Windows Analysis Report
http://cubes.concordia.ca/track?type=click&enid=bWFpbGluZ2lkPTM2MjMmbWVzc2FnZWlkPTQxMjEmZGF0YWJhc2VpZD05MDEmc2VyaWFsPTEyNzU1MDM1NzUmZW1haWxpZD13YXJpZXN0NTkzMzgud2Vla2x5bWFpbEBibG9nZ2VyLmNvbSZ1c2VyaWQ9NDcxJmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&2028&&&http://gbmaucstans.com/?ddg5B=ZnJhbmNvaXMuYm91

Overview

General Information

Sample URL:	http://cubes.concordia.ca/track?type=click&enid=bWFpbGluZ2lkPTM2MjMmbWVzc2FnZWlkPTQxMjEmZGF0YWJhc2VpZD05MDEmc2VyaWFsPTEyNzU1MDM1NzUmZW1haWxpZD13YXJpZXN0NTkzMzgud2Vla2x5bWFpbEBibG9nZ2VyLmNvbSZ1c2VyaWQ9
Analysis ID:	1426704
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for domain / URL

Phishing site detected (based on favicon image match)

Phishing site detected (based on image similarity)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden URLs or javascript code

HTML title does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Phishing site detected (based on OCR NLP Model)

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://cubes.concordia.ca/track?type=click&enid=bWFpbGluZ2lkPTM2MjMmbWVzc2FnZWlkPTQxMjEmZGF0YWJhc2VpZD05MDEmc2VyaWFsPTEyNzU1MDM1NzUmZW1haWxpZD13YXJpZXN0NTkzMzgud2Vla2x5bWFpbEBibG9nZ2VyLmNvbSZ1c2VyaWQ9NDcxJmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&2028&&&http://gbmaucstans.com/?ddg5B=ZnJhbmNvaXMuYm91bGFuZ2VyQGNnaS5jb20=

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Multi AV Scanner detection for domain / URL

Source: https://bc1qhefefhkqg4a9rhm372pr0wj.com/api/v3/auth

Virustotal: Detection: 5%

Perma Link

Phishing

Phishing site detected (based on favicon image match)

