Windows Analysis Report
https://newbostondentalcare-my.sharepoint.com/:b:/g/personal/maryellen_newbostondental_com/ERDvxS5UJSxPtXyWuklCyAMBDYWal6mJXrTJHUf_OfHqfg?e=5l0sTu

Overview

General Information

Sample URL: https://newbostondentalcare-my.sharepoint.com/:b:/g/personal/maryellen_newbostondental_com/ERDvxS5UJSxPtXyWuklCyAMBDYWal6mJXrTJHUf_OfHqfg?e=5l0sTu
Analysis ID: 1500130
Infos:

Detection

Phisher
Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Yara detected Phisher
Performs DNS queries with encoded ASCII data (may be used to data exfiltration)
Phishing site detected (based on shot match)
Detected non-DNS traffic on DNS port
Drops files with a non-matching file extension (content does not match file extension)
HTML body with high number of large embedded background images detected
HTML page contains hidden javascript code
Stores files to the Windows start menu directory

Classification

Phishing
barindex
Yara detected Phisher
Source: Yara match File source: dropped/chromecache_1047, type: DROPPED
Phishing site detected (based on shot match)
Source: https://wavewire.site/mmU8v/#I Matcher: Template: captcha matched
Source: https://wavewire.site/mmU8v/#I Matcher: Template: captcha matched
HTML body with high number of large embedded background images detected
Source: https://newbostondentalcare-my.sharepoint.com/personal/maryellen_newbostondental_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fmaryellen%5Fnewbostondental%5Fcom%2FDocuments%2FREFUND%20AUTHORIZATION%2FREFUND%20AUTHORIZATION%20PDF%2Epdf&parent=%2Fpersonal%2Fmaryellen%5Fnewbostondental%5Fcom%2FDocuments%2FREFUND%20AUTHORIZATION HTTP Parser: Total embedded background img size: 236746
HTML page contains hidden javascript code
Source: https://wavewire.site/mmU8v/#I HTTP Parser: Base64 decoded: {"version":3,"sourceRoot":"/cfsetup_build/src/orchestrator/turnstile/templates","sources":["turnstile.scss"],"names":[],"mappings":"AAmCA;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IAEI;;EAGJ;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI...
Source: https://50ou-vasil-levski.com/tvavx.php HTTP Parser: No favicon
Source: https://wavewire.site/mmU8v/#I HTTP Parser: No favicon
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49781 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49782 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.16:49795 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:49809 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:49817 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:49821 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.3.187.198:443 -> 192.168.2.16:64600 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:64605 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:64612 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:64616 version: TLS 1.2

