Edit tour

Windows Analysis Report
RMHdBSlo.eml

Overview

General Information

Sample name:	RMHdBSlo.eml renamed because original name is a hash value
Original sample name:	abx_CloudMessage_WzM0NDYsICJkOTY5N2ExYS03ZDJjLTQyMjMtOTJjNS00NmE5M2QwMjA4NDRAYWYwZWUzNDMtMGM4MC00MmJlLWFlYWMtZDY4OGU2M2VjZjQ4IiwgIkFBa0FMZ0FBQUFBQUhZUURFYXBtRWMyYnlBQ3FBQy1FV2cwQUZmRmU1Y0JPSWtLd0pneldCUk5RMHdBSlo.eml
Analysis ID:	1563760
MD5:	113d7f6d822160a510fc26138b5aaab7
SHA1:	de7e95d24523e6a537f7e5749c7e4beb06709fef
SHA256:	4316732ffa9adf1c72d71fc83b730fcda9cdfecc93da5aecf67de3c0b0e4164b
Infos:

Detection

CredentialStealer

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus detection for URL or domain

AI detected potential phishing Email

Performs DNS queries to domains with low reputation

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Sigma detected: Outlook Security Settings Updated - Registry

Stores files to the Windows start menu directory

Stores large binary data to the registry

Classification

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 6888 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\RMHdBSlo.eml" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 6220 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "3C015231-6AB6-4500-9144-3115E0E225F4" "72A03D6D-574E-44A0-BEAC-DF0C14A2C37D" "6888" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

chrome.exe (PID: 7116 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\9EJ6LDU9\Transaction_Verification_olivier.dangmann_9SVAQL5HUU.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4592 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1836,i,6106293077217634644,6601601547706600389,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Sigma Signatures

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6888, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Sigma detected: Outlook Security Settings Updated - Registry

Source: Registry Key set

Author: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\9EJ6LDU9\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6888, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://sdsdsd.chiliesdigital.co.za/app/stiktk.php

Avira URL Cloud: Label: malware

Phishing

AI detected phishing page

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/9EJ6LDU9/Transaction_Verification_olivier.dangmann_9SVAQL5HUU.html

Joe Sandbox AI: Score: 10 Reasons: HTML file with login form DOM: 1.2.pages.csv

AI detected potential phishing Email

Source: Email

Joe Sandbox AI: Detected potential phishing email: Sender domain 'smu.edu.in' is suspicious and doesn't match legitimate Microsoft 365 billing domains. Subject line uses urgent action-required language and suspicious transaction codes typical of phishing. Attachment with specific username and random characters is a common phishing tactic

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/9EJ6LDU9/Transaction_Verification_olivier.dangmann_9SVAQL5HUU.html

HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/9EJ6LDU9/Transaction_Verification_olivier.dangmann_9SVAQL5HUU.html

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/9EJ6LDU9/Transaction_Verification_olivier.dangmann_9SVAQL5HUU.html

HTTP Parser: Title: Sign in to your Account -- vswbgp44bi10ji K2FR13ENM5R6X2 does not match URL

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/9EJ6LDU9/Transaction_Verification_olivier.dangmann_9SVAQL5HUU.html

HTTP Parser: Has password / email / username input fields

Source: Email

Classification: Credential Stealer

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/9EJ6LDU9/Transaction_Verification_olivier.dangmann_9SVAQL5HUU.html

HTTP Parser: Iframe src: https://technical-support365cSy1ibkpBlcF7d.elixicraft.xyz:8443/impact?212121M365BOOOOO352529=olivier.dangmann@eu.o-i.com

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/9EJ6LDU9/Transaction_Verification_olivier.dangmann_9SVAQL5HUU.html

HTTP Parser: <input type="password" .../> found

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/9EJ6LDU9/Transaction_Verification_olivier.dangmann_9SVAQL5HUU.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/9EJ6LDU9/Transaction_Verification_olivier.dangmann_9SVAQL5HUU.html	HTTP Parser: No favicon