Source: http://gbmaucstans.com	Matcher: Template: outlook matched with high similarity
Source: http://gbmaucstans.com/main/main.php#76BTvXEpvR7qiZVvg2YviuUz8X02NMvVS7Po5uNAlV1EVW9bZ7GhBARJyRMmDihwp6UuAI5WD6Ay3JJ2Qqkr1bbz3YWGgddFk8aVQfRumr2paMs1dNteYFO1DKITYWzi4KeV05pmwsMHfeJs1cH0Rw2ugLofHXxLIMGIR64ozQ6O5Ph71Y8SuanLWL0DJyprk6acceAL5GAbvRjxPrqkCN6yz6biFBK0HVcU9NGfugrZ7KxXcXhOKnmjuyCa9naRinLsarIFH9EPUbM683VTrhcVQP50cgRuDCWO4EtMO8BIknOtrJmS1zOSoUSBaK6On2DrH7dwgOeAc34DNrwP1kHqeA1pk7dHaR9SYmoebCPnGU1ulxjmS1M7CNwWVKE5BNXzalOlYDJFxL9Tisfbu2i6QP3LzIRavOKGay19cLOKwXDPqT0UWj1M84yHMpSieCYoa0xnLl7ijL7JF8EBrFozKWhxl9PzLOYWOvjARrSad0US8yuzeS9ZOqwazmJlaIhZdBA52sgfta8BJCbYukXjLutlQdG0VY09zAfB3vRwGZ8qBko6FmpqQSMG6sH1qIb0iqCmVtTCt124lra0NzrDsdjyG1A7JL72bKo7dhJGjMLFdWG0w7EYlYx1Z79JShL419berVVKIHpVD5W9dA7yyFAyMJhF03J1dVgERcpzTOvwUrG72OGBtgaf0rU1vD3IzjmqwLZpAuWvWCDYqjATAK8Bc3CHHGpg0MGwyGV9bSE7uh6UBGNcqWNDZqkG6KW6xDC6kyfvqUDUcKPNqC0RzNuzdPfjAcq7Q2daAtG1njVA3KounomXbRwpGMJgZ9oPbB0M5GNtZJ33urxSPUP1Lmqs8aJ7j7XuJXhOE5hEOkHjMfbC91EVn5nwf6EydB2XzkLdp3RdozxaOJNYKrT8wgFLmjkAUnytHjH6nykL7RWWAKUlbNuI49ursO1nbARSTyZh7j2fbZbMJ68VTCEXL8oeXqB90s2U11b8leoweAiYGqUz3yxPHW3EnFNo8PiaRujcJHIYh1XXsRxwp5l62pLp4zNdp6ngBGslnbkFdhCG8acyfxFhWqG10uepBCGdi9zGkTlyaXej8qRnYwEUWlWXQamsM3F5ceLx865i4kBcKsAJZfDWAzTrKgTxjzCvNo2Wu8ezsQMdjmWiBAeca8EUoxrH74cVsfRXn5xQWj3fG0yhANuKV8FjG70NbdIDtzBRF8HBrLR8MppmcU782MrJTsw5GeJ9Ok1usI5UuX2gnsDAmLIpx98rBEwiTfrIAsc2biXGg0XDsBdPmVeU4mmG1SYV8qDITQL59IMpIK2alg0IbeCgBYXCRWyZmcIg2tmcb8BUSE5eU5W5jzmVyjypf6pCi7TlAfxMo8GgNLvHRrNa096ytEYIKnl3veo6tVSR4z8RlDzc5nn6wtF07DJR14UwjjCNfvFj4NbprLCw8ZCFshGAVpsWuntNG6AVBgfG3r6vdI2lHF1aWHKS7cOBAiogpZc0frHjTNP6wRsewtptb9limaTXtidSipTyRASKoHRVzj95NyzYIUg55a2ytgrLFkjxVbhkT9fssoyfX7eG2uL8FOH848TKsdhopzIiIXKbmjqjqEZt9LBOAiXEqRpT4Hith0MZXxakQBDggDJppleZDcE434Y7LgB2hn2fUdzKOd14RLug6JgKVVPYZN6L4HOm5QB04aLSnMXeysvEbMp6He4H2at7ShtY85YdfJ6Dv3S4voIHa8NSnSAq23xVl1Tu6RHmAN06RTanhT4s2RkpJUPMYnIjpBOvtvS4jSbaLmx3fBvitQHdKxZJUI2kjRQNmIRFB3QnpnqEZWXtMEGxcGg7ojrIahvx0ncCq3ZPqquqmrT96AGigWpEgRmq8SX9faLGdKvEbZ5yrZHxzoQPlguB7R2gKZpZaaFnVb26b7FC6naGL1v6h0IoSKECJ3CTeih9tjgErWhxjsd4tJbKKT9CDOfnSRg69ygDSxhjtzRM25RvP2gAVqdyesV6kcdtLu7D2pXvYPi0V9wKcMl7dyGr1BylOMPzhWdjlbPk07kVhRGtE2BRAhiCTRXHENhVJvf5G4pHcKDtBjXfmy6WPpyIhwqVjIR3d68TbyAnieRUxP9UngRdGqWYWmTg5LjiSsc30Nrj1idz7ntvEkJkKFiG2cX7YgqQICUIpl1qEfZMDtihN1CyGUfJ7cR6shXaTRTidVJSbJEOcX50YHyFCNpK0gQsxODqFxJTttLEcqspnypmgY1TMqDMGufeiSEYpoRTRDx43ZtryTNOSPHEglrWPGb8zQ7ZeYS6CpaGpE7XxVMpKt40PwXFd8NMZULdTEjw4uct8krFfe50Ia1xGZcT80G7VskP6Ela8xEgR6W7k272c9AT8MNgNunIWIy3mTdvrSMjYIqjLylYHVRQIF6v9te6cM9yFn37fQqezQxkpSi6OaWwQ32Zxg5J3ehJClQRcg5L6C5wvoCjyzQoDSoa9uTcJbVlxLcJ2iv9UAFpZiJyRzWvrlFAQzNzKJUiu72xqxGk8lK7DtFv2C0uXG5OfSn0Bii6qkDQSkb0FV7joMProQVmw1aMTyMvQ4Chpf7hAihfdpzCbo4Af0XL17xVFkqwo2NOiV6Sdn8rMH4Y68yl8v7aDF5jZvQoyEcRzjJMGSetAisGq12zwaJaPOuPkkdTYqKyJulqmzUXRmEinGRURB5HqzwKTKESaorTTMkfleddARvYynSpZX6pxDarnOjydKs6xMmS0z6BqCzY0soZqvpX9zownI4AtwH0j3SjCYV3Av2AXqAoWZl5yJCWsGxVdeVwiOQUMMYnh0YfqzDnyYs7I44aLC6YR1v9Pm4C820p2YFtyiQ6hie0nib8Uh7LiCU8ZYK71Kx3JcwhumoMFCM3UXbPeiAxVvFVuq2vbzyVL5cgsB28dPb8MmX1FyyB3ewxEz3Q9CLVHYbazeiN3uVQRTSxrq8vFF3kf6aoJVjrTvBtKUgNpcEg?cfg=francois.boulanger@cgi.com	Matcher: Template: outlook matched with high similarity

Phishing site detected (based on image similarity)

