Edit tour

Windows Analysis Report
[External] 120112 Manual Policies Overview Guide_ 8VM8-WZPT3L-LYH1.eml

Overview

General Information

Sample name:	[External] 120112 Manual Policies Overview Guide_ 8VM8-WZPT3L-LYH1.eml
Analysis ID:	1580035
MD5:	712511535987a0e3eb53798d01577d53
SHA1:	25d0882ea51a1725c5eaea970e8823abd04e9580
SHA256:	7df07f24452651b6b5334d115c3da380c50ce020e3cef5be78e6746ddc7d3049
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

AI detected potential phishing Email

AI detected suspicious Javascript

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Stores files to the Windows start menu directory

Stores large binary data to the registry

Classification

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 1364 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\[External] 120112 Manual Policies Overview Guide_ 8VM8-WZPT3L-LYH1.eml" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 6636 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "F5D61493-321F-44A6-A5FE-3CF94B2B7F1B" "D6741B14-256A-4566-8CCF-CCFF3A441077" "1364" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

Acrobat.exe (PID: 4264 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\2HLBY5LH\ppuhl Reference YQy Manual_120112.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 1360 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7216 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2132 --field-trial-handle=1588,i,6636914668748474544,5474708927762410746,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 7732 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.pt//url?ol=%25SERIALbHWvutBHJDJopw&rct=OKfqigeYGte6egsda&sa=t&esrc=GNOyseckdxhds&source=&cd=Ztebgsheior%3DBhsoepr&ved=Bgaopepqje%25SERIALbHWvu%3D&url=amp%2Felysiumproperties.net%2Fgtoephye%3Fe%3Doutlook.office.com MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7956 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=2312,i,4134693689153310629,18380803809806479140,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Sigma Signatures

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 1364, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary
• Boot Survival
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://pub-cb48a1f3508c49e29943cfa5c56fda5c.r2.dev/gteuiwopqvsfsf	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The URL 'pub-cb48a1f3508c49e29943cfa5c56fda5c.r2.dev' does not match the legitimate domain 'microsoft.com'., The domain 'r2.dev' is not associated with Microsoft and appears to be a generic or cloud service domain., The presence of a Microsoft-related input field on a non-Microsoft domain is suspicious and indicative of phishing. DOM: 2.15.pages.csv
Source: https://pub-cb48a1f3508c49e29943cfa5c56fda5c.r2.dev/gteuiwopqvsfsf	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The provided URL 'pub-cb48a1f3508c49e29943cfa5c56fda5c.r2.dev' does not match the legitimate domain 'microsoft.com'., The URL contains a random string and uses the 'r2.dev' domain, which is not associated with Microsoft., The presence of a random string and an unusual domain extension is a common tactic in phishing attempts., The input field requests a Microsoft email, which could be used to harvest credentials. DOM: 2.14.pages.csv

AI detected potential phishing Email

Source: Email

Joe Sandbox AI: Detected potential phishing email: The email claims to require review/signature of an employee document but comes from an unrelated commercial domain (therasage.com). The subject line contains a suspicious random-looking code (8VM8-WZPT3L-LYH1) typical of phishing attempts. The email includes unnecessary legal disclaimers in multiple languages to appear legitimate

AI detected suspicious Javascript

Source: 0.4.id.script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: https://www.google.com/recaptcha/api2/anchor?ar=1&... The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. While the script may have a legitimate purpose, such as reCAPTCHA integration, the aggressive and opaque nature of the implementation raises significant security concerns. Further investigation is recommended to determine the true intent and potential impact of this script.

Source: https://pub-cb48a1f3508c49e29943cfa5c56fda5c.r2.dev/gteuiwopqvsfsf

HTTP Parser: Number of links: 0

Source: https://pub-cb48a1f3508c49e29943cfa5c56fda5c.r2.dev/gteuiwopqvsfsf

HTTP Parser: Base64 decoded: https://zooz-jo.com/teygsye/

Source: https://pub-cb48a1f3508c49e29943cfa5c56fda5c.r2.dev/gteuiwopqvsfsf

HTTP Parser: Title: Ui does not match URL

Source: Email

Classification: Credential Stealer

Source: http://elysiumproperties.net/gtoephye	HTTP Parser: No favicon
Source: http://elysiumproperties.net/gtoephye	HTTP Parser: No favicon
Source: http://elysiumproperties.net/gtoephye	HTTP Parser: No favicon
Source: http://elysiumproperties.net/gtoephye	HTTP Parser: No favicon
Source: http://elysiumproperties.net/gtoephye	HTTP Parser: No favicon
Source: http://elysiumproperties.net/gtoephye	HTTP Parser: No favicon
Source: http://elysiumproperties.net/gtoephye	HTTP Parser: No favicon
Source: http://elysiumproperties.net/gtoephye	HTTP Parser: No favicon
Source: http://elysiumproperties.net/gtoephye	HTTP Parser: No favicon
Source: http://elysiumproperties.net/gtoephye	HTTP Parser: No favicon
Source: http://elysiumproperties.net/gtoephye	HTTP Parser: No favicon
Source: http://elysiumproperties.net/gtoephye	HTTP Parser: No favicon
Source: http://elysiumproperties.net/gtoephye	HTTP Parser: No favicon
Source: https://pub-cb48a1f3508c49e29943cfa5c56fda5c.r2.dev/gteuiwopqvsfsf	HTTP Parser: No favicon
Source: https://pub-cb48a1f3508c49e29943cfa5c56fda5c.r2.dev/gteuiwopqvsfsf	HTTP Parser: No favicon

Source: https://pub-cb48a1f3508c49e29943cfa5c56fda5c.r2.dev/gteuiwopqvsfsf	HTTP Parser: No <meta name="author".. found
Source: https://pub-cb48a1f3508c49e29943cfa5c56fda5c.r2.dev/gteuiwopqvsfsf	HTTP Parser: No <meta name="author".. found

Source: https://pub-cb48a1f3508c49e29943cfa5c56fda5c.r2.dev/gteuiwopqvsfsf	HTTP Parser: No <meta name="copyright".. found
Source: https://pub-cb48a1f3508c49e29943cfa5c56fda5c.r2.dev/gteuiwopqvsfsf	HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49753 version: TLS 1.2

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /gtoephye HTTP/1.1Host: elysiumproperties.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: elysiumproperties.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://elysiumproperties.net/gtoephyeAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.pt
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: elysiumproperties.net
Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: pub-cb48a1f3508c49e29943cfa5c56fda5c.r2.dev
Source: global traffic	DNS traffic detected: DNS query: i.gyazo.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Mon, 23 Dec 2024 17:51:12 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helv

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown

HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49753 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.winEML@37/53@23/230