Edit tour

Windows Analysis Report
Eastern Contractors Corporation Contract and submittal document.eml

Overview

General Information

Sample name:	Eastern Contractors Corporation Contract and submittal document.eml
Analysis ID:	1591390
MD5:	407cf4cbd77835f3009d017f6f5fdd91
SHA1:	9cd37acd0494df75cd09668aa72c0a0eea738338
SHA256:	129174ee4efbfa6524dc9bdb733bd2aa0dd54d5b7f8f5e7c0dc692021d16af5c
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected landing page (webpage, office document or email)

AI detected suspicious elements in Email content

Phishing site or detected (based on various text indicators)

Suspicious MSG / EML detected (based on various text indicators)

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Stores files to the Windows start menu directory

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 6280 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Eastern Contractors Corporation Contract and submittal document.eml" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 6452 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "13117FBF-E402-4BA8-A804-49D6C1A97BDF" "6C5C54CF-B6EC-4181-BC09-FF4EF84FEB13" "6280" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

chrome.exe (PID: 7100 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://na4.docusign.net/Signing/EmailStart.aspx?a=e472f45a-3f40-4d74-a7b5-c614bd2f9460&etti=24&acct=cd0c46de-0b7c-43ac-adb1-0a336d43d913&er=da828ee4-19f3-4a0e-ba09-f575112b1029 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 3092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1988,i,1270707062470486970,4024407879004618962,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Sigma Signatures

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6280, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected landing page (webpage, office document or email)

Source: Email	Joe Sandbox AI: Page contains button: 'REVIEW DOCUMENT' Source: 'Email'
Source: Email	Joe Sandbox AI: Email contains prominent button: 'review document'

AI detected suspicious elements in Email content

Source: Email

Joe Sandbox AI: Detected potential phishing email: The email claims to be from DocuSign but uses a suspicious domain 'eccamerica.com' for the supposed company. The URL structure attempts to mimic DocuSign's legitimate format but contains suspicious parameters. The email creates urgency around signing a contract document, a common phishing tactic

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 2.4	OCR Text: Done! Select Finish to send the completed document Docusign Envelope txmCA38-F1-4CE2-%C.4-7B754CE2F23 EASTERN O FINISH Terms Of & OTHER ACTIONS docusign This electronic PDF has shared with you REVIEW DOCUMENT PDF This dcx:ument is protected for your organization view only. DO Not Share This Email This email contains a secrre PDF link to in browser. Microsoft Word Sign electronicany in just mimaes It's safe, and "*ution for Digital file sharing E nglish (US) I c,pyrightZ2025Doc Gignma V2R
Source: Chrome DOM: 2.5	OCR Text: Done! Select Finish to send the completed document FINISH External Link Warning This link opens a new window and goes to an external website that is not part of Docusign. To proceed, select CONTINUE. CONTINUE CANCEL docusign This electronic PDF has shared with you REVIEW DOCUMENT PDF This document is protected for your organization view only. Do Not Share This Email This email contains a secure em:rypted PDF link to view in browser, Microsoft Word Sign documents electroncany in just minutes It's safe secure. and trusted solution for file sharing - Egvs', (US) OTHER ACTIONS I ccpyrightZ202500c,
Source: Chrome DOM: 2.3	OCR Text: Please Review & Act on These Documents Peter Kim Connie Pointer Peter Kim (Eastern Contractors Corporation) shared the Contract and submittal document with you Please review and let me docusign OTHER ACTIONS know if you have any questions. View More Please review the documents below. docusign This electronic PDF has tmn shared with you REVIEW DOCUMENTE7 PDF This document is protected for your organization view only. Do Not Share This Email This email contains a secure encryvt' PDF Ink to eew in browser Microsoft Word Sign documents electroncany in just minutes sale. secure. and trusted for Digital file sharing E nglish (US) CONTINUE Terms Of & I c,pyrightZ2025Doc Gignma V2R

Suspicious MSG / EML detected (based on various text indicators)

Source: MSG / EML

OCR Text: docusign Peter Kim sent you a document to review and sign. REVIEW DOCUMENT Peter Kim Cd3k3@outlook.com Peter Kim (Eastern Contractors Corporation) shared the Contract and submittal document with you. Please review and let me know if you have any questions. Thanks Peter Kim Founder, CEO - Eastern Companies Eastern Contractors Corporation General contractor and construction management www.eccamerica.com