Source: http://gbmaucstans.com/main/main.php#76BTvXEpvR7qiZVvg2YviuUz8X02NMvVS7Po5uNAlV1EVW9bZ7GhBARJyRMmDihwp6UuAI5WD6Ay3JJ2Qqkr1bbz3YWGgddFk8aVQfRumr2paMs1dNteYFO1DKITYWzi4KeV05pmwsMHfeJs1cH0Rw2ugLofHXxLIMGIR64ozQ6O5Ph71Y8SuanLWL0DJyprk6acceAL5GAbvRjxPrqkCN6yz6biFBK0HVcU9NGfugrZ7KxXcXhOKnmjuyCa9naRinLsarIFH9EPUbM683VTrhcVQP50cgRuDCWO4EtMO8BIknOtrJmS1zOSoUSBaK6On2DrH7dwgOeAc34DNrwP1kHqeA1pk7dHaR9SYmoebCPnGU1ulxjmS1M7CNwWVKE5BNXzalOlYDJFxL9Tisfbu2i6QP3LzIRavOKGay19cLOKwXDPqT0UWj1M84yHMpSieCYoa0xnLl7ijL7JF8EBrFozKWhxl9PzLOYWOvjARrSad0US8yuzeS9ZOqwazmJlaIhZdBA52sgfta8BJCbYukXjLutlQdG0VY09zAfB3vRwGZ8qBko6FmpqQSMG6sH1qIb0iqCmVtTCt124lra0NzrDsdjyG1A7JL72bKo7dhJGjMLFdWG0w7EYlYx1Z79JShL419berVVKIHpVD5W9dA7yyFAyMJhF03J1dVgERcpzTOvwUrG72OGBtgaf0rU1vD3IzjmqwLZpAuWvWCDYqjATAK8Bc3CHHGpg0MGwyGV9bSE7uh6UBGNcqWNDZqkG6KW6xDC6kyfvqUDUcKPNqC0RzNuzdPfjAcq7Q2daAtG1njVA3KounomXbRwpGMJgZ9oPbB0M5GNtZJ33urxSPUP1Lmqs8aJ7j7XuJXhOE5hEOkHjMfbC91EVn5nwf6EydB2XzkLdp3RdozxaOJNYKrT8wgFLmjkAUnytHjH6nykL7RWWAKUlbNuI49ursO1nbARSTyZh7j2fbZbMJ68VTCEXL8oeXqB90s2U11b8leoweAiYGqUz3yxPHW3EnFNo8PiaRujcJHIYh1XXsRxwp5l62pLp4zNdp6ngBGslnbkFdhCG8acyfxFhWqG10uepBCGdi9zGkTlyaXej8qRnYwEUWlWXQamsM3F5ceLx865i4kBcKsAJZfDWAzTrKgTxjzCvNo2Wu8ezsQMdjmWiBAeca8EUoxrH74cVsfRXn5xQWj3fG0yhANuKV8FjG70NbdIDtzBRF8HBrLR8MppmcU782MrJTsw5GeJ9Ok1usI5UuX2gnsDAmLIpx98rBEwiTfrIAsc2biXGg0XDsBdPmVeU4mmG1SYV8qDITQL59IMpIK2alg0IbeCgBYXCRWyZmcIg2tmcb8BUSE5eU5W5jzmVyjypf6pCi7TlAfxMo8GgNLvHRrNa096ytEYIKnl3veo6tVSR4z8RlDzc5nn6wtF07DJR14UwjjCNfvFj4NbprLCw8ZCFshGAVpsWuntNG6AVBgfG3r6vdI2lHF1aWHKS7cOBAiogpZc0frHjTNP6wRsewtptb9limaTXtidSipTyRASKoHRVzj95NyzYIUg55a2ytgrLFkjxVbhkT9fssoyfX7eG2uL8FOH848TKsdhopzIiIXKbmjqjqEZt9LBOAiXEqRpT4Hith0MZXxakQBDggDJppleZDcE434Y7LgB2hn2fUdzKOd14RLug6JgKVVPYZN6L4HOm5QB04aLSnMXeysvEbMp6He4H2at7ShtY85YdfJ6Dv3S4voIHa8NSnSAq23xVl1Tu6RHmAN06RTanhT4s2RkpJUPMYnIjpBOvtvS4jSbaLmx3fBvitQHdKxZJUI2kjRQNmIRFB3QnpnqEZWXtMEGxcGg7ojrIahvx0ncCq3ZPqquqmrT96AGigWpEgRmq8SX9faLGdKvEbZ5yrZHxzoQPlguB7R2gKZpZaaFnVb26b7FC6naGL1v6h0IoSKECJ3CTeih9tjgErWhxjsd4tJbKKT9CDOfnSRg69ygDSxhjtzRM25RvP2gAVqdyesV6kcdtLu7D2pXvYPi0V9wKcMl7dyGr1BylOMPzhWdjlbPk07kVhRGtE2BRAhiCTRXHENhVJvf5G4pHcKDtBjXfmy6WPpyIhwqVjIR3d68TbyAnieRUxP9UngRdGqWYWmTg5LjiSsc30Nrj1idz7ntvEkJkKFiG2cX7YgqQICUIpl1qEfZMDtihN1CyGUfJ7cR6shXaTRTidVJSbJEOcX50YHyFCNpK0gQsxODqFxJTttLEcqspnypmgY1TMqDMGufeiSEYpoRTRDx43ZtryTNOSPHEglrWPGb8zQ7ZeYS6CpaGpE7XxVMpKt40PwXFd8NMZULdTEjw4uct8krFfe50Ia1xGZcT80G7VskP6Ela8xEgR6W7k272c9AT8MNgNunIWIy3mTdvrSMjYIqjLylYHVRQIF6v9te6cM9yFn37fQqezQxkpSi6OaWwQ32Zxg5J3ehJClQRcg5L6C5wvoCjyzQoDSoa9uTcJbVlxLcJ2iv9UAFpZiJyRzWvrlFAQzNzKJUiu72xqxGk8lK7DtFv2C0uXG5OfSn0Bii6qkDQSkb0FV7joMProQVmw1aMTyMvQ4Chpf7hAihfdpzCbo4Af0XL17xVFkqwo2NOiV6Sdn8rMH4Y68yl8v7aDF5jZvQoyEcRzjJMGSetAisGq12zwaJaPOuPkkdTYqKyJulqmzUXRmEinGRURB5HqzwKTKESaorTTMkfleddARvYynSpZX6pxDarnOjydKs6xMmS0z6BqCzY0soZqvpX9zownI4AtwH0j3SjCYV3Av2AXqAoWZl5yJCWsGxVdeVwiOQUMMYnh0YfqzDnyYs7I44aLC6YR1v9Pm4C820p2YFtyiQ6hie0nib8Uh7LiCU8ZYK71Kx3JcwhumoMFCM3UXbPeiAxVvFVuq2vbzyVL5cgsB28dPb8MmX1FyyB3ewxEz3Q9CLVHYbazeiN3uVQRTSxrq8vFF3kf6aoJVjrTvBtKUgNpcEg?cfg=francois.boulanger@cgi.com

