Edit tour

Windows Analysis Report
phish_alert_iocp_v1.4.48 (43).eml

Overview

General Information

Sample name:	phish_alert_iocp_v1.4.48 (43).eml
Analysis ID:	1500751
MD5:	ad2ce3de882e4e5c78726dde87f25ca7
SHA1:	88691243762a80426a098e155bd37cd0481a1b24
SHA256:	12a4f2b878966cb23794bb6546378525125f92751e4fa4d4ee18126828fab624
Infos:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish10

Phishing site detected (based on image similarity)

Phishing site detected (based on shot match)

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Detected non-DNS traffic on DNS port

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML title does not match URL

Invalid T&C link found

None HTTPS page querying sensitive user data (password, username or email)

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Sigma detected: Outlook Security Settings Updated - Registry

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 7008 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_iocp_v1.4.48 (43).eml" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 6344 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "497F7768-6DCF-45A4-919E-3A217435DEB9" "B73ADBC6-9D33-4684-B34E-C899375883D2" "7008" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

chrome.exe (PID: 6640 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\RA2DLVFO\VM-20240828-03940.html MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 3472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1824,i,15988177734497601794,1818530608862503201,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
3.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
3.4.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
3.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
3.7.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7008, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Sigma detected: Outlook Security Settings Updated - Registry

Source: Registry Key set

Author: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\RA2DLVFO\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7008, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com

LLM: Score: 8 Reasons: The URL is a local file path and not a standard web domain, which is unusual and raises suspicions. Additionally, the presence of the 'file://' protocol and the use of a local file path as a domain name are not typical of a legitimate Microsoft login page. DOM: 3.6.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 3.5.pages.csv, type: HTML
Source: Yara match	File source: 3.4.pages.csv, type: HTML
Source: Yara match	File source: 3.6.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on shot match)

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com	Matcher: Template: captcha matched
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com	Matcher: Template: captcha matched

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Source: https://oivbp.ckliths.com/9237153646160215950352043247426ufy3fk2kok53p6hlf583z4z7qrnbalvmd?81461067793942263957445635738236qwd2lu88b0vqboafgszpzrt5y2viysoip	HTTP Parser: var websitenames = ["godaddy", "okta"];var capnum = 1;var appnum = 1;var view = "";var pagelinkval = "1kq4a";var emailcheck = "sschultz@firstfedweb.com";var webname = "rtrim(/web8/, '/')";var urlo = "hx0nenfdqsewmgzzp04ah6uv7w9sxjkr0i18zishmwoxjfspw1eyijdpcoov";var gdf = "ghuourwqgsqcthbyhnayj7m2hwfwxkpu3h8sxr5cd120";var odf = "ijcl1hsj7gawgwop0dxqdukjbuvrx2vuhzc4xkuecd644";var currentreq = null;var requestsent = false;var pagedata = "";var redirecturl = "";let useragent = navigator.useragent;let browsername;let userip;let usercountry;var errorcodeexecuted = false;if(useragent.match(/chrome\|chromium\|crios/i)){ browsername = "chrome";} else if(useragent.match(/firefox\|fxios/i)){ browsername = "firefox";} else if(useragent.match(/safari/i)){ browsername = "safari";} else if(useragent.match(/opr\//i)){ browsername = "opera";} else if(useragent.match(/edg/i)){ browsername = "edge";} else{ browsername="no browser detection";}function encryptdata(data) { cons...
Source: https://oivbp.ckliths.com/9237153646160215950352043247426ufy3fk2kok53p6hlf583z4z7qrnbalvmd?81461067793942263957445635738236qwd2lu88b0vqboafgszpzrt5y2viysoip#	HTTP Parser: var websitenames = ["godaddy", "okta"];var capnum = 1;var appnum = 1;var view = "";var pagelinkval = "1kq4a";var emailcheck = "sschultz@firstfedweb.com";var webname = "rtrim(/web8/, '/')";var urlo = "hx0nenfdqsewmgzzp04ah6uv7w9sxjkr0i18zishmwoxjfspw1eyijdpcoov";var gdf = "ghuourwqgsqcthbyhnayj7m2hwfwxkpu3h8sxr5cd120";var odf = "ijcl1hsj7gawgwop0dxqdukjbuvrx2vuhzc4xkuecd644";var currentreq = null;var requestsent = false;var pagedata = "";var redirecturl = "";let useragent = navigator.useragent;let browsername;let userip;let usercountry;var errorcodeexecuted = false;if(useragent.match(/chrome\|chromium\|crios/i)){ browsername = "chrome";} else if(useragent.match(/firefox\|fxios/i)){ browsername = "firefox";} else if(useragent.match(/safari/i)){ browsername = "safari";} else if(useragent.match(/opr\//i)){ browsername = "opera";} else if(useragent.match(/edg/i)){ browsername = "edge";} else{ browsername="no browser detection";}function encryptdata(data) { cons...