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638724912144429639.NTA2ZTAxOGMtN2E4NC00MjRkLWI4NTctOTU4ZTYwZDU2MGE5MWU1NzU2ZDAtYjM0Ni00NDExLTkxYzUtNDdlMjA1MTRjYWJi&ui_locales=en-US&mkt=en-US&client-request-id=ca621b56-5d0b-4622-b229-89c95d1c0c44&state=wXgpI-Qm2J3NjbXYr5s_ZVTbcJ_mIwIuJFtl_GdGGkDVadus1YeuXpy9_b1slZfQxK7EVWrXSPF8pym_P9-7H2rxbvFeuHcOpMhlXKF_LKYp4YSYhT92C-t2MYnqhFgO5ZjwOe9cIQNyaVP760GHflHCfRpllWlBIEYIoJwgrEaOD0kWObDl9Ji3eNu8hhfHfWPogeSvO-YxPUdcFeU_QrL8EYh_PHODKtX89mbuECPcfnn08jgAKUwbU8o37jsW87XsvXxvJBNxkaqlZ7si2Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638724912144429639.NTA2ZTAxOGMtN2E4NC00MjRkLWI4NTctOTU4ZTYwZDU2MGE5MWU1NzU2ZDAtYjM0Ni00NDExLTkxYzUtNDdlMjA1MTRjYWJi&ui_locales=en-US&mkt=en-US&client-request-id=ca621b56-5d0b-4622-b229-89c95d1c0c44&state=wXgpI-Qm2J3NjbXYr5s_ZVTbcJ_mIwIuJFtl_GdGGkDVadus1YeuXpy9_b1slZfQxK7EVWrXSPF8pym_P9-7H2rxbvFeuHcOpMhlXKF_LKYp4YSYhT92C-t2MYnqhFgO5ZjwOe9cIQNyaVP760GHflHCfRpllWlBIEYIoJwgrEaOD0kWObDl9Ji3eNu8hhfHfWPogeSvO-YxPUdcFeU_QrL8EYh_PHODKtX89mbuECPcfnn08jgAKUwbU8o37jsW87XsvXxvJBNxkaqlZ7si2Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: Number of links: 0

Source: https://easterncontractorscorporation.udamvdxxrl.ru/7cZw/

HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none" viewBox="0 0 26 26"><path fill="#d9d9d9" d="M13 0a13 13 0 1 0 0 26 13 13 0 0 0 0-26m0 24a11 11 0 1 1 0-22 11 11 0 0 1 0 22"/><path fill="#d9d9d9" d="m10.955 16.055-3.95-4.125-1.445...

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638724912144429639.NTA2ZTAxOGMtN2E4NC00MjRkLWI4NTctOTU4ZTYwZDU2MGE5MWU1NzU2ZDAtYjM0Ni00NDExLTkxYzUtNDdlMjA1MTRjYWJi&ui_locales=en-US&mkt=en-US&client-request-id=ca621b56-5d0b-4622-b229-89c95d1c0c44&state=wXgpI-Qm2J3NjbXYr5s_ZVTbcJ_mIwIuJFtl_GdGGkDVadus1YeuXpy9_b1slZfQxK7EVWrXSPF8pym_P9-7H2rxbvFeuHcOpMhlXKF_LKYp4YSYhT92C-t2MYnqhFgO5ZjwOe9cIQNyaVP760GHflHCfRpllWlBIEYIoJwgrEaOD0kWObDl9Ji3eNu8hhfHfWPogeSvO-YxPUdcFeU_QrL8EYh_PHODKtX89mbuECPcfnn08jgAKUwbU8o37jsW87XsvXxvJBNxkaqlZ7si2Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638724912144429639.NTA2ZTAxOGMtN2E4NC00MjRkLWI4NTctOTU4ZTYwZDU2MGE5MWU1NzU2ZDAtYjM0Ni00NDExLTkxYzUtNDdlMjA1MTRjYWJi&ui_locales=en-US&mkt=en-US&client-request-id=ca621b56-5d0b-4622-b229-89c95d1c0c44&state=wXgpI-Qm2J3NjbXYr5s_ZVTbcJ_mIwIuJFtl_GdGGkDVadus1YeuXpy9_b1slZfQxK7EVWrXSPF8pym_P9-7H2rxbvFeuHcOpMhlXKF_LKYp4YSYhT92C-t2MYnqhFgO5ZjwOe9cIQNyaVP760GHflHCfRpllWlBIEYIoJwgrEaOD0kWObDl9Ji3eNu8hhfHfWPogeSvO-YxPUdcFeU_QrL8EYh_PHODKtX89mbuECPcfnn08jgAKUwbU8o37jsW87XsvXxvJBNxkaqlZ7si2Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://docucdn-a.akamaihd.net/production/1ds/widgets/@ds/signing/24.12.68-5/signing-conversations.js?cs=082ab8cc7