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/9EJ6LDU9/Transaction_Verification_olivier.dangmann_9SVAQL5HUU.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/9EJ6LDU9/Transaction_Verification_olivier.dangmann_9SVAQL5HUU.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/9EJ6LDU9/Transaction_Verification_olivier.dangmann_9SVAQL5HUU.html	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/9EJ6LDU9/Transaction_Verification_olivier.dangmann_9SVAQL5HUU.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/9EJ6LDU9/Transaction_Verification_olivier.dangmann_9SVAQL5HUU.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/9EJ6LDU9/Transaction_Verification_olivier.dangmann_9SVAQL5HUU.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.190.177.23:443 -> 192.168.2.16:49696 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.192.160.109:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.177.23:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.192.160.109:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49739 version: TLS 1.2

Networking

Performs DNS queries to domains with low reputation

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: technical-support365csy1ibkpblcf7d.elixicraft.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: _8443._https.technical-support365csy1ibkpblcf7d.elixicraft.xyz

Source: Joe Sandbox View	IP Address: 108.178.43.142 108.178.43.142
Source: Joe Sandbox View	IP Address: 192.229.133.221 192.229.133.221
Source: Joe Sandbox View	IP Address: 104.21.81.229 104.21.81.229
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.160.109
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.160.109
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.160.109
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.160.109
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.160.109
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.160.109
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.160.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.23
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.160.109
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.160.109
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.160.109
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.160.109
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.160.109

