Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://docsend.com/ramaish

Overview

General Information

Sample URL:https://docsend.com/ramaish
Analysis ID:1637947
Infos:
Errors
  • URL not reachable

Detection

Score:0
Range:0 - 100
Confidence:60%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6856 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 5472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2152,i,11634977177076177542,5902768003406515555,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2176 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 7512 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2152,i,11634977177076177542,5902768003406515555,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4972 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 7716 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://docsend.com/ramaish" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.163
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: docsend.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: classification engineClassification label: unknown0.win@23/0@4/3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2152,i,11634977177076177542,5902768003406515555,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2176 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2152,i,11634977177076177542,5902768003406515555,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4972 /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://docsend.com/ramaish"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2152,i,11634977177076177542,5902768003406515555,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2176 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2152,i,11634977177076177542,5902768003406515555,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4972 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1637947 URL: https://docsend.com/ramaish Startdate: 14/03/2025 Architecture: WINDOWS Score: 0 5 chrome.exe 2->5         started        8 chrome.exe 2->8         started        dnsIp3 15 192.168.2.5, 443, 49711, 49722 unknown unknown 5->15 10 chrome.exe 5->10         started        13 chrome.exe 5->13         started        process4 dnsIp5 17 docsend.com 18.173.205.62, 443, 49752, 49753 MIT-GATEWAYSUS United States 10->17 19 www.google.com 142.250.186.100, 443, 49748, 49749 GOOGLEUS United States 10->19

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://docsend.com/ramaish0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.250.186.100
truefalse
    		high
    docsend.com
    		18.173.205.62
    		truefalse
      		high

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      142.250.186.100
      		www.google.comUnited States
      		15169GOOGLEUSfalse
      18.173.205.62
      		docsend.comUnited States
      		3MIT-GATEWAYSUSfalse

      Private

      IP
      192.168.2.5

      General Information

      Joe Sandbox version:42.0.0 Malachite
      Analysis ID:1637947
      Start date and time:2025-03-14 01:27:33 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 1m 56s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:browseurl.jbs
      Sample URL:https://docsend.com/ramaish
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:13
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:UNKNOWN
      Classification:unknown0.win@23/0@4/3
      EGA Information:Failed
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 0
      • Number of non-executed functions: 0
      Cookbook Comments:
      • URL browsing timeout or error
      • URL not reachable
      • Exclude process from analysis (whitelisted): SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 199.232.210.172, 172.217.16.206, 142.250.186.131, 142.250.185.206, 108.177.15.84
      • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
      • Not all processes where analyzed, report is missing behavior information
      • Report size getting too big, too many NtOpenFile calls found.
      • VT rate limit hit for: https://docsend.com/ramaish

      Simulations

      Behavior and APIs

      No simulations

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASNs

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      No created / dropped files found