Matcher: Found strong image similarity, brand: MICROSOFT

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML page contains hidden URLs or javascript code

HTTP Parser: Base64 decoded: http://gbmaucstans.com/?ddg5B=ZnJhbmNvaXMuYm91bGFuZ2VyQGNnaS5jb20=

HTML title does not match URL

HTTP Parser: Title: Sign In does not match URL

None HTTPS page querying sensitive user data (password, username or email)

HTTP Parser: Has password / email / username input fields

Phishing site detected (based on OCR NLP Model)

Source: Chrome DOM: 0.0

ML Model on OCR Text: Matched 81.7% probability on "www.office.com Verify you are human by completing the action below. www.office.com needs to review the security of your connection before proceeding. "

HTTP Parser: <input type="password" .../> found

Source: http://cubes.concordia.ca/track?type=click&enid=bWFpbGluZ2lkPTM2MjMmbWVzc2FnZWlkPTQxMjEmZGF0YWJhc2VpZD05MDEmc2VyaWFsPTEyNzU1MDM1NzUmZW1haWxpZD13YXJpZXN0NTkzMzgud2Vla2x5bWFpbEBibG9nZ2VyLmNvbSZ1c2VyaWQ9NDcxJmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&2028&&&http://gbmaucstans.com/?ddg5B=ZnJhbmNvaXMuYm91bGFuZ2VyQGNnaS5jb20=	HTTP Parser: No favicon
Source: http://gbmaucstans.com/main/	HTTP Parser: No favicon
Source: http://gbmaucstans.com/main/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/jgoie/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/jgoie/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normal	HTTP Parser: No favicon
Source: http://gbmaucstans.com/main/main.php#76BTvXEpvR7qiZVvg2YviuUz8X02NMvVS7Po5uNAlV1EVW9bZ7GhBARJyRMmDihwp6UuAI5WD6Ay3JJ2Qqkr1bbz3YWGgddFk8aVQfRumr2paMs1dNteYFO1DKITYWzi4KeV05pmwsMHfeJs1cH0Rw2ugLofHXxLIMGIR64ozQ6O5Ph71Y8SuanLWL0DJyprk6acceAL5GAbvRjxPrqkCN6yz6biFBK0HVcU9NGfugrZ7KxXcXhOKnmjuyCa9naRinLsarIFH9EPUbM683VTrhcVQP50cgRuDCWO4EtMO8BIknOtrJmS1zOSoUSBaK6On2DrH7dwgOeAc34DNrwP1kHqeA1pk7dHaR9SYmoebCPnGU1ulxjmS1M7CNwWVKE5BNXzalOlYDJFxL9Tisfbu2i6QP3LzIRavOKGay19cLOKwXDPqT0UWj1M84yHMpSieCYoa0xnLl7ijL7JF8EBrFozKWhxl9PzLOYWOvjARrSad0US8yuzeS9ZOqwazmJlaIhZdBA52sgfta8BJCbYukXjLutlQdG0VY09zAfB3vRwGZ8qBko6FmpqQSMG6sH1qIb0iqCmVtTCt124lra0NzrDsdjyG1A7JL72bKo7dhJGjMLFdWG0w7EYlYx1Z79JShL419berVVKIHpVD5W9dA7yyFAyMJhF03J1dVgERcpzTOvwUrG72OGBtgaf0rU1vD3IzjmqwLZpAuWvWCDYqjATAK8Bc3CHHGpg0MGwyGV9bSE7uh6UBGNcqWNDZqkG6KW6xDC6kyfvqUDUcKPNqC0RzNuzdPfjAcq7Q2daAtG1njVA3KounomXbRwpGMJgZ9oPbB0M5GNtZJ33urxSPUP1Lmqs8aJ7j7XuJXhOE5hEOkHjMfbC91EVn5nwf6EydB2XzkLdp3RdozxaOJNYKrT8wgFLmjkAUnytHjH6nykL7RWWAKUlbNuI49ursO1nbARSTyZh7j2fbZbMJ68VTCEXL8o...	HTTP Parser: No favicon

