Edit tour

Windows Analysis Report
Aisha C. Yetman shared you a document..msg

Overview

General Information

Sample name:	Aisha C. Yetman shared you a document..msg
Analysis ID:	1520486
MD5:	67340fb3a621311ccd27846c46349c6d
SHA1:	a23b24990392237da809f5b724ec05ebeff2a54f
SHA256:	99b0d83c116ab9470d1a50bb9d1616b28afe02930eaccdf1349e3b447b178297
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site or detected (based on various text indicators)

Suspicious MSG / EML detected (based on various text indicators)

Detected non-DNS traffic on DNS port

HTML body contains password input but no form action

HTML page contains hidden javascript code

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 5768 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Aisha C. Yetman shared you a document..msg" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 4860 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "28AD7FEA-D827-475F-A769-030CD0CBFDB2" "49BEB033-A781-49F9-956C-7A79B1FDBEF4" "5768" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

chrome.exe (PID: 4996 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://lsaustralasia-my.sharepoint.com/:f:/g/personal/janine_lsaust_com_au/Eh_UbyNHz6NNpYjJVdYgrwcBqGq7dVVPWUd1_5bX4K66JQ?e=69hdpQ MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6220 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1980,i,10088438625339154242,9140440464760541525,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Sigma Signatures

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 5768, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 0.13

OCR Text: OneDrive + New Download Sort v 81 Details My files > Law Offices of Shaevitz & Shaevitz 3 Activity Name v Modified Modified By File size Sharing Janine Kennedy -CLICK HERE TO REVIEW DOCUMENT.url Yesterday at 1:05 PM 70 bytes 00 Shared

Suspicious MSG / EML detected (based on various text indicators)

Source: MSG / EML

OCR Text: ShareFile Attachments Expires October 6, 2024 September Claim Report.pdf 423 KB VIEW SHARED DOCUMENT Aisha C. Yetman uses ShareFile to share documents securely. Best regards, Aisha C. Yetman Legal Assistant Law Offices of Shaevitz & Shaevitz 148-55 Hillside Avenue Jamaica, NY 11435 Telephone: (718) 291-3400 Ext, 240 Fax: (718) 739-5654 E-Mail: aisha.yetman@shaevitzandshaevitz.com

Source: https://www.instagram.com/

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://stellarnetwork.sucileton.com/EQn1RAKa/

HTTP Parser: Base64 decoded: {"version":3,"sources":["/cfsetup_build/src/orchestrator/turnstile/templates/turnstile.scss","%3Cinput%20css%20qtFLbZ%3E"],"names":[],"mappings":"AAmCA,gBACI,GACI,uBClCN,CACF,CDqCA,kBACI,GACI,mBCnCN,CACF,CDsCA,iBACI,MAEI,cCrCN,CDwCE,IACI,mBCtCN,CACF,CDyCA...

Source: https://www.instagram.com/

HTTP Parser: <input type="password" .../> found

Source: https://stellarnetwork.sucileton.com/EQn1RAKa/	HTTP Parser: No favicon
Source: https://stellarnetwork.sucileton.com/EQn1RAKa/	HTTP Parser: No favicon

Source: https://www.instagram.com/	HTTP Parser: No <meta name="author".. found
Source: https://www.instagram.com/	HTTP Parser: No <meta name="author".. found

Source: https://www.instagram.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.instagram.com/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.17:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.17:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.17:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.242.39.171:443 -> 192.168.2.17:51028 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:51040 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:51052 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:51063 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 27MB

Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:51023 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134