Networking
barindex
Performs DNS queries with encoded ASCII data (may be used to data exfiltration)
Source: unknown DNS traffic detected with encoded ASCII: query: 2574ec9d602191583dd925473fa60bd1.fp.measure.office.com; decoded parts: %t`!X=%G?
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: global traffic TCP traffic: 192.168.2.16:64597 -> 162.159.36.2:53
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: newbostondentalcare-my.sharepoint.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: spo.nel.measure.office.net
Source: global traffic DNS traffic detected: DNS query: westus31-mediap.svc.ms
Source: global traffic DNS traffic detected: DNS query: 198.187.3.20.in-addr.arpa
Source: global traffic DNS traffic detected: DNS query: m365cdn.nel.measure.office.net
Source: global traffic DNS traffic detected: DNS query: newbostondentalcare.sharepoint.com
Source: global traffic DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic DNS traffic detected: DNS query: config.fp.measure.office.com
Source: global traffic DNS traffic detected: DNS query: 2574ec9d602191583dd925473fa60bd1.fp.measure.office.com
Source: global traffic DNS traffic detected: DNS query: tr-ooc-fs.office.com
Source: global traffic DNS traffic detected: DNS query: outlook.office.com
Source: global traffic DNS traffic detected: DNS query: upload.fp.measure.office.com
Source: global traffic DNS traffic detected: DNS query: 50ou-vasil-levski.com
Source: global traffic DNS traffic detected: DNS query: wavewire.site
Source: global traffic DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 64616 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65033
Source: unknown Network traffic detected: HTTP traffic on port 65086 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65034
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 65028 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64616
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64730
Source: unknown Network traffic detected: HTTP traffic on port 64757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64889 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 65108 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64852
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65028
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64612
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65029
Source: unknown Network traffic detected: HTTP traffic on port 65089 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 65100 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 65043 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65042
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65043
Source: unknown Network traffic detected: HTTP traffic on port 65095 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64900
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64748
Source: unknown Network traffic detected: HTTP traffic on port 65074 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 65080 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 65057 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64985
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65056
Source: unknown Network traffic detected: HTTP traffic on port 64713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64757
Source: unknown Network traffic detected: HTTP traffic on port 65049 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65049
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64994
Source: unknown Network traffic detected: HTTP traffic on port 64755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 65033 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64600 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64755
Source: unknown Network traffic detected: HTTP traffic on port 65123 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65062
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65066
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65067
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65100
Source: unknown Network traffic detected: HTTP traffic on port 65066 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 65097 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 65115 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64605 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64889
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 65072 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65057
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65074
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65071
Source: unknown Network traffic detected: HTTP traffic on port 65101 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65072
Source: unknown Network traffic detected: HTTP traffic on port 64830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 65067 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65078
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 64612 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64985 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65101
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65108
Source: unknown Network traffic detected: HTTP traffic on port 64994 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65105
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65084
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65082
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65000
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65089
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65086
Source: unknown Network traffic detected: HTTP traffic on port 65091 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65080
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64826
Source: unknown Network traffic detected: HTTP traffic on port 65078 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 65029 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 65084 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65115
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 65124 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65095
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 65042 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65097
Source: unknown Network traffic detected: HTTP traffic on port 65090 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65091
Source: unknown Network traffic detected: HTTP traffic on port 65000 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65090
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64713
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 65056 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 65071 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64841 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65123
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65124
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64830
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 65062 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65020
Source: unknown Network traffic detected: HTTP traffic on port 65020 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64605
Source: unknown Network traffic detected: HTTP traffic on port 65082 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 65034 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 65105 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64600
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64841
Source: unknown Network traffic detected: HTTP traffic on port 64714 -> 443
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49781 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49782 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.16:49795 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:49809 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:49817 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:49821 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.3.187.198:443 -> 192.168.2.16:64600 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:64605 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:64612 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:64616 version: TLS 1.2
Source: classification engine Classification label: mal56.phis.troj.win@18/394@30/265
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://newbostondentalcare-my.sharepoint.com/:b:/g/personal/maryellen_newbostondental_com/ERDvxS5UJSxPtXyWuklCyAMBDYWal6mJXrTJHUf_OfHqfg?e=5l0sTu
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2028,i,13430472019515981692,2625913970887276408,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2028,i,13430472019515981692,2625913970887276408,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: Window Recorder Window detected: More than 3 window changes detected
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 872 Jump to dropped file
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
52.98.241.194
 ooc-g2.tm-4.office.com United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
2.23.209.11
 unknown European Union
1273 CWVodafoneGroupPLCEU false
13.107.136.10
 dual-spo-0005.spo-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
52.168.117.171
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
51.132.193.105
 unknown United Kingdom
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
78.142.63.8
 50ou-vasil-levski.com Bulgaria
31083 TELEPOINTBG false
2.23.209.32
 unknown European Union
1273 CWVodafoneGroupPLCEU false
104.18.94.41
 challenges.cloudflare.com United States
13335 CLOUDFLARENETUS false
142.250.181.238
 unknown United States
15169 GOOGLEUS false
2.19.126.200
 unknown European Union
16625 AKAMAI-ASUS false
23.57.23.230
 unknown United States
16625 AKAMAI-ASUS false
142.250.185.163
 unknown United States
15169 GOOGLEUS false
23.38.98.96
 unknown United States
16625 AKAMAI-ASUS false
1.1.1.1
 unknown Australia
13335 CLOUDFLARENETUS false
142.250.186.36
 www.google.com United States
15169 GOOGLEUS false
52.182.143.209
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
2.23.209.42
 unknown European Union
1273 CWVodafoneGroupPLCEU false
20.42.65.91
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
216.58.206.67
 unknown United States
15169 GOOGLEUS false
172.67.215.161
 wavewire.site United States
13335 CLOUDFLARENETUS false
96.17.207.25
 unknown United States
16625 AKAMAI-ASUS false
216.58.206.42
 unknown United States
15169 GOOGLEUS false
13.107.6.163
 unknown United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
64.233.167.84
 unknown United States
15169 GOOGLEUS false
20.50.73.13
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
239.255.255.250
 unknown Reserved
unknown unknown false
2.16.185.204
 unknown European Union
16625 AKAMAI-ASUS false
96.17.207.26
 unknown United States
16625 AKAMAI-ASUS false
142.250.186.142
 unknown United States
15169 GOOGLEUS false
142.250.186.100
 unknown United States
15169 GOOGLEUS false
23.54.139.47
 unknown United States
20940 AKAMAI-ASN1EU false
52.98.38.2
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
95.101.54.225
 unknown European Union
34164 AKAMAI-LONGB false
52.98.177.2
 ooc-fs.tm-4.office.com United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
95.101.54.226
 unknown European Union
34164 AKAMAI-LONGB false