HTTP Parser: No <meta name="author".. found

HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49742 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49723 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49742 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://gbmaucstans.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/bcc5fb0a8815/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://gbmaucstans.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/jgoie/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: http://gbmaucstans.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/jgoie/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8753fe19daf9b0e5 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/jgoie/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1360135987:1713267177:eg-nWfnh6VWXyBLyYRHZmVxAI3xrmNba1OE1g2HfQMw/8753fe19daf9b0e5/0ac2a8def4e2792 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8753fe19daf9b0e5/1713268593731/8Wn8SnzbY0rE6bf HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/jgoie/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8753fe19daf9b0e5/1713268593731/8Wn8SnzbY0rE6bf HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1360135987:1713267177:eg-nWfnh6VWXyBLyYRHZmVxAI3xrmNba1OE1g2HfQMw/8753fe19daf9b0e5/0ac2a8def4e2792 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1360135987:1713267177:eg-nWfnh6VWXyBLyYRHZmVxAI3xrmNba1OE1g2HfQMw/8753fe19daf9b0e5/0ac2a8def4e2792 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://gbmaucstans.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mail/favicon.ico HTTP/1.1Host: outlook.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://gbmaucstans.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mail/favicon.ico HTTP/1.1Host: outlook.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v3/auth HTTP/1.1Host: bc1qhefefhkqg4a9rhm372pr0wj.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adfs/portal/css/style.css HTTP/1.1Host: federation.cgi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: http://gbmaucstans.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adfs/portal/logo/logo.png?id=3013B2477D4F66BAEB617DB660EB3146818DCFD9D6B396C4B418E49E6B862AAD HTTP/1.1Host: federation.cgi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://gbmaucstans.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adfs/portal/illustration/illustration.jpg?id=9D9D353725787D2503EC8832EBCA188E379D39FDC95E12EFAE6C3247161E3AE3 HTTP/1.1Host: federation.cgi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://gbmaucstans.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adfs/portal/logo/logo.png?id=3013B2477D4F66BAEB617DB660EB3146818DCFD9D6B396C4B418E49E6B862AAD HTTP/1.1Host: federation.cgi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adfs/portal/illustration/illustration.jpg?id=9D9D353725787D2503EC8832EBCA188E379D39FDC95E12EFAE6C3247161E3AE3 HTTP/1.1Host: federation.cgi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /track?type=click&enid=bWFpbGluZ2lkPTM2MjMmbWVzc2FnZWlkPTQxMjEmZGF0YWJhc2VpZD05MDEmc2VyaWFsPTEyNzU1MDM1NzUmZW1haWxpZD13YXJpZXN0NTkzMzgud2Vla2x5bWFpbEBibG9nZ2VyLmNvbSZ1c2VyaWQ9NDcxJmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&2028&&&http://gbmaucstans.com/?ddg5B=ZnJhbmNvaXMuYm91bGFuZ2VyQGNnaS5jb20= HTTP/1.1Host: cubes.concordia.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?ddg5B=ZnJhbmNvaXMuYm91bGFuZ2VyQGNnaS5jb20= HTTP/1.1Host: gbmaucstans.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://cubes.concordia.ca/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /main/ HTTP/1.1Host: gbmaucstans.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://cubes.concordia.ca/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=btpuk4floh1qk6oeujtvrton07
Source: global traffic	HTTP traffic detected: GET /main/src.js HTTP/1.1Host: gbmaucstans.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://gbmaucstans.com/main/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=btpuk4floh1qk6oeujtvrton07
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gbmaucstans.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://gbmaucstans.com/main/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=btpuk4floh1qk6oeujtvrton07
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gbmaucstans.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=btpuk4floh1qk6oeujtvrton07

Source: unknown

DNS traffic detected: queries for: cubes.concordia.ca

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1360135987:1713267177:eg-nWfnh6VWXyBLyYRHZmVxAI3xrmNba1OE1g2HfQMw/8753fe19daf9b0e5/0ac2a8def4e2792 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 2747sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: 0ac2a8def4e2792sec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/jgoie/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49723 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@19/35@28/12

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 --field-trial-handle=2540,i,10552630930107338584,18205451540120361499,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cubes.concordia.ca/track?type=click&enid=bWFpbGluZ2lkPTM2MjMmbWVzc2FnZWlkPTQxMjEmZGF0YWJhc2VpZD05MDEmc2VyaWFsPTEyNzU1MDM1NzUmZW1haWxpZD13YXJpZXN0NTkzMzgud2Vla2x5bWFpbEBibG9nZ2VyLmNvbSZ1c2VyaWQ9NDcxJmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&2028&&&http://gbmaucstans.com/?ddg5B=ZnJhbmNvaXMuYm91bGFuZ2VyQGNnaS5jb20="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 --field-trial-handle=2540,i,10552630930107338584,18205451540120361499,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
52.96.122.2	LYH-efz.ms-acdc.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
185.216.70.4	bc1qhefefhkqg4a9rhm372pr0wj.com	Germany	43659	CLOUDCOMPUTINGDE	false
104.17.3.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
85.119.134.168	federation.cgi.com	Sweden	29217	WM-DATASE	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
198.98.54.45	gbmaucstans.com	United States	53667	PONYNETUS	false
64.233.177.147	www.google.com	United States	15169	GOOGLEUS	false
52.96.165.50	ooc-g2.tm-4.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.17.2.184	unknown	United States	13335	CLOUDFLARENETUS	false
132.205.186.10	cubes.concordia.ca	Canada	376	RISQ-ASCA	false