Source: global traffic	DNS traffic detected: DNS query: lsaustralasia-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: spo.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: australiasoutheast0-0.pushnp.svc.ms
Source: global traffic	DNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: stellarnetwork.sucileton.com
Source: global traffic	DNS traffic detected: DNS query: 50.23.12.20.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: lsaustralasia.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: config.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: zlwjxwhb6dotuxwnzgx1nxd8jxfxz9jvftopkpgzlutlkcerpzndneucb8in.gatertati.ru
Source: global traffic	DNS traffic detected: DNS query: instagram.com
Source: global traffic	DNS traffic detected: DNS query: www.instagram.com
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: static.cdninstagram.com
Source: global traffic	DNS traffic detected: DNS query: 2937715f9d67cf3a3e5dcb8ab195f6ab.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: tr-ooc-atm.office.com
Source: global traffic	DNS traffic detected: DNS query: outlook.office365.com
Source: global traffic	DNS traffic detected: DNS query: upload.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51148
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51149
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51147
Source: unknown	Network traffic detected: HTTP traffic on port 51044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51151
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51152
Source: unknown	Network traffic detected: HTTP traffic on port 51210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51150
Source: unknown	Network traffic detected: HTTP traffic on port 51147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 51164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51336 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51034
Source: unknown	Network traffic detected: HTTP traffic on port 51135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51035
Source: unknown	Network traffic detected: HTTP traffic on port 51244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51274
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51154
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51157
Source: unknown	Network traffic detected: HTTP traffic on port 51170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51162
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51163
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51160
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51040
Source: unknown	Network traffic detected: HTTP traffic on port 64697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 51050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 51274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51226 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51044
Source: unknown	Network traffic detected: HTTP traffic on port 51113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51165
Source: unknown	Network traffic detected: HTTP traffic on port 51194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51049
Source: unknown	Network traffic detected: HTTP traffic on port 51175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51170
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51171
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51051
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51172
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 51107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 51141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51059
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51180
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51060
Source: unknown	Network traffic detected: HTTP traffic on port 51045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51063
Source: unknown	Network traffic detected: HTTP traffic on port 51073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51184
Source: unknown	Network traffic detected: HTTP traffic on port 51215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51064
Source: unknown	Network traffic detected: HTTP traffic on port 51102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51185
Source: unknown	Network traffic detected: HTTP traffic on port 51209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51183
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 51090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51109
Source: unknown	Network traffic detected: HTTP traffic on port 51060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 51192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51227
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51228
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51221
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51222
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51225
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51346
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51226
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51223
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51224
Source: unknown	Network traffic detected: HTTP traffic on port 51237 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51346 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51119
Source: unknown	Network traffic detected: HTTP traffic on port 64701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51239
Source: unknown	Network traffic detected: HTTP traffic on port 64690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51230
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51231
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51237
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51234
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51235
Source: unknown	Network traffic detected: HTTP traffic on port 51177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 51108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 51329 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51244
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51242
Source: unknown	Network traffic detected: HTTP traffic on port 51043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51125
Source: unknown	Network traffic detected: HTTP traffic on port 51171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51130
Source: unknown	Network traffic detected: HTTP traffic on port 51231 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51139
Source: unknown	Network traffic detected: HTTP traffic on port 51120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64690
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51133
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51134
Source: unknown	Network traffic detected: HTTP traffic on port 51242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51137
Source: unknown	Network traffic detected: HTTP traffic on port 51193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51138
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51259
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51136
Source: unknown	Network traffic detected: HTTP traffic on port 51137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51140
Source: unknown	Network traffic detected: HTTP traffic on port 51049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51141
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51260
Source: unknown	Network traffic detected: HTTP traffic on port 51219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51306
Source: unknown	Network traffic detected: HTTP traffic on port 51058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51224 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 51207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51207
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51208
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51329
Source: unknown	Network traffic detected: HTTP traffic on port 51081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51205
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51206
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51209
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51200
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51204
Source: unknown	Network traffic detected: HTTP traffic on port 51155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51201
Source: unknown	Network traffic detected: HTTP traffic on port 51235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51339
Source: unknown	Network traffic detected: HTTP traffic on port 51034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 51189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51219
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51217
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 51059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51210
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51211
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51332
Source: unknown	Network traffic detected: HTTP traffic on port 51028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51214
Source: unknown	Network traffic detected: HTTP traffic on port 51133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51215
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51336
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51212
Source: unknown	Network traffic detected: HTTP traffic on port 51260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51339 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51067
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51188
Source: unknown	Network traffic detected: HTTP traffic on port 51134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51189
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51187
Source: unknown	Network traffic detected: HTTP traffic on port 51228 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51190
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51074
Source: unknown	Network traffic detected: HTTP traffic on port 51097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51196
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51193
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51073
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51194
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 51051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51332 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51198
Source: unknown	Network traffic detected: HTTP traffic on port 51174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51085
Source: unknown	Network traffic detected: HTTP traffic on port 51234 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 51217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64701
Source: unknown	Network traffic detected: HTTP traffic on port 51163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51097
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51239 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443

Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.17:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.17:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.17:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.242.39.171:443 -> 192.168.2.17:51028 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:51040 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:51052 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:51063 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.winMSG@22/14@36/276