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com

HTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script> <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit"></script> <script src="https://cdnjs.cloudflar...

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com

HTTP Parser: Title: Voice Mail does not match URL

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com	HTTP Parser: Invalid link: Terms of use
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com	HTTP Parser: Invalid link: Privacy & cookies
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com	HTTP Parser: Invalid link: Terms of use
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com	HTTP Parser: Invalid link: Privacy & cookies
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com	HTTP Parser: Invalid link: Terms of use
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com	HTTP Parser: Invalid link: Privacy & cookies

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com

HTTP Parser: <input type="password" .../> found

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com	HTTP Parser: No favicon
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com	HTTP Parser: No favicon
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com	HTTP Parser: No favicon
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com	HTTP Parser: No favicon
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com	HTTP Parser: No favicon

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RA2DLVFO/VM-20240828-03940.html#?em=sschultz@firstfedweb.com	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.190.159.68:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.68:443 -> 192.168.2.17:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.68:443 -> 192.168.2.17:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.17:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.137.106.217:443 -> 192.168.2.17:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.137.106.217:443 -> 192.168.2.17:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.137.106.217:443 -> 192.168.2.17:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:62521 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:62533 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:62536 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.17:62484 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:62484 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:62484 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:62484 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:62484 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:62484 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:62484 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:62484 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:62484 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:62484 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:62484 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:62484 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.68

Source: global traffic	DNS traffic detected: DNS query: href.li
Source: global traffic	DNS traffic detected: DNS query: oivbp.ckliths.com
Source: global traffic	DNS traffic detected: DNS query: t0ca.maktated.ru
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdn.socket.io
Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: www.w3schools.com
Source: global traffic	DNS traffic detected: DNS query: ok4static.oktacdn.com
Source: global traffic	DNS traffic detected: DNS query: objects.githubusercontent.com
Source: global traffic	DNS traffic detected: DNS query: get.geojs.io
Source: global traffic	DNS traffic detected: DNS query: 8flx.oapuot.ru
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 62521 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62515 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62538 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62493 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62533 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 62487 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62498 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62532 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62526 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62510 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62492 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62502
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62503
Source: unknown	Network traffic detected: HTTP traffic on port 62504 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62504
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62505
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62506
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62500
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62501
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 62519 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62490
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62491
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62492
Source: unknown	Network traffic detected: HTTP traffic on port 62537 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62493
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62485
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62486
Source: unknown	Network traffic detected: HTTP traffic on port 62502 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62487
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62488
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62489
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 62542 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62503 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62536 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62488 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62497
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62498
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62499
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 62520 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62499 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62525 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62524 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62501 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62490 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62512 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62506 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62513 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62541 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62518 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62535 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62489 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62540 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62511 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62505 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62513
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62515
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62516
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62517
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62518
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62519
Source: unknown	Network traffic detected: HTTP traffic on port 62486 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62510
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62511
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62512
Source: unknown	Network traffic detected: HTTP traffic on port 62522 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62516 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62497 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62524
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62525
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62526
Source: unknown	Network traffic detected: HTTP traffic on port 62523 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62520
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62521
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62522
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62523
Source: unknown	Network traffic detected: HTTP traffic on port 62517 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62491 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62535
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62536
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62537
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62538
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62532
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62533
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62500 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62540
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62541
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62542
Source: unknown	Network traffic detected: HTTP traffic on port 62485 -> 443

Source: unknown	HTTPS traffic detected: 20.190.159.68:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.68:443 -> 192.168.2.17:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.68:443 -> 192.168.2.17:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.17:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.137.106.217:443 -> 192.168.2.17:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.137.106.217:443 -> 192.168.2.17:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.137.106.217:443 -> 192.168.2.17:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:62521 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:62533 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:62536 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.winEML@32/68@60/310