      Static File Info

      No static file info

      Network Behavior

      Download Network PCAP: filteredfull

      Network Port Distribution

      • Total Packets: 180
      • 443 (HTTPS)
      • 80 (HTTP)
      • 53 (DNS)
      TimestampSource PortDest PortSource IPDest IP
      Mar 14, 2025 01:28:17.974025965 CET49722443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:17.974054098 CET443497222.19.122.30192.168.2.5
      Mar 14, 2025 01:28:17.974128008 CET49722443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:17.974364996 CET49722443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:17.974380970 CET443497222.19.122.30192.168.2.5
      Mar 14, 2025 01:28:17.975138903 CET443497222.19.122.30192.168.2.5
      Mar 14, 2025 01:28:17.975429058 CET49723443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:17.975461960 CET443497232.19.122.30192.168.2.5
      Mar 14, 2025 01:28:17.975521088 CET49723443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:17.975699902 CET49723443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:17.975713968 CET443497232.19.122.30192.168.2.5
      Mar 14, 2025 01:28:17.976294041 CET443497232.19.122.30192.168.2.5
      Mar 14, 2025 01:28:17.976550102 CET49724443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:17.976592064 CET443497242.19.122.30192.168.2.5
      Mar 14, 2025 01:28:17.976651907 CET49724443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:17.976696014 CET49724443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:17.976718903 CET443497242.19.122.30192.168.2.5
      Mar 14, 2025 01:28:17.976768970 CET49724443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:18.167409897 CET8049711142.250.185.163192.168.2.5
      Mar 14, 2025 01:28:18.172424078 CET4971180192.168.2.5142.250.185.163
      Mar 14, 2025 01:28:18.177201986 CET8049711142.250.185.163192.168.2.5
      Mar 14, 2025 01:28:18.351084948 CET8049711142.250.185.163192.168.2.5
      Mar 14, 2025 01:28:18.404766083 CET4971180192.168.2.5142.250.185.163
      Mar 14, 2025 01:28:19.264138937 CET49672443192.168.2.5204.79.197.203
      Mar 14, 2025 01:28:20.776164055 CET49726443192.168.2.523.60.203.209
      Mar 14, 2025 01:28:20.776185036 CET4434972623.60.203.209192.168.2.5
      Mar 14, 2025 01:28:20.776252031 CET49726443192.168.2.523.60.203.209
      Mar 14, 2025 01:28:20.776892900 CET49726443192.168.2.523.60.203.209
      Mar 14, 2025 01:28:20.776905060 CET4434972623.60.203.209192.168.2.5
      Mar 14, 2025 01:28:20.778616905 CET4434972623.60.203.209192.168.2.5
      Mar 14, 2025 01:28:20.779329062 CET49727443192.168.2.523.60.203.209
      Mar 14, 2025 01:28:20.779367924 CET4434972723.60.203.209192.168.2.5
      Mar 14, 2025 01:28:20.779448032 CET49727443192.168.2.523.60.203.209
      Mar 14, 2025 01:28:20.779772997 CET49727443192.168.2.523.60.203.209
      Mar 14, 2025 01:28:20.779783964 CET4434972723.60.203.209192.168.2.5
      Mar 14, 2025 01:28:20.781311989 CET4434972723.60.203.209192.168.2.5
      Mar 14, 2025 01:28:20.781618118 CET49728443192.168.2.523.60.203.209
      Mar 14, 2025 01:28:20.781634092 CET4434972823.60.203.209192.168.2.5
      Mar 14, 2025 01:28:20.781692028 CET49728443192.168.2.523.60.203.209
      Mar 14, 2025 01:28:20.782941103 CET49728443192.168.2.523.60.203.209
      Mar 14, 2025 01:28:20.783001900 CET4434972823.60.203.209192.168.2.5
      Mar 14, 2025 01:28:20.783066034 CET49728443192.168.2.523.60.203.209
      Mar 14, 2025 01:28:24.076730967 CET49672443192.168.2.5204.79.197.203
      Mar 14, 2025 01:28:25.568849087 CET49676443192.168.2.520.189.173.14
      Mar 14, 2025 01:28:25.873502970 CET49676443192.168.2.520.189.173.14
      Mar 14, 2025 01:28:26.444757938 CET49729443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:26.444812059 CET443497292.19.122.30192.168.2.5
      Mar 14, 2025 01:28:26.444881916 CET49729443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:26.445254087 CET49729443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:26.445267916 CET443497292.19.122.30192.168.2.5
      Mar 14, 2025 01:28:26.446099043 CET443497292.19.122.30192.168.2.5
      Mar 14, 2025 01:28:26.446896076 CET49730443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:26.446938992 CET443497302.19.122.30192.168.2.5
      Mar 14, 2025 01:28:26.447007895 CET49730443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:26.447617054 CET49730443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:26.447632074 CET443497302.19.122.30192.168.2.5
      Mar 14, 2025 01:28:26.448165894 CET443497302.19.122.30192.168.2.5
      Mar 14, 2025 01:28:26.448854923 CET49731443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:26.448894024 CET443497312.19.122.30192.168.2.5
      Mar 14, 2025 01:28:26.448955059 CET49731443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:26.449031115 CET49731443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:26.449064016 CET443497312.19.122.30192.168.2.5
      Mar 14, 2025 01:28:26.449117899 CET49731443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:26.454957962 CET49732443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:26.455005884 CET443497322.19.122.30192.168.2.5