Private

IP
192.168.2.5

Contacted Domains

Name	IP	Active
cubes.concordia.ca	132.205.186.10	true
bg.microsoft.map.fastly.net	199.232.214.172	true
ooc-g2.tm-4.office.com	52.96.165.50	true
cdnjs.cloudflare.com	104.17.24.14	true
challenges.cloudflare.com	104.17.3.184	true
federation.cgi.com	85.119.134.168	true
www.google.com	64.233.177.147	true
gbmaucstans.com	198.98.54.45	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
LYH-efz.ms-acdc.office.com	52.96.122.2	true
bc1qhefefhkqg4a9rhm372pr0wj.com	185.216.70.4	true
outlook.office.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	false		high
https://federation.cgi.com/adfs/portal/logo/logo.png?id=3013B2477D4F66BAEB617DB660EB3146818DCFD9D6B396C4B418E49E6B862AAD	false		high
http://gbmaucstans.com/main/	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	false		high
https://challenges.cloudflare.com/turnstile/v0/b/bcc5fb0a8815/api.js?onload=onloadTurnstileCallback	false		high
https://federation.cgi.com/adfs/portal/illustration/illustration.jpg?id=9D9D353725787D2503EC8832EBCA188E379D39FDC95E12EFAE6C3247161E3AE3	false		high
http://gbmaucstans.com/?ddg5B=ZnJhbmNvaXMuYm91bGFuZ2VyQGNnaS5jb20=	false		unknown
http://gbmaucstans.com/main/main.php	false	0%, Virustotal, Browse	unknown
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	false		high
http://gbmaucstans.com/favicon.ico	false	1%, Virustotal, Browse	unknown
https://outlook.office.com/mail/favicon.ico	false		high
http://gbmaucstans.com/main/src.js	false	0%, Virustotal, Browse	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8753fe19daf9b0e5	false		high
https://bc1qhefefhkqg4a9rhm372pr0wj.com/api/v3/auth	false	5%, Virustotal, Browse	unknown
https://federation.cgi.com/adfs/portal/css/style.css	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/jgoie/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normal	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1360135987:1713267177:eg-nWfnh6VWXyBLyYRHZmVxAI3xrmNba1OE1g2HfQMw/8753fe19daf9b0e5/0ac2a8def4e2792	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8753fe19daf9b0e5/1713268593731/8Wn8SnzbY0rE6bf	false		high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 10:56:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	B4A7D30AC206B0FAEDDE333930760E10	5B48E8B4D3CF2D87E65963F83CF5FF3477434B11	5041C9A0FA6917C4B0A04392CAFCB1419A8B845B34D7FCC72AF51C7D324EA60E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 10:56:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	0042C3953852DD427EA906764BC62F94	FF9185151E4941250CED600B1295FCB54D0F47C1	310F6E9113893ECA21F8D10A466A24BA50D334B280FFA64ABCDC7550652135FC
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	7ADCFE8A4D750D1007D1DB7C2BD1E119	70433B1E287597389ECC57D8974A230A0090879B	C633009B55DA5410EB138B8DA169EFEF9434208E045168E419C1CDBEB01D1986
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 10:56:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	7BC9D9AC679E667D55C2BDBB30177EAE	4DAD29DFD286B2A1227BD7949CF8FF8CB3F591CC	C1F36FA6A0AE93A7F882E926BB8175B8FD301680A53AB4DE202C071E360CB4EE
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 10:56:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	A9697BF793EB3E8731574D132BDCF33C	8BEF1588443A78976B59721A357C919B702EE95B	5627718CB308D6B1F6B2065FF37D97717B4789BAB5E12CF535A4DD114A00E778
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 10:56:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	BF64D19C34035200F767C30A60500F4D	A69EEAE141D47A786B1D844F933ADE42C9763AA5	60BB4E7F255FA48A22BF63C0F747FB277CF0293FD8C1DB0D11D61EBEDCEFD4FC