HTTP Parser: /*! for license information please see signing-conversations.js.license.txt */!function(){var e,t,n,r,o,i={97455:function(){},57279:function(e,t,n){"use strict";var r=n(5946);object.defineproperty(t,"__esmodule",{value:!0}),t.default=void 0;var o=r(n(61240)),i=r(n(20271)),a=r(n(43563)),u=r(n(70533)),s=function(){function e(){(0,i.default)(this,e),(0,u.default)(this,"queue",new array),(0,u.default)(this,"workingonpromise",!1)}return(0,a.default)(e,[{key:"enqueue",value:function(e){var t=this;return new o.default((function(n,r){t.queue.push({worker:e,resolve:n,reject:r}),t.dequeue()}))}},{key:"dequeue",value:function(){var e=this;if(this.workingonpromise)return!1;var t=this.queue.shift();if(!t)return!1;try{this.workingonpromise=!0,t.worker().then((function(n){e.workingonpromise=!1,t.resolve(n),e.dequeue()})).catch((function(n){e.workingonpromise=!1,t.reject(n),e.dequeue()}))}catch(e){this.workingonpromise=!1,t.reject(e),this.dequeue()}return!0}}]),e}();t.default=s},74087:function(e,t,n){"use strict";var r=n(50...

Source: Email

Classification: Credential Stealer

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638724912144429639.NTA2ZTAxOGMtN2E4NC00MjRkLWI4NTctOTU4ZTYwZDU2MGE5MWU1NzU2ZDAtYjM0Ni00NDExLTkxYzUtNDdlMjA1MTRjYWJi&ui_locales=en-US&mkt=en-US&client-request-id=ca621b56-5d0b-4622-b229-89c95d1c0c44&state=wXgpI-Qm2J3NjbXYr5s_ZVTbcJ_mIwIuJFtl_GdGGkDVadus1YeuXpy9_b1slZfQxK7EVWrXSPF8pym_P9-7H2rxbvFeuHcOpMhlXKF_LKYp4YSYhT92C-t2MYnqhFgO5ZjwOe9cIQNyaVP760GHflHCfRpllWlBIEYIoJwgrEaOD0kWObDl9Ji3eNu8hhfHfWPogeSvO-YxPUdcFeU_QrL8EYh_PHODKtX89mbuECPcfnn08jgAKUwbU8o37jsW87XsvXxvJBNxkaqlZ7si2Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: https://na4.docusign.net/Signing/?ti=8914ba9cf17d4568b3ab82a72e21ba07	HTTP Parser: No favicon
Source: https://easterncontractorscorporation.udamvdxxrl.ru/7cZw/	HTTP Parser: No favicon
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638724912144429639.NTA2ZTAxOGMtN2E4NC00MjRkLWI4NTctOTU4ZTYwZDU2MGE5MWU1NzU2ZDAtYjM0Ni00NDExLTkxYzUtNDdlMjA1MTRjYWJi&ui_locales=en-US&mkt=en-US&client-request-id=ca621b56-5d0b-4622-b229-89c95d1c0c44&state=wXgpI-Qm2J3NjbXYr5s_ZVTbcJ_mIwIuJFtl_GdGGkDVadus1YeuXpy9_b1slZfQxK7EVWrXSPF8pym_P9-7H2rxbvFeuHcOpMhlXKF_LKYp4YSYhT92C-t2MYnqhFgO5ZjwOe9cIQNyaVP760GHflHCfRpllWlBIEYIoJwgrEaOD0kWObDl9Ji3eNu8hhfHfWPogeSvO-YxPUdcFeU_QrL8EYh_PHODKtX89mbuECPcfnn08jgAKUwbU8o37jsW87XsvXxvJBNxkaqlZ7si2Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No favicon