      Mar 14, 2025 01:28:26.455080032 CET49732443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:26.455334902 CET49732443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:26.455351114 CET443497322.19.122.30192.168.2.5
      Mar 14, 2025 01:28:26.455909967 CET443497322.19.122.30192.168.2.5
      Mar 14, 2025 01:28:26.456219912 CET49733443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:26.456233978 CET443497332.19.122.30192.168.2.5
      Mar 14, 2025 01:28:26.456296921 CET49733443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:26.456722975 CET49733443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:26.456737041 CET443497332.19.122.30192.168.2.5
      Mar 14, 2025 01:28:26.457328081 CET443497332.19.122.30192.168.2.5
      Mar 14, 2025 01:28:26.457860947 CET49734443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:26.457881927 CET443497342.19.122.30192.168.2.5
      Mar 14, 2025 01:28:26.457941055 CET49734443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:26.458153009 CET49734443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:26.458188057 CET443497342.19.122.30192.168.2.5
      Mar 14, 2025 01:28:26.458235979 CET49734443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:26.482892036 CET49676443192.168.2.520.189.173.14
      Mar 14, 2025 01:28:27.686341047 CET49676443192.168.2.520.189.173.14
      Mar 14, 2025 01:28:30.093017101 CET49676443192.168.2.520.189.173.14
      Mar 14, 2025 01:28:32.069859028 CET49748443192.168.2.5142.250.186.100
      Mar 14, 2025 01:28:32.069905996 CET44349748142.250.186.100192.168.2.5
      Mar 14, 2025 01:28:32.069966078 CET49748443192.168.2.5142.250.186.100
      Mar 14, 2025 01:28:32.070288897 CET49748443192.168.2.5142.250.186.100
      Mar 14, 2025 01:28:32.070307016 CET44349748142.250.186.100192.168.2.5
      Mar 14, 2025 01:28:32.270606041 CET44349748142.250.186.100192.168.2.5
      Mar 14, 2025 01:28:32.273384094 CET49749443192.168.2.5142.250.186.100
      Mar 14, 2025 01:28:32.273426056 CET44349749142.250.186.100192.168.2.5
      Mar 14, 2025 01:28:32.273603916 CET49749443192.168.2.5142.250.186.100
      Mar 14, 2025 01:28:32.273838043 CET49749443192.168.2.5142.250.186.100
      Mar 14, 2025 01:28:32.273859024 CET44349749142.250.186.100192.168.2.5
      Mar 14, 2025 01:28:32.473089933 CET44349749142.250.186.100192.168.2.5
      Mar 14, 2025 01:28:32.916800022 CET49752443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:32.916853905 CET4434975218.173.205.62192.168.2.5
      Mar 14, 2025 01:28:32.917020082 CET49752443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:32.917736053 CET49752443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:32.917742968 CET49753443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:32.917752028 CET4434975218.173.205.62192.168.2.5
      Mar 14, 2025 01:28:32.917787075 CET4434975318.173.205.62192.168.2.5
      Mar 14, 2025 01:28:32.920372963 CET49753443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:32.924011946 CET49753443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:32.924034119 CET4434975318.173.205.62192.168.2.5
      Mar 14, 2025 01:28:33.117008924 CET4434975218.173.205.62192.168.2.5
      Mar 14, 2025 01:28:33.117815971 CET49754443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:33.117877960 CET4434975418.173.205.62192.168.2.5
      Mar 14, 2025 01:28:33.118015051 CET49754443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:33.118431091 CET49754443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:33.118458986 CET4434975418.173.205.62192.168.2.5
      Mar 14, 2025 01:28:33.121419907 CET4434975318.173.205.62192.168.2.5
      Mar 14, 2025 01:28:33.121855021 CET49755443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:33.121906996 CET4434975518.173.205.62192.168.2.5
      Mar 14, 2025 01:28:33.122035980 CET49755443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:33.122561932 CET49755443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:33.122575998 CET4434975518.173.205.62192.168.2.5
      Mar 14, 2025 01:28:33.317874908 CET4434975418.173.205.62192.168.2.5
      Mar 14, 2025 01:28:33.321079016 CET4434975518.173.205.62192.168.2.5
      Mar 14, 2025 01:28:33.688083887 CET49672443192.168.2.5204.79.197.203
      Mar 14, 2025 01:28:34.352601051 CET49758443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:34.352659941 CET4434975818.173.205.62192.168.2.5
      Mar 14, 2025 01:28:34.352854013 CET49758443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:34.353049994 CET49759443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:34.353096008 CET4434975918.173.205.62192.168.2.5
      Mar 14, 2025 01:28:34.353157997 CET49759443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:34.353481054 CET49758443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:34.353496075 CET4434975818.173.205.62192.168.2.5
      Mar 14, 2025 01:28:34.353818893 CET49759443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:34.353832006 CET4434975918.173.205.62192.168.2.5
      Mar 14, 2025 01:28:34.553009987 CET4434975818.173.205.62192.168.2.5
      Mar 14, 2025 01:28:34.553215027 CET4434975918.173.205.62192.168.2.5