Chrome Cache Entry: 68	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1080, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1420x1080, components 3	B6F49B92D66786E4948E9BC8C766E077	055EFF050554FE018AD56D8CD20034350AEF5A99	9D9D353725787D2503EC8832EBCA188E379D39FDC95E12EFAE6C3247161E3AE3
Chrome Cache Entry: 69	HTML document, ASCII text	83B862BEAD2D480026254FB2A6EB9969	26BAD9E6C1579172B0E3B6BC1C18918164FF6478	FB258CB538CA92D61C8CD4EB08CC23DA70C278B8766EAA731CE11E9B2F1DA4D4
Chrome Cache Entry: 70	gzip compressed data, max compression, from Unix, original size modulo 2^32 33188	D735ED1DA26F88E255A83175ADC84F03	FBC8258FBEF0C64F823F785B14B74110278320CC	34E751DCD9AEAFEA5777D35D53E978AB181AC129DF326BF920BD5FEF28A10B91
Chrome Cache Entry: 71	ASCII text, with no line terminators	C63BBD329146AA451DFCD7D4CD572DF5	6DEFC8FED9CD924EF3946AB5A64C472C0D998E8D	22993D2C8488DBF170D5C18CD16A5F40539C17AADBF97BA58360EFB296539335
Chrome Cache Entry: 72	JSON data	2D7D30EA1C6F925302D2C3ABED382951	5BA6BBC5670C4AF1125CF9AC0AA1CA2811E744D1	83C09BA9A8DAEDB136F90B17A294CAA90AD471A016E430DF6E229ACB5A81E100
Chrome Cache Entry: 73	HTML document, ASCII text	83B862BEAD2D480026254FB2A6EB9969	26BAD9E6C1579172B0E3B6BC1C18918164FF6478	FB258CB538CA92D61C8CD4EB08CC23DA70C278B8766EAA731CE11E9B2F1DA4D4
Chrome Cache Entry: 74	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1080, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1420x1080, components 3	B6F49B92D66786E4948E9BC8C766E077	055EFF050554FE018AD56D8CD20034350AEF5A99	9D9D353725787D2503EC8832EBCA188E379D39FDC95E12EFAE6C3247161E3AE3
Chrome Cache Entry: 75	ASCII text, with very long lines (40613)	D1048A66FC11EA28C3CB1488FAC82C62	F055707CF91F637EC19BF5E65BF378857E798469	8F1AD19042C2F9EE60C2DE21F37F788AF7B1ECCCDA8EEC1D877F9B9C0E994370
Chrome Cache Entry: 76	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 77	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel	AC16FA7FC862073B02ACD1187FC6DEF4	F2B9A6255F6293000F30EEE272ABDD372A14E9D3	E35D94B76894D6ECA96FF5B1A12D94DFE73485EF3C52CB5B4395BE8FFAC1CB45
Chrome Cache Entry: 78	PNG image data, 6 x 65, 8-bit/color RGB, non-interlaced	22A4B71BF88AA483050B89FD3C01022D	3FC4EA6F313DDA4B17EB3B58CD14771573A9D849	5857F8D00E5FE3F08A7800D5C0D786DC49C92C22D771E8B3893963AD8F303FA7
Chrome Cache Entry: 79	PNG image data, 6 x 65, 8-bit/color RGB, non-interlaced	22A4B71BF88AA483050B89FD3C01022D	3FC4EA6F313DDA4B17EB3B58CD14771573A9D849	5857F8D00E5FE3F08A7800D5C0D786DC49C92C22D771E8B3893963AD8F303FA7
Chrome Cache Entry: 80	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 81	PNG image data, 77 x 35, 8-bit/color RGBA, non-interlaced	258DC3169EF33BC23912AD70485EB1CE	F0777AC4EFCB2C05D7355623F3DDBABAEE46FD65	3013B2477D4F66BAEB617DB660EB3146818DCFD9D6B396C4B418E49E6B862AAD
Chrome Cache Entry: 82	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel	AC16FA7FC862073B02ACD1187FC6DEF4	F2B9A6255F6293000F30EEE272ABDD372A14E9D3	E35D94B76894D6ECA96FF5B1A12D94DFE73485EF3C52CB5B4395BE8FFAC1CB45
Chrome Cache Entry: 83	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	F1F9C5008A76C075B4513CED1AC9E550	E2BE231E3A5D250B8A98DEB28F2E24C24A42CEC6	E7265AE732FAB707944B19C7CA739854BC95F6518C09768DB0EFA1D412872EB4
Chrome Cache Entry: 84	PNG image data, 77 x 35, 8-bit/color RGBA, non-interlaced	258DC3169EF33BC23912AD70485EB1CE	F0777AC4EFCB2C05D7355623F3DDBABAEE46FD65	3013B2477D4F66BAEB617DB660EB3146818DCFD9D6B396C4B418E49E6B862AAD
Chrome Cache Entry: 85	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E