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=S4YVLftEMEPO1ss&MD=yYOPp15M HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /W3VsSBWwRkgu3VU4vz0AHItfbhGKlYbgqLXJAihtr-QYgMO1A3g9_eyrAbqOxANa7qc HTTP/1.1Host: play-lh.googleusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /W3VsSBWwRkgu3VU4vz0AHItfbhGKlYbgqLXJAihtr-QYgMO1A3g9_eyrAbqOxANa7qc HTTP/1.1Host: play-lh.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://technical-support365csy1ibkpblcf7d.elixicraft.xyz:8443/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /w3css/4/w3.css HTTP/1.1Host: www.w3schools.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://technical-support365csy1ibkpblcf7d.elixicraft.xyz:8443/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /smarty/xls_v1.6/tail-spin.svg HTTP/1.1Host: kasumbo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://technical-support365csy1ibkpblcf7d.elixicraft.xyz:8443/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://technical-support365csy1ibkpblcf7d.elixicraft.xyz:8443/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /app/stiktk.php HTTP/1.1Host: sdsdsd.chiliesdigital.co.zaConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Encryption/ErrorPage.aspx?src=0&code=10&be=DM8PR09MB6088&fe=BL1PR13CA0351.NAMPRD13.PROD.OUTLOOK.COM HTTP/1.1Host: outlook.office365.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: /Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://technical-support365csy1ibkpblcf7d.elixicraft.xyz:8443/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=S4YVLftEMEPO1ss&MD=yYOPp15M HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /app/stiktk.php HTTP/1.1Host: sdsdsd.chiliesdigital.co.zaConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Encryption/ErrorPage.aspx?src=0&code=10&be=DM8PR09MB6088&fe=BL1PR13CA0351.NAMPRD13.PROD.OUTLOOK.COM HTTP/1.1Host: outlook.office365.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: /Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://technical-support365csy1ibkpblcf7d.elixicraft.xyz:8443/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: play-lh.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: technical-support365csy1ibkpblcf7d.elixicraft.xyz
Source: global traffic	DNS traffic detected: DNS query: _8443._https.technical-support365csy1ibkpblcf7d.elixicraft.xyz
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.w3schools.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: kasumbo.com
Source: global traffic	DNS traffic detected: DNS query: sdsdsd.chiliesdigital.co.za
Source: global traffic	DNS traffic detected: DNS query: outlook.office365.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Wed, 27 Nov 2024 11:53:08 GMTstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-frame-options: SAMEORIGINx-content-type-options: nosniffvary: User-Agent,Accept-Encodingalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD4157.0.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: chromecache_81.15.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_81.15.dr	String found in binary or memory: http://fontawesome.io/license
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.aadrm.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.aadrm.com/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.addins.store.office.com/app/query
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.cortana.ai
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.diagnostics.office.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.microsoftstream.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.microsoftstream.com/api/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.office.net
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.onedrive.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://api.scheduler.
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://apis.live.net/v5.0/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://app.powerbi.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://augloop.office.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://augloop.office.com/v2
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://canary.designerapp.
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://cdn.entity.
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://clients.config.office.net
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://clients.config.office.net/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://cortana.ai
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://cortana.ai/api
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://cr.office.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://d.docs.live.net
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://dataservice.o365filtering.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://designerapp.azurewebsites.net
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://designerappservice.officeapps.live.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://dev.cortana.ai
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://devnull.onenote.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://directory.services.
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://ecs.office.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://edge.skype.com/registrar/prod
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://edge.skype.com/rps
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://enrichment.osi.office.net/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://entitlement.diagnostics.office.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://graph.ppe.windows.net
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://graph.ppe.windows.net/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://graph.windows.net
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://graph.windows.net/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://ic3.teams.office.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://incidents.diagnostics.office.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://invites.office.com/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://lifecycle.office.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://login.microsoftonline.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://login.microsoftonline.com/organizations
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://login.windows.local
Source: OUTLOOK_16_0_16827_20130-20241127T0652310658-6888.etl.0.dr	String found in binary or memory: https://login.windows.localR
Source: OUTLOOK_16_0_16827_20130-20241127T0652310658-6888.etl.0.dr	String found in binary or memory: https://login.windows.localnull
Source: OUTLOOK_16_0_16827_20130-20241127T0652310658-6888.etl.0.dr	String found in binary or memory: https://login.windows.localnullD
Source: OUTLOOK_16_0_16827_20130-20241127T0652310658-6888.etl.0.dr	String found in binary or memory: https://login.windows.localrnal_SR
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://make.powerautomate.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://management.azure.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://management.azure.com/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://messaging.action.office.com/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://messaging.engagement.office.com/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://messaging.office.com/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://mss.office.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://ncus.contentsync.
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://ncus.pagecontentsync.
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://notification.m365.svc.cloud.microsoft/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://notification.m365.svc.cloud.microsoft/PushNotifications.Register
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://officeapps.live.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://officepyservice.office.net/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://onedrive.live.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://onedrive.live.com/embed?
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://otelrules.azureedge.net
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://otelrules.svc.static.microsoft
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://outlook.office.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://outlook.office.com/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://outlook.office365.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://outlook.office365.com/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://outlook.office365.com/connectors
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://pages.store.office.com/review/query
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://planner.cloud.microsoft
Source: Transaction_Verification_olivier.dangmann_9SVAQL5HUU.html.0.dr, Transaction_Verification_olivier.dangmann_9SVAQL5HUU (002).html.0.dr	String found in binary or memory: https://play-lh.googleusercontent.com/W3VsSBWwRkgu3VU4vz0AHItfbhGKlYbgqLXJAihtr-QYgMO1A3g9_eyrAbqOxA
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://powerlift.acompli.net
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://pushchannel.1drv.ms
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://res.cdn.office.net
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://service.powerapps.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://settings.outlook.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://shell.suite.office.com:1443
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://skyapi.live.net/Activity/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://staging.cortana.ai
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-1
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-2
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-100
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-150
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-200
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-light-
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://store.office.cn/addinstemplate
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://store.office.de/addinstemplate
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://substrate.office.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://syncservice.o365syncservice.com/"
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://templatesmetadata.office.net/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://web.microsoftstream.com/video/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://webshell.suite.office.com
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://wus2.contentsync.
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://wus2.pagecontentsync.
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://www.odwebp.svc.ms
Source: 39C30306-9D67-4A13-9E76-67B289A4BD1A.0.dr	String found in binary or memory: https://www.yammer.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 20.190.177.23:443 -> 192.168.2.16:49696 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.192.160.109:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.177.23:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.192.160.109:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49739 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.troj.winEML@18/44@26/11