      Mar 14, 2025 01:28:34.553505898 CET49761443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:34.553534985 CET4434976118.173.205.62192.168.2.5
      Mar 14, 2025 01:28:34.553792953 CET49761443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:34.553863049 CET49762443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:34.553894043 CET4434976218.173.205.62192.168.2.5
      Mar 14, 2025 01:28:34.553967953 CET49762443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:34.554183006 CET49761443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:34.554195881 CET4434976118.173.205.62192.168.2.5
      Mar 14, 2025 01:28:34.554419041 CET49762443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:34.554434061 CET4434976218.173.205.62192.168.2.5
      Mar 14, 2025 01:28:34.753622055 CET4434976218.173.205.62192.168.2.5
      Mar 14, 2025 01:28:34.753779888 CET4434976118.173.205.62192.168.2.5
      Mar 14, 2025 01:28:34.895399094 CET49676443192.168.2.520.189.173.14
      Mar 14, 2025 01:28:36.441334009 CET49763443192.168.2.5142.250.186.100
      Mar 14, 2025 01:28:36.441386938 CET44349763142.250.186.100192.168.2.5
      Mar 14, 2025 01:28:36.441469908 CET49763443192.168.2.5142.250.186.100
      Mar 14, 2025 01:28:36.441827059 CET49763443192.168.2.5142.250.186.100
      Mar 14, 2025 01:28:36.441842079 CET44349763142.250.186.100192.168.2.5
      Mar 14, 2025 01:28:36.641606092 CET44349763142.250.186.100192.168.2.5
      Mar 14, 2025 01:28:36.642245054 CET49764443192.168.2.5142.250.186.100
      Mar 14, 2025 01:28:36.642287016 CET44349764142.250.186.100192.168.2.5
      Mar 14, 2025 01:28:36.642364979 CET49764443192.168.2.5142.250.186.100
      Mar 14, 2025 01:28:36.642627001 CET49764443192.168.2.5142.250.186.100
      Mar 14, 2025 01:28:36.642641068 CET44349764142.250.186.100192.168.2.5
      Mar 14, 2025 01:28:36.841955900 CET44349764142.250.186.100192.168.2.5
      Mar 14, 2025 01:28:39.773322105 CET49765443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:39.773375988 CET4434976518.173.205.62192.168.2.5
      Mar 14, 2025 01:28:39.773458958 CET49765443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:39.773639917 CET49766443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:39.773683071 CET4434976618.173.205.62192.168.2.5
      Mar 14, 2025 01:28:39.774099112 CET49765443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:39.774116993 CET4434976518.173.205.62192.168.2.5
      Mar 14, 2025 01:28:39.774128914 CET49766443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:39.774382114 CET49766443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:39.774396896 CET4434976618.173.205.62192.168.2.5
      Mar 14, 2025 01:28:39.973026037 CET4434976618.173.205.62192.168.2.5
      Mar 14, 2025 01:28:39.973077059 CET4434976518.173.205.62192.168.2.5
      Mar 14, 2025 01:28:39.973587036 CET49767443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:39.973617077 CET4434976718.173.205.62192.168.2.5
      Mar 14, 2025 01:28:39.973671913 CET49767443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:39.974014044 CET49768443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:39.974059105 CET4434976818.173.205.62192.168.2.5
      Mar 14, 2025 01:28:39.974114895 CET49768443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:39.974376917 CET49767443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:39.974387884 CET4434976718.173.205.62192.168.2.5
      Mar 14, 2025 01:28:39.974652052 CET49768443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:39.974668026 CET4434976818.173.205.62192.168.2.5
      Mar 14, 2025 01:28:40.172930002 CET4434976818.173.205.62192.168.2.5
      Mar 14, 2025 01:28:40.172936916 CET4434976718.173.205.62192.168.2.5
      Mar 14, 2025 01:28:40.431571007 CET49769443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.431617022 CET4434976920.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.431699038 CET49769443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.433114052 CET49769443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.433129072 CET4434976920.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.433707952 CET4434976920.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.447829962 CET49770443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.447865963 CET4434977020.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.447931051 CET49770443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.448180914 CET49770443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.448194981 CET4434977020.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.448561907 CET4434977020.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.491178036 CET49771443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.491215944 CET4434977120.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.491280079 CET49771443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.491867065 CET49771443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.491880894 CET4434977120.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.492337942 CET4434977120.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.515757084 CET49772443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.515774965 CET4434977220.