Edit tour

Windows Analysis Report
FINAL SETTLEMENT DOCUMENT_ LIEN WAVER DURATION- 57185f7898fa8b51ebd3deed1492e65365186c19.eml

Overview

General Information

Sample name:	FINAL SETTLEMENT DOCUMENT_ LIEN WAVER DURATION- 57185f7898fa8b51ebd3deed1492e65365186c19.eml
Analysis ID:	1539642
MD5:	dc71909e938cd4cd2ae42c30eb2f0d03
SHA1:	661c7cfd640f6364b287e35c59b5b4d015e25325
SHA256:	8830280c54ea21d3ba99bdab9804e8cdded18957d7bb51238b9e3a71e8074493
Infos:

Detection

HTMLPhisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish10

Phishing site detected (based on favicon image match)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Invalid T&C link found

None HTTPS page querying sensitive user data (password, username or email)

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Sigma detected: Outlook Security Settings Updated - Registry

Stores files to the Windows start menu directory

Stores large binary data to the registry

Classification

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 6368 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\FINAL SETTLEMENT DOCUMENT_ LIEN WAVER DURATION- 57185f7898fa8b51ebd3deed1492e65365186c19.eml" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 6820 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "9052FD6F-1042-4E11-B4EF-967BB5F7F62E" "845DF88C-4A2D-484D-8AF6-80F23B211D80" "6368" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

chrome.exe (PID: 1552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\02S2DC2Q\PO 635614 635613_CQDM.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1972,i,4793714129518313638,11660152005779446069,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
1.2.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 2, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6368, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\ColleagueImport.ColleagueImportAddin\LoadCount

Sigma detected: Outlook Security Settings Updated - Registry

Source: Registry Key set

Author: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\02S2DC2Q\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6368, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/02S2DC2Q/PO%20635614%20635613_CQDM.html

LLM: Score: 10 Reasons: HTML file with login form DOM: 1.2.pages.csv

Yara detected HtmlPhish10

Source: Yara match

File source: 1.2.pages.csv, type: HTML

Phishing site detected (based on favicon image match)

Source: file://

Matcher: Template: microsoft matched with high similarity

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/02S2DC2Q/PO%20635614%20635613_CQDM.html

HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/02S2DC2Q/PO%20635614%20635613_CQDM.html

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/02S2DC2Q/PO%20635614%20635613_CQDM.html

HTTP Parser: Title: Sign in to your account does not match URL

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/02S2DC2Q/PO%20635614%20635613_CQDM.html	HTTP Parser: Invalid link: Privacy statement
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/02S2DC2Q/PO%20635614%20635613_CQDM.html	HTTP Parser: Invalid link: Privacy statement

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/02S2DC2Q/PO%20635614%20635613_CQDM.html

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/02S2DC2Q/PO%20635614%20635613_CQDM.html

HTTP Parser: <input type="password" .../> found

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/02S2DC2Q/PO%20635614%20635613_CQDM.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/02S2DC2Q/PO%20635614%20635613_CQDM.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/02S2DC2Q/PO%20635614%20635613_CQDM.html	HTTP Parser: No favicon

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/02S2DC2Q/PO%20635614%20635613_CQDM.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/02S2DC2Q/PO%20635614%20635613_CQDM.html	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/02S2DC2Q/PO%20635614%20635613_CQDM.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/02S2DC2Q/PO%20635614%20635613_CQDM.html	HTTP Parser: No <meta name="copyright".. found

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 30MB

Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.231
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.231
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.231
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.231
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.231
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.231
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.231
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.231
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.231
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.231
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.231
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.231
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.231
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.231

Source: global traffic	HTTP traffic detected: GET /7810328171/next.php HTTP/1.1Host: 154.12.225.231Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /7810328171/next.php HTTP/1.1Host: 154.12.225.231Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: stackpath.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: 7810328171-1323985617.cos.sa-saopaulo.myqcloud.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: chrome.google.com
Source: global traffic	DNS traffic detected: DNS query: chromewebstore.google.com
Source: global traffic	DNS traffic detected: DNS query: lh3.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: scone-pa.clients6.google.com

Source: unknown

HTTP traffic detected: POST /7810328171/next.php HTTP/1.1Host: 154.12.225.231Connection: keep-aliveContent-Length: 13User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: */*Origin: nullAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Data Raw: 64 6f 3d 75 73 65 72 2d 63 68 65 63 6b Data Ascii: do=user-check

Source: unknown	Network traffic detected: HTTP traffic on port 64725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64668 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64736
Source: unknown	Network traffic detected: HTTP traffic on port 64677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64735
Source: unknown	Network traffic detected: HTTP traffic on port 64763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64648 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64732
Source: unknown	Network traffic detected: HTTP traffic on port 64734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64733
Source: unknown	Network traffic detected: HTTP traffic on port 64640 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64665 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64748
Source: unknown	Network traffic detected: HTTP traffic on port 64651 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64659 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64743
Source: unknown	Network traffic detected: HTTP traffic on port 64771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64744
Source: unknown	Network traffic detected: HTTP traffic on port 64689 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64662 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64647 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64751
Source: unknown	Network traffic detected: HTTP traffic on port 64732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64667 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64650 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64648
Source: unknown	Network traffic detected: HTTP traffic on port 64678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64647
Source: unknown	Network traffic detected: HTTP traffic on port 64653 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64649
Source: unknown	Network traffic detected: HTTP traffic on port 64681 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64640
Source: unknown	Network traffic detected: HTTP traffic on port 64718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64641
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64644
Source: unknown	Network traffic detected: HTTP traffic on port 64710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64643
Source: unknown	Network traffic detected: HTTP traffic on port 64735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64767
Source: unknown	Network traffic detected: HTTP traffic on port 64750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64641 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64687 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64660
Source: unknown	Network traffic detected: HTTP traffic on port 64744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64659
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64658
Source: unknown	Network traffic detected: HTTP traffic on port 64658 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64651
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64650
Source: unknown	Network traffic detected: HTTP traffic on port 64661 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64653
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64655
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64657
Source: unknown	Network traffic detected: HTTP traffic on port 64730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64644 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64702
Source: unknown	Network traffic detected: HTTP traffic on port 64712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64704
Source: unknown	Network traffic detected: HTTP traffic on port 64764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64706
Source: unknown	Network traffic detected: HTTP traffic on port 64649 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64655 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64662
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64661
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64666
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64665
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64668
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64701
Source: unknown	Network traffic detected: HTTP traffic on port 64733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64667
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64700
Source: unknown	Network traffic detected: HTTP traffic on port 64666 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64643 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64680
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64681
Source: unknown	Network traffic detected: HTTP traffic on port 64708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64713
Source: unknown	Network traffic detected: HTTP traffic on port 64736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64716
Source: unknown	Network traffic detected: HTTP traffic on port 64679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64718
Source: unknown	Network traffic detected: HTTP traffic on port 64765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64674
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64677
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64676
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64679
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64678
Source: unknown	Network traffic detected: HTTP traffic on port 64751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64691
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64690
Source: unknown	Network traffic detected: HTTP traffic on port 64745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64724
Source: unknown	Network traffic detected: HTTP traffic on port 64657 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64729
Source: unknown	Network traffic detected: HTTP traffic on port 64674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64660 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64686
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64688
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64687
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64689
Source: unknown	Network traffic detected: HTTP traffic on port 64714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64722

Source: classification engine

Classification label: mal60.phis.winEML@23/88@46/253