AV Detection

Antivirus / Scanner detection for submitted sample

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Multi AV Scanner detection for domain / URL

Source: https://bc1qhefefhkqg4a9rhm372pr0wj.com/api/v3/auth

Virustotal: Detection: 5%

Perma Link

Phishing

Phishing site detected (based on favicon image match)

Source: http://gbmaucstans.com	Matcher: Template: outlook matched with high similarity
Source: http://gbmaucstans.com/main/main.php#76BTvXEpvR7qiZVvg2YviuUz8X02NMvVS7Po5uNAlV1EVW9bZ7GhBARJyRMmDihwp6UuAI5WD6Ay3JJ2Qqkr1bbz3YWGgddFk8aVQfRumr2paMs1dNteYFO1DKITYWzi4KeV05pmwsMHfeJs1cH0Rw2ugLofHXxLIMGIR64ozQ6O5Ph71Y8SuanLWL0DJyprk6acceAL5GAbvRjxPrqkCN6yz6biFBK0HVcU9NGfugrZ7KxXcXhOKnmjuyCa9naRinLsarIFH9EPUbM683VTrhcVQP50cgRuDCWO4EtMO8BIknOtrJmS1zOSoUSBaK6On2DrH7dwgOeAc34DNrwP1kHqeA1pk7dHaR9SYmoebCPnGU1ulxjmS1M7CNwWVKE5BNXzalOlYDJFxL9Tisfbu2i6QP3LzIRavOKGay19cLOKwXDPqT0UWj1M84yHMpSieCYoa0xnLl7ijL7JF8EBrFozKWhxl9PzLOYWOvjARrSad0US8yuzeS9ZOqwazmJlaIhZdBA52sgfta8BJCbYukXjLutlQdG0VY09zAfB3vRwGZ8qBko6FmpqQSMG6sH1qIb0iqCmVtTCt124lra0NzrDsdjyG1A7JL72bKo7dhJGjMLFdWG0w7EYlYx1Z79JShL419berVVKIHpVD5W9dA7yyFAyMJhF03J1dVgERcpzTOvwUrG72OGBtgaf0rU1vD3IzjmqwLZpAuWvWCDYqjATAK8Bc3CHHGpg0MGwyGV9bSE7uh6UBGNcqWNDZqkG6KW6xDC6kyfvqUDUcKPNqC0RzNuzdPfjAcq7Q2daAtG1njVA3KounomXbRwpGMJgZ9oPbB0M5GNtZJ33urxSPUP1Lmqs8aJ7j7XuJXhOE5hEOkHjMfbC91EVn5nwf6EydB2XzkLdp3RdozxaOJNYKrT8wgFLmjkAUnytHjH6nykL7RWWAKUlbNuI49ursO1nbARSTyZh7j2fbZbMJ68VTCEXL8oeXqB90s2U11b8leoweAiYGqUz3yxPHW3EnFNo8PiaRujcJHIYh1XXsRxwp5l62pLp4zNdp6ngBGslnbkFdhCG8acyfxFhWqG10uepBCGdi9zGkTlyaXej8qRnYwEUWlWXQamsM3F5ceLx865i4kBcKsAJZfDWAzTrKgTxjzCvNo2Wu8ezsQMdjmWiBAeca8EUoxrH74cVsfRXn5xQWj3fG0yhANuKV8FjG70NbdIDtzBRF8HBrLR8MppmcU782MrJTsw5GeJ9Ok1usI5UuX2gnsDAmLIpx98rBEwiTfrIAsc2biXGg0XDsBdPmVeU4mmG1SYV8qDITQL59IMpIK2alg0IbeCgBYXCRWyZmcIg2tmcb8BUSE5eU5W5jzmVyjypf6pCi7TlAfxMo8GgNLvHRrNa096ytEYIKnl3veo6tVSR4z8RlDzc5nn6wtF07DJR14UwjjCNfvFj4NbprLCw8ZCFshGAVpsWuntNG6AVBgfG3r6vdI2lHF1aWHKS7cOBAiogpZc0frHjTNP6wRsewtptb9limaTXtidSipTyRASKoHRVzj95NyzYIUg55a2ytgrLFkjxVbhkT9fssoyfX7eG2uL8FOH848TKsdhopzIiIXKbmjqjqEZt9LBOAiXEqRpT4Hith0MZXxakQBDggDJppleZDcE434Y7LgB2hn2fUdzKOd14RLug6JgKVVPYZN6L4HOm5QB04aLSnMXeysvEbMp6He4H2at7ShtY85YdfJ6Dv3S4voIHa8NSnSAq23xVl1Tu6RHmAN06RTanhT4s2RkpJUPMYnIjpBOvtvS4jSbaLmx3fBvitQHdKxZJUI2kjRQNmIRFB3QnpnqEZWXtMEGxcGg7ojrIahvx0ncCq3ZPqquqmrT96AGigWpEgRmq8SX9faLGdKvEbZ5yrZHxzoQPlguB7R2gKZpZaaFnVb26b7FC6naGL1v6h0IoSKECJ3CTeih9tjgErWhxjsd4tJbKKT9CDOfnSRg69ygDSxhjtzRM25RvP2gAVqdyesV6kcdtLu7D2pXvYPi0V9wKcMl7dyGr1BylOMPzhWdjlbPk07kVhRGtE2BRAhiCTRXHENhVJvf5G4pHcKDtBjXfmy6WPpyIhwqVjIR3d68TbyAnieRUxP9UngRdGqWYWmTg5LjiSsc30Nrj1idz7ntvEkJkKFiG2cX7YgqQICUIpl1qEfZMDtihN1CyGUfJ7cR6shXaTRTidVJSbJEOcX50YHyFCNpK0gQsxODqFxJTttLEcqspnypmgY1TMqDMGufeiSEYpoRTRDx43ZtryTNOSPHEglrWPGb8zQ7ZeYS6CpaGpE7XxVMpKt40PwXFd8NMZULdTEjw4uct8krFfe50Ia1xGZcT80G7VskP6Ela8xEgR6W7k272c9AT8MNgNunIWIy3mTdvrSMjYIqjLylYHVRQIF6v9te6cM9yFn37fQqezQxkpSi6OaWwQ32Zxg5J3ehJClQRcg5L6C5wvoCjyzQoDSoa9uTcJbVlxLcJ2iv9UAFpZiJyRzWvrlFAQzNzKJUiu72xqxGk8lK7DtFv2C0uXG5OfSn0Bii6qkDQSkb0FV7joMProQVmw1aMTyMvQ4Chpf7hAihfdpzCbo4Af0XL17xVFkqwo2NOiV6Sdn8rMH4Y68yl8v7aDF5jZvQoyEcRzjJMGSetAisGq12zwaJaPOuPkkdTYqKyJulqmzUXRmEinGRURB5HqzwKTKESaorTTMkfleddARvYynSpZX6pxDarnOjydKs6xMmS0z6BqCzY0soZqvpX9zownI4AtwH0j3SjCYV3Av2AXqAoWZl5yJCWsGxVdeVwiOQUMMYnh0YfqzDnyYs7I44aLC6YR1v9Pm4C820p2YFtyiQ6hie0nib8Uh7LiCU8ZYK71Kx3JcwhumoMFCM3UXbPeiAxVvFVuq2vbzyVL5cgsB28dPb8MmX1FyyB3ewxEz3Q9CLVHYbazeiN3uVQRTSxrq8vFF3kf6aoJVjrTvBtKUgNpcEg?cfg=francois.boulanger@cgi.com	Matcher: Template: outlook matched with high similarity

Phishing site detected (based on image similarity)

Matcher: Found strong image similarity, brand: MICROSOFT

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML page contains hidden URLs or javascript code

HTTP Parser: Base64 decoded: http://gbmaucstans.com/?ddg5B=ZnJhbmNvaXMuYm91bGFuZ2VyQGNnaS5jb20=

HTML title does not match URL

HTTP Parser: Title: Sign In does not match URL

None HTTPS page querying sensitive user data (password, username or email)

HTTP Parser: Has password / email / username input fields

Phishing site detected (based on OCR NLP Model)

Source: Chrome DOM: 0.0

HTTP Parser: <input type="password" .../> found

Source: http://cubes.concordia.ca/track?type=click&enid=bWFpbGluZ2lkPTM2MjMmbWVzc2FnZWlkPTQxMjEmZGF0YWJhc2VpZD05MDEmc2VyaWFsPTEyNzU1MDM1NzUmZW1haWxpZD13YXJpZXN0NTkzMzgud2Vla2x5bWFpbEBibG9nZ2VyLmNvbSZ1c