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.515840054 CET49772443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.516112089 CET49772443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.516119957 CET4434977220.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.516488075 CET4434977220.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.565102100 CET49773443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.565129995 CET4434977320.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.565201998 CET49773443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.565622091 CET49773443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.565635920 CET4434977320.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.566021919 CET4434977320.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.590818882 CET49774443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.590866089 CET4434977420.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.590933084 CET49774443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.591305971 CET49774443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.591321945 CET4434977420.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.591634035 CET4434977420.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.627109051 CET49775443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.627125978 CET4434977520.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.627188921 CET49775443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.627475977 CET49775443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.627485991 CET4434977520.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.627851963 CET4434977520.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.650974989 CET49776443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.651005030 CET4434977620.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.651074886 CET49776443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.651398897 CET49776443192.168.2.520.109.210.53
      Mar 14, 2025 01:28:40.651411057 CET4434977620.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.651734114 CET4434977620.109.210.53192.168.2.5
      Mar 14, 2025 01:28:40.810019970 CET49777443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.810034037 CET443497772.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.810116053 CET49777443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.810368061 CET49777443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.810384989 CET443497772.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.810842991 CET443497772.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.811161041 CET49778443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.811201096 CET443497782.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.811271906 CET49778443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.811456919 CET49778443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.811471939 CET443497782.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.811836958 CET443497782.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.812112093 CET49779443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.812146902 CET443497792.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.812208891 CET49779443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.812252045 CET49779443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.812278986 CET443497792.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.812329054 CET49779443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.819346905 CET49780443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.819386959 CET443497802.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.819463968 CET49780443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.819693089 CET49780443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.819706917 CET443497802.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.820102930 CET443497802.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.820502996 CET49781443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.820512056 CET443497812.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.820574999 CET49781443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.820842981 CET49781443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.820852995 CET443497812.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.821212053 CET443497812.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.821541071 CET49782443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.821552038 CET443497822.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.821621895 CET49782443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.821691036 CET49782443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.821717978 CET443497822.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.821764946 CET49782443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.889178038 CET49783443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.889204979 CET443497832.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.889269114 CET49783443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.889509916 CET49783443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.889523983 CET443497832.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.889857054 CET443497832.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.890937090 CET49784443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.890952110 CET443497842.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.891014099 CET49784443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.891258955 CET49784443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.891267061 CET443497842.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.891582012 CET443497842.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.892985106 CET49785443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.893013954 CET443497852.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.893078089 CET49785443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.893124104 CET49785443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.893142939 CET443497852.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.893188000 CET49785443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.900149107 CET49786443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.900171995 CET443497862.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.900232077 CET49786443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.900548935 CET49786443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.900563002 CET443497862.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.900913000 CET443497862.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.901295900 CET49787443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.901310921 CET443497872.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.901362896 CET49787443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.901561022 CET49787443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.901572943 CET443497872.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.901901960 CET443497872.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.904495955 CET49788443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.904509068 CET443497882.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.904567957 CET49788443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.904671907 CET49788443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:40.904690981 CET443497882.19.122.30192.168.2.5
      Mar 14, 2025 01:28:40.904731989 CET49788443192.168.2.52.19.122.30
      Mar 14, 2025 01:28:44.499455929 CET49676443192.168.2.520.189.173.14
      Mar 14, 2025 01:28:48.325160027 CET49793443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:48.325202942 CET4434979318.173.205.62192.168.2.5
      Mar 14, 2025 01:28:48.325284958 CET49793443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:48.325860977 CET49793443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:48.325877905 CET4434979318.173.205.62192.168.2.5
      Mar 14, 2025 01:28:48.330945969 CET49794443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:48.330971956 CET4434979418.173.205.62192.168.2.5
      Mar 14, 2025 01:28:48.331039906 CET49794443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:48.331449986 CET49794443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:48.331464052 CET4434979418.173.205.62192.168.2.5
      Mar 14, 2025 01:28:48.525954008 CET4434979318.173.205.62192.168.2.5
      Mar 14, 2025 01:28:48.526484966 CET49795443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:48.526504993 CET4434979518.173.205.62192.168.2.5
      Mar 14, 2025 01:28:48.526581049 CET49795443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:48.526930094 CET49795443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:48.526945114 CET4434979518.173.205.62192.168.2.5
      Mar 14, 2025 01:28:48.530088902 CET4434979418.173.205.62192.168.2.5
      Mar 14, 2025 01:28:48.530518055 CET49796443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:48.530554056 CET4434979618.173.205.62192.168.2.5
      Mar 14, 2025 01:28:48.530627012 CET49796443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:48.531388044 CET49796443192.168.2.518.173.205.62
      Mar 14, 2025 01:28:48.531408072 CET4434979618.173.205.62192.168.2.5
      Mar 14, 2025 01:28:48.724965096 CET4434979518.173.205.62192.168.2.5
      Mar 14, 2025 01:28:48.730375051 CET4434979618.173.205.62192.168.2.5
      TimestampSource PortDest PortSource IPDest IP
      Mar 14, 2025 01:28:27.594611883 CET53619551.1.1.1192.168.2.5
      Mar 14, 2025 01:28:27.789798021 CET53621881.1.1.1192.168.2.5
      Mar 14, 2025 01:28:32.062174082 CET5322453192.168.2.51.1.1.1
      Mar 14, 2025 01:28:32.062174082 CET4981453192.168.2.51.1.1.1
      Mar 14, 2025 01:28:32.068860054 CET53532241.1.1.1192.168.2.5
      Mar 14, 2025 01:28:32.068993092 CET53498141.1.1.1192.168.2.5
      Mar 14, 2025 01:28:32.897574902 CET5112053192.168.2.51.1.1.1
      Mar 14, 2025 01:28:32.897574902 CET6234253192.168.2.51.1.1.1
      Mar 14, 2025 01:28:32.904639959 CET53511201.1.1.1192.168.2.5
      Mar 14, 2025 01:28:32.916043997 CET53623421.1.1.1192.168.2.5

      DNS Queries

      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Mar 14, 2025 01:28:32.062174082 CET192.168.2.51.1.1.10xb680Standard query (0)www.google.comA (IP address)IN (0x0001)false
      Mar 14, 2025 01:28:32.062174082 CET192.168.2.51.1.1.10x55dbStandard query (0)www.google.com65IN (0x0001)false
      Mar 14, 2025 01:28:32.897574902 CET192.168.2.51.1.1.10x39ceStandard query (0)docsend.comA (IP address)IN (0x0001)false
      Mar 14, 2025 01:28:32.897574902 CET192.168.2.51.1.1.10x4335Standard query (0)docsend.com65IN (0x0001)false

      DNS Answers

      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Mar 14, 2025 01:28:32.068860054 CET1.1.1.1192.168.2.50xb680No error (0)www.google.com142.250.186.100A (IP address)IN (0x0001)false
      Mar 14, 2025 01:28:32.068993092 CET1.1.1.1192.168.2.50x55dbNo error (0)www.google.com65IN (0x0001)false
      Mar 14, 2025 01:28:32.904639959 CET1.1.1.1192.168.2.50x39ceNo error (0)docsend.com18.173.205.62A (IP address)IN (0x0001)false
      Mar 14, 2025 01:28:32.904639959 CET1.1.1.1192.168.2.50x39ceNo error (0)docsend.com18.173.205.86A (IP address)IN (0x0001)false
      Mar 14, 2025 01:28:32.904639959 CET1.1.1.1192.168.2.50x39ceNo error (0)docsend.com18.173.205.125A (IP address)IN (0x0001)false
      Mar 14, 2025 01:28:32.904639959 CET1.1.1.1192.168.2.50x39ceNo error (0)docsend.com18.173.205.79A (IP address)IN (0x0001)false

      HTTP Request Dependency Graph

      • c.pki.goog

      HTTP Packets

      Session IDSource IPSource PortDestination IPDestination Port
      0192.168.2.549711142.250.185.16380
      TimestampBytes transferredDirectionData
      Mar 14, 2025 01:28:18.167409897 CET223INHTTP/1.1 304 Not Modified
      Date: Thu, 13 Mar 2025 23:50:02 GMT
      Expires: Fri, 14 Mar 2025 00:40:02 GMT
      Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
      Cache-Control: public, max-age=3000
      Vary: Accept-Encoding
      Age: 2296
      Mar 14, 2025 01:28:18.172424078 CET200OUTGET /r/r4.crl HTTP/1.1
      Cache-Control: max-age = 3000
      Connection: Keep-Alive
      Accept: */*
      If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
      User-Agent: Microsoft-CryptoAPI/10.0
      Host: c.pki.goog
      Mar 14, 2025 01:28:18.351084948 CET223INHTTP/1.1 304 Not Modified
      Date: Thu, 13 Mar 2025 23:50:17 GMT
      Expires: Fri, 14 Mar 2025 00:40:17 GMT
      Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
      Cache-Control: public, max-age=3000
      Vary: Accept-Encoding
      Age: 2281


      Statistics

      CPU Usage

      01020s020406080100

      Click to jump to process

      Memory Usage

      Click to jump to process

      Behavior

      Click to jump to process

      System Behavior

      General

      Target ID:0
      Start time:20:28:21
      Start date:13/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Imagebase:0x7ff7eea10000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false
      Show Windows behavior

      File Activities

      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      Show Windows behavior

      Process Activities

      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      Show Windows behavior

      Memory Activities

      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      Show Windows behavior

      Process Token Activities


      General

      Target ID:3
      Start time:20:28:25
      Start date:13/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2152,i,11634977177076177542,5902768003406515555,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2176 /prefetch:3
      Imagebase:0x7ff7eea10000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false
      Show Windows behavior

      File Activities

      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      Show Windows behavior

      Memory Activities

      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

      General

      Target ID:7
      Start time:20:28:28
      Start date:13/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2152,i,11634977177076177542,5902768003406515555,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4972 /prefetch:8
      Imagebase:0x7ff7eea10000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false
      Show Windows behavior

      File Activities

      Show Windows behavior

      Memory Activities


      General

      Target ID:10
      Start time:20:28:31
      Start date:13/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://docsend.com/ramaish"
      Imagebase:0x7ff7eea10000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:true
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

      Disassembly

      No disassembly