273 | No error (0) | docucdn-a.akamaihd.net.edgesuite.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:05.081362009 CET | 1.1.1.1 | 192.168.2.16 | 0x3ef8 | No error (0) | docucdn-a.akamaihd.net.edgesuite.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:05.123950958 CET | 1.1.1.1 | 192.168.2.16 | 0xe2fa | No error (0) | eu.docusign.net.akadns.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:07.813415051 CET | 1.1.1.1 | 192.168.2.16 | 0x2ece | No error (0) | 35.190.25.25 | A (IP address) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:07.813415051 CET | 1.1.1.1 | 192.168.2.16 | 0x2ece | No error (0) | 35.186.241.51 | A (IP address) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:07.813415051 CET | 1.1.1.1 | 192.168.2.16 | 0x2ece | No error (0) | 130.211.34.183 | A (IP address) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:07.813415051 CET | 1.1.1.1 | 192.168.2.16 | 0x2ece | No error (0) | 107.178.240.159 | A (IP address) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:08.623130083 CET | 1.1.1.1 | 192.168.2.16 | 0x41db | No error (0) | 130.211.34.183 | A (IP address) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:08.623130083 CET | 1.1.1.1 | 192.168.2.16 | 0x41db | No error (0) | 35.190.25.25 | A (IP address) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:08.623130083 CET | 1.1.1.1 | 192.168.2.16 | 0x41db | No error (0) | 35.186.241.51 | A (IP address) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:08.623130083 CET | 1.1.1.1 | 192.168.2.16 | 0x41db | No error (0) | 107.178.240.159 | A (IP address) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:44.363538027 CET | 1.1.1.1 | 192.168.2.16 | 0x24d | No error (0) | account-geo.docusign.com.akadns.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:44.366950989 CET | 1.1.1.1 | 192.168.2.16 | 0xf604 | No error (0) | account-geo.docusign.com.akadns.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:46.918311119 CET | 1.1.1.1 | 192.168.2.16 | 0xe739 | No error (0) | account-geo.docusign.com.akadns.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:46.918519020 CET | 1.1.1.1 | 192.168.2.16 | 0x2144 | No error (0) | account-geo.docusign.com.akadns.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:56.614475012 CET | 1.1.1.1 | 192.168.2.16 | 0x70f1 | No error (0) | docucdn-a.akamaihd.net.edgesuite.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Nov 1, 2024 13:40:56.631305933 CET | 1.1.1.1 | 192.168.2.16 | 0x6fa9 | No error (0) | docucdn-a.akamaihd.net.edgesuite.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Nov 1, 2024 13:41:11.578140974 CET | 1.1.1.1 | 192.168.2.16 | 0xf59e | No error (0) | telemetry-geo.docusign.net.akadns.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Nov 1, 2024 13:41:11.585494995 CET | 1.1.1.1 | 192.168.2.16 | 0x80f0 | No error (0) | telemetry-geo.docusign.net.akadns.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Nov 1, 2024 13:41:14.247240067 CET | 1.1.1.1 | 192.168.2.16 | 0x5dd2 | No error (0) | telemetry-geo.docusign.net.akadns.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Nov 1, 2024 13:41:14.250855923 CET | 1.1.1.1 | 192.168.2.16 | 0x8e70 | No error (0) | telemetry-geo.docusign.net.akadns.net | CNAME (Canonical name) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.16 | 49732 | 35.190.25.25 | 443 | 6956 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-01 12:40:08 UTC | 1161 | OUT | |
| 2024-11-01 12:40:08 UTC | 529 | IN | |
| 2024-11-01 12:40:08 UTC | 1 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.16 | 49733 | 130.211.34.183 | 443 | 6956 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-01 12:40:09 UTC | 957 | OUT | |
| 2024-11-01 12:40:09 UTC | 507 | IN | |
| 2024-11-01 12:40:09 UTC | 1 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.16 | 49735 | 20.109.210.53 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-01 12:40:10 UTC | 306 | OUT | |
| 2024-11-01 12:40:10 UTC | 560 | IN | |
| 2024-11-01 12:40:10 UTC | 15824 | IN | |
| 2024-11-01 12:40:10 UTC | 8666 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.16 | 49737 | 184.28.90.27 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-01 12:40:12 UTC | 161 | OUT | |
| 2024-11-01 12:40:12 UTC | 467 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.16 | 49738 | 184.28.90.27 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-01 12:40:13 UTC | 239 | OUT | |
| 2024-11-01 12:40:13 UTC | 515 | IN | |
| 2024-11-01 12:40:13 UTC | 55 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.16 | 49744 | 172.202.163.200 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-01 12:40:47 UTC | 306 | OUT | |
| 2024-11-01 12:40:47 UTC | 560 | IN | |
| 2024-11-01 12:40:47 UTC | 15824 | IN | |
| 2024-11-01 12:40:47 UTC | 14181 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
| Target ID: | 0 |
| Start time: | 08:39:57 |
| Start date: | 01/11/2024 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7f9810000 |
| File size: | 3'242'272 bytes |
| MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
| Target ID: | 1 |
| Start time: | 08:39:58 |
| Start date: | 01/11/2024 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7f9810000 |
| File size: | 3'242'272 bytes |
| MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
| Target ID: | 2 |
| Start time: | 08:39:59 |
| Start date: | 01/11/2024 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7f9810000 |
| File size: | 3'242'272 bytes |
| MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
⊘No disassembly