Private

IP
192.168.2.16
192.168.2.5

Contacted Domains

Name IP Active
ooc-g2.tm-4.office.com 52.98.241.194 true
dual-spo-0005.spo-msedge.net 13.107.136.10 true
ooc-fs.tm-4.office.com 52.98.177.2 true
50ou-vasil-levski.com 78.142.63.8 true
a.nel.cloudflare.com 35.190.80.1 true
wavewire.site 172.67.215.161 true
challenges.cloudflare.com 104.18.94.41 true
www.google.com 142.250.186.36 true
newbostondentalcare.sharepoint.com unknown unknown
r4.res.office365.com unknown unknown
outlook.office.com unknown unknown
newbostondentalcare-my.sharepoint.com unknown unknown
westus31-mediap.svc.ms unknown unknown
198.187.3.20.in-addr.arpa unknown unknown
m365cdn.nel.measure.office.net unknown unknown
spo.nel.measure.office.net unknown unknown
2574ec9d602191583dd925473fa60bd1.fp.measure.office.com unknown unknown
upload.fp.measure.office.com unknown unknown
config.fp.measure.office.com unknown unknown
tr-ooc-fs.office.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://newbostondentalcare-my.sharepoint.com/personal/maryellen_newbostondental_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fmaryellen%5Fnewbostondental%5Fcom%2FDocuments%2FREFUND%20AUTHORIZATION%2FREFUND%20AUTHORIZATION%20PDF%2Epdf&parent=%2Fpersonal%2Fmaryellen%5Fnewbostondental%5Fcom%2FDocuments%2FREFUND%20AUTHORIZATION&ga=1 false
    		unknown
    https://50ou-vasil-levski.com/tvavx.php false
      		unknown
      https://wavewire.site/mmU8v/#I true
        		unknown
        https://newbostondentalcare-my.sharepoint.com/personal/maryellen_newbostondental_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fmaryellen%5Fnewbostondental%5Fcom%2FDocuments%2FREFUND%20AUTHORIZATION%2FREFUND%20AUTHORIZATION%20PDF%2Epdf&parent=%2Fpersonal%2Fmaryellen%5Fnewbostondental%5Fcom%2FDocuments%2FREFUND%20AUTHORIZATION false
          		unknown
          https://newbostondentalcare-my.sharepoint.com/personal/maryellen_newbostondental_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fmaryellen%5Fnewbostondental%5Fcom%2FDocuments%2FREFUND%20AUTHORIZATION false
            		unknown