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638724912144429639.NTA2ZTAxOGMtN2E4NC00MjRkLWI4NTctOTU4ZTYwZDU2MGE5MWU1NzU2ZDAtYjM0Ni00NDExLTkxYzUtNDdlMjA1MTRjYWJi&ui_locales=en-US&mkt=en-US&client-request-id=ca621b56-5d0b-4622-b229-89c95d1c0c44&state=wXgpI-Qm2J3NjbXYr5s_ZVTbcJ_mIwIuJFtl_GdGGkDVadus1YeuXpy9_b1slZfQxK7EVWrXSPF8pym_P9-7H2rxbvFeuHcOpMhlXKF_LKYp4YSYhT92C-t2MYnqhFgO5ZjwOe9cIQNyaVP760GHflHCfRpllWlBIEYIoJwgrEaOD0kWObDl9Ji3eNu8hhfHfWPogeSvO-YxPUdcFeU_QrL8EYh_PHODKtX89mbuECPcfnn08jgAKUwbU8o37jsW87XsvXxvJBNxkaqlZ7si2Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638724912144429639.NTA2ZTAxOGMtN2E4NC00MjRkLWI4NTctOTU4ZTYwZDU2MGE5MWU1NzU2ZDAtYjM0Ni00NDExLTkxYzUtNDdlMjA1MTRjYWJi&ui_locales=en-US&mkt=en-US&client-request-id=ca621b56-5d0b-4622-b229-89c95d1c0c44&state=wXgpI-Qm2J3NjbXYr5s_ZVTbcJ_mIwIuJFtl_GdGGkDVadus1YeuXpy9_b1slZfQxK7EVWrXSPF8pym_P9-7H2rxbvFeuHcOpMhlXKF_LKYp4YSYhT92C-t2MYnqhFgO5ZjwOe9cIQNyaVP760GHflHCfRpllWlBIEYIoJwgrEaOD0kWObDl9Ji3eNu8hhfHfWPogeSvO-YxPUdcFeU_QrL8EYh_PHODKtX89mbuECPcfnn08jgAKUwbU8o37jsW87XsvXxvJBNxkaqlZ7si2Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638724912144429639.NTA2ZTAxOGMtN2E4NC00MjRkLWI4NTctOTU4ZTYwZDU2MGE5MWU1NzU2ZDAtYjM0Ni00NDExLTkxYzUtNDdlMjA1MTRjYWJi&ui_locales=en-US&mkt=en-US&client-request-id=ca621b56-5d0b-4622-b229-89c95d1c0c44&state=wXgpI-Qm2J3NjbXYr5s_ZVTbcJ_mIwIuJFtl_GdGGkDVadus1YeuXpy9_b1slZfQxK7EVWrXSPF8pym_P9-7H2rxbvFeuHcOpMhlXKF_LKYp4YSYhT92C-t2MYnqhFgO5ZjwOe9cIQNyaVP760GHflHCfRpllWlBIEYIoJwgrEaOD0kWObDl9Ji3eNu8hhfHfWPogeSvO-YxPUdcFeU_QrL8EYh_PHODKtX89mbuECPcfnn08jgAKUwbU8o37jsW87XsvXxvJBNxkaqlZ7si2Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638724912144429639.NTA2ZTAxOGMtN2E4NC00MjRkLWI4NTctOTU4ZTYwZDU2MGE5MWU1NzU2ZDAtYjM0Ni00NDExLTkxYzUtNDdlMjA1MTRjYWJi&ui_locales=en-US&mkt=en-US&client-request-id=ca621b56-5d0b-4622-b229-89c95d1c0c44&state=wXgpI-Qm2J3NjbXYr5s_ZVTbcJ_mIwIuJFtl_GdGGkDVadus1YeuXpy9_b1slZfQxK7EVWrXSPF8pym_P9-7H2rxbvFeuHcOpMhlXKF_LKYp4YSYhT92C-t2MYnqhFgO5ZjwOe9cIQNyaVP760GHflHCfRpllWlBIEYIoJwgrEaOD0kWObDl9Ji3eNu8hhfHfWPogeSvO-YxPUdcFeU_QrL8EYh_PHODKtX89mbuECPcfnn08jgAKUwbU8o37jsW87XsvXxvJBNxkaqlZ7si2Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638724912144429639.NTA2ZTAxOGMtN2E4NC00MjRkLWI4NTctOTU4ZTYwZDU2MGE5MWU1NzU2ZDAtYjM0Ni00NDExLTkxYzUtNDdlMjA1MTRjYWJi&ui_locales=en-US&mkt=en-US&client-request-id=ca621b56-5d0b-4622-b229-89c95d1c0c44&state=wXgpI-Qm2J3NjbXYr5s_ZVTbcJ_mIwIuJFtl_GdGGkDVadus1YeuXpy9_b1slZfQxK7EVWrXSPF8pym_P9-7H2rxbvFeuHcOpMhlXKF_LKYp4YSYhT92C-t2MYnqhFgO5ZjwOe9cIQNyaVP760GHflHCfRpllWlBIEYIoJwgrEaOD0kWObDl9Ji3eNu8hhfHfWPogeSvO-YxPUdcFeU_QrL8EYh_PHODKtX89mbuECPcfnn08jgAKUwbU8o37jsW87XsvXxvJBNxkaqlZ7si2Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638724912144429639.NTA2ZTAxOGMtN2E4NC00MjRkLWI4NTctOTU4ZTYwZDU2MGE5MWU1NzU2ZDAtYjM0Ni00NDExLTkxYzUtNDdlMjA1MTRjYWJi&ui_locales=en-US&mkt=en-US&client-request-id=ca621b56-5d0b-4622-b229-89c95d1c0c44&state=wXgpI-Qm2J3NjbXYr5s_ZVTbcJ_mIwIuJFtl_GdGGkDVadus1YeuXpy9_b1slZfQxK7EVWrXSPF8pym_P9-7H2rxbvFeuHcOpMhlXKF_LKYp4YSYhT92C-t2MYnqhFgO5ZjwOe9cIQNyaVP760GHflHCfRpllWlBIEYIoJwgrEaOD0kWObDl9Ji3eNu8hhfHfWPogeSvO-YxPUdcFeU_QrL8EYh_PHODKtX89mbuECPcfnn08jgAKUwbU8o37jsW87XsvXxvJBNxkaqlZ7si2Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.17:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.242.162:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.242.162:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.3.187.198:443 -> 192.168.2.17:61964 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:61965 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:61968 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:61970 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:62147 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.21.65.154:443 -> 192.168.2.17:62149 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.17:61963 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:61963 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:61963 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:61963 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:61963 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:63168 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:61963 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:63168 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:61963 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:63168 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:61963 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:63168 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:61963 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:63168 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:61963 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.17:63168 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:61963 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: global traffic	DNS traffic detected: DNS query: na4.docusign.net
Source: global traffic	DNS traffic detected: DNS query: docucdn-a.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: api.mixpanel.com
Source: global traffic	DNS traffic detected: DNS query: 198.187.3.20.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: a.docusign.com
Source: global traffic	DNS traffic detected: DNS query: cdn.optimizely.com
Source: global traffic	DNS traffic detected: DNS query: easterncontractorscorporation.udamvdxxrl.ru
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: gbahqhz7oetienhy8jvjhdoxthnz6dhkfux7f3fgyclvtbr7gb.ivertoneym.ru
