Edit tour

Windows Analysis Report
original (3).eml

Overview

General Information

Sample name:	original (3).eml
Analysis ID:	1467272
MD5:	8d76f9f95d7346c886503af3f774cf1a
SHA1:	13aa40ba54e9776e22b14e16b2d09e796218885e
SHA256:	f0847d37e306f5fd2b2c0115732a9e49222ffd810c8b6a57ea41e188a1ef8d0e
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Sigma detected: Suspicious Office Outbound Connections

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 7112 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\original (3).eml" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 6276 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "F6594241-FCF2-4735-8AED-9AEE22C9A711" "AFD1C963-6D43-4C03-9FA5-ECE8DCB49D5E" "7112" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

chrome.exe (PID: 6632 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.clover.com/checkout/0552f742-a361-4d4b-a3ae-90d09d1e75d2 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6792 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2024,i,8583603568419811748,7210310975597614668,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Sigma Signatures

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7112, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Sigma detected: Suspicious Office Outbound Connections

Source: Network Connection

Author: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.16, DestinationIsIpv6: false, DestinationPort: 49708, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, Initiated: true, ProcessId: 7112, Protocol: tcp, SourceIp: 166.73.4.197, SourceIsIpv6: false, SourcePort: 443

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://checkout.clover.com/widget.html?baseOrigin=https%3A%2F%2Fcheckout.clover.com&element=CARD_POSTAL_CODE&origin=https%3A%2F%2Fwww.clover.com&apiKey=bc22012281f7c86f7aa9b5c865b718c0&mId=TFBPCD63SEK91&styles=%7B%22.hydrated%22%3A%7B%22display%22%3A%22block%22%2C%22height%22%3A%222em%22%2C%22overflow%22%3A%22hidden%22%7D%2C%22input%22%3A%7B%22backgroundColor%22%3A%22transparent%22%2C%22boxShadow%22%3A%22none%22%2C%22fontSize%22%3A%2215px%22%2C%22height%22%3A%221.2em%22%2C%22width%22%3A%22100%25%22%7D%2C%22img%22%3A%7B%22height%22%3A%221.2em%20!important%22%2C%22width%22%3A%221.8em%22%7D%7D&locale=en	HTTP Parser: No favicon
Source: https://checkout.clover.com/widget.html?baseOrigin=https%3A%2F%2Fcheckout.clover.com&element=CARD_CVV&origin=https%3A%2F%2Fwww.clover.com&apiKey=bc22012281f7c86f7aa9b5c865b718c0&mId=TFBPCD63SEK91&styles=%7B%22.hydrated%22%3A%7B%22display%22%3A%22block%22%2C%22height%22%3A%222em%22%2C%22overflow%22%3A%22hidden%22%7D%2C%22input%22%3A%7B%22backgroundColor%22%3A%22transparent%22%2C%22boxShadow%22%3A%22none%22%2C%22fontSize%22%3A%2215px%22%2C%22height%22%3A%221.2em%22%2C%22width%22%3A%22100%25%22%7D%2C%22img%22%3A%7B%22height%22%3A%221.2em%20!important%22%2C%22width%22%3A%221.8em%22%7D%7D&locale=en	HTTP Parser: No favicon
Source: https://checkout.clover.com/widget.html?baseOrigin=https%3A%2F%2Fcheckout.clover.com&element=CARD_NUMBER&origin=https%3A%2F%2Fwww.clover.com&apiKey=bc22012281f7c86f7aa9b5c865b718c0&mId=TFBPCD63SEK91&styles=%7B%22.hydrated%22%3A%7B%22display%22%3A%22block%22%2C%22height%22%3A%222em%22%2C%22overflow%22%3A%22hidden%22%7D%2C%22input%22%3A%7B%22backgroundColor%22%3A%22transparent%22%2C%22boxShadow%22%3A%22none%22%2C%22fontSize%22%3A%2215px%22%2C%22height%22%3A%221.2em%22%2C%22width%22%3A%22100%25%22%7D%2C%22img%22%3A%7B%22height%22%3A%221.2em%20!important%22%2C%22width%22%3A%221.8em%22%7D%7D&locale=en	HTTP Parser: No favicon
Source: https://checkout.clover.com/widget.html?baseOrigin=https%3A%2F%2Fcheckout.clover.com&element=CARD_DATE&origin=https%3A%2F%2Fwww.clover.com&apiKey=bc22012281f7c86f7aa9b5c865b718c0&mId=TFBPCD63SEK91&styles=%7B%22.hydrated%22%3A%7B%22display%22%3A%22block%22%2C%22height%22%3A%222em%22%2C%22overflow%22%3A%22hidden%22%7D%2C%22input%22%3A%7B%22backgroundColor%22%3A%22transparent%22%2C%22boxShadow%22%3A%22none%22%2C%22fontSize%22%3A%2215px%22%2C%22height%22%3A%221.2em%22%2C%22width%22%3A%22100%25%22%7D%2C%22img%22%3A%7B%22height%22%3A%221.2em%20!important%22%2C%22width%22%3A%221.8em%22%7D%7D&locale=en	HTTP Parser: No favicon
Source: https://checkout.clover.com/widget.html?baseOrigin=https%3A%2F%2Fcheckout.clover.com&element=INTERMEDIATE&origin=https%3A%2F%2Fwww.clover.com&apiKey=bc22012281f7c86f7aa9b5c865b718c0&mId=TFBPCD63SEK91&locale=en	HTTP Parser: No favicon
Source: https://checkout.clover.com/widget.html?baseOrigin=https%3A%2F%2Fcheckout.clover.com&element=PAYMENT_REQUEST_BUTTON&origin=https%3A%2F%2Fwww.clover.com&apiKey=bc22012281f7c86f7aa9b5c865b718c0&mId=TFBPCD63SEK91&styles=%7B%7D&paymentRequest=%7B%22total%22%3A%7B%22label%22%3A%22Clover%20checkout%22%2C%22amount%22%3A25750%7D%2C%22merchantHostname%22%3A%22www.clover.com%22%7D&locale=en	HTTP Parser: No favicon
Source: https://checkout.clover.com/widget.html?baseOrigin=https%3A%2F%2Fcheckout.clover.com&element=PAYMENT_REQUEST_BUTTON&origin=https%3A%2F%2Fwww.clover.com&apiKey=bc22012281f7c86f7aa9b5c865b718c0&mId=TFBPCD63SEK91&styles=%7B%7D&paymentRequest=%7B%22total%22%3A%7B%22label%22%3A%22Clover%20checkout%22%2C%22amount%22%3A25750%7D%2C%22merchantHostname%22%3A%22www.clover.com%22%7D&locale=en	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcvpW0nAAAAAMdjeor9kycixdFzk33K1G_hmOM_&co=aHR0cHM6Ly93d3cuY2xvdmVyLmNvbTo0NDM.&hl=en&type=image&v=rKbTvxTxwcw5VqzrtN-ICwWt&theme=light&size=invisible&badge=bottomright&cb=82nue22mxl4z	HTTP Parser: No favicon
Source: https://pay.google.com/gp/p/generate_gpay_btn_img?buttonColor=default&browserLocale=en&hl=en&buttonSizeMode=fill&enableGpayNewButtonAsset=false&gpayButtonVariantType=1&gpayButtonType=long	HTTP Parser: No favicon
Source: https://pay.google.com/gp/p/generate_gpay_btn_img?buttonColor=default&browserLocale=en&hl=en&buttonSizeMode=fill&enableGpayNewButtonAsset=false&gpayButtonVariantType=1&gpayButtonType=long	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&k=6LcvpW0nAAAAAMdjeor9kycixdFzk33K1G_hmOM_	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&k=6LcvpW0nAAAAAMdjeor9kycixdFzk33K1G_hmOM_	HTTP Parser: No favicon
Source: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fcheckout.clover.com&mid=	HTTP Parser: No favicon
Source: https://checkout.clover.com/widget.html?baseOrigin=https%3A%2F%2Fcheckout.clover.com&element=PAYMENT_REQUEST_BUTTON&origin=https%3A%2F%2Fwww.clover.com&apiKey=bc22012281f7c86f7aa9b5c865b718c0&mId=TFBPCD63SEK91&styles=%7B%7D&paymentRequest=%7B%22total%22%3A%7B%22label%22%3A%22Clover%20checkout%22%2C%22amount%22%3A25750%7D%2C%22merchantHostname%22%3A%22www.clover.com%22%7D&locale=en	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 166.73.4.197:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.89.115.147:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49866 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26

Source: global traffic	DNS traffic detected: DNS query: www.clover.com
Source: global traffic	DNS traffic detected: DNS query: u17060778.ct.sendgrid.net
Source: global traffic	DNS traffic detected: DNS query: cloverstatic.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: checkout.clover.com
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: pay.google.com
Source: global traffic	DNS traffic detected: DNS query: api.clover.com
Source: global traffic	DNS traffic detected: DNS query: pay.sandbox.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 166.73.4.197:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.89.115.147:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49866 version: TLS 1.2

Source: classification engine

Classification label: clean2.winEML@26/16@42/342