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: www.office.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 62137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61980
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62157
Source: unknown	Network traffic detected: HTTP traffic on port 63171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 63185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62061
Source: unknown	Network traffic detected: HTTP traffic on port 62139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 63183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 61968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 63209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 63172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63171
Source: unknown	Network traffic detected: HTTP traffic on port 63178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63170
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63173
Source: unknown	Network traffic detected: HTTP traffic on port 62133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63172
Source: unknown	Network traffic detected: HTTP traffic on port 61971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63207
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63209
Source: unknown	Network traffic detected: HTTP traffic on port 63206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63200
Source: unknown	Network traffic detected: HTTP traffic on port 63190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63202
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63205
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63204
Source: unknown	Network traffic detected: HTTP traffic on port 63181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63181
Source: unknown	Network traffic detected: HTTP traffic on port 62138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63183
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62130
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63185
Source: unknown	Network traffic detected: HTTP traffic on port 62142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62128
Source: unknown	Network traffic detected: HTTP traffic on port 62124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62129
Source: unknown	Network traffic detected: HTTP traffic on port 63195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63210
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62125
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62126
Source: unknown	Network traffic detected: HTTP traffic on port 63170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62127
Source: unknown	Network traffic detected: HTTP traffic on port 62135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63190
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63193
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63195
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63194
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62140
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62141
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63196
Source: unknown	Network traffic detected: HTTP traffic on port 63199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62139
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61964
Source: unknown	Network traffic detected: HTTP traffic on port 62148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61965
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61968
Source: unknown	Network traffic detected: HTTP traffic on port 63196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62131
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63188
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62132
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62133
Source: unknown	Network traffic detected: HTTP traffic on port 63173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62134
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63189
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62136
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62137
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62138
Source: unknown	Network traffic detected: HTTP traffic on port 61978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61978
Source: unknown	Network traffic detected: HTTP traffic on port 62126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62143
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63198
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61970
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62147
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62148
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62149

Source: unknown	HTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.17:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.242.162:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.242.162:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.3.187.198:443 -> 192.168.2.17:61964 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:61965 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:61968 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:61970 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:62147 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.21.65.154:443 -> 192.168.2.17:62149 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.winEML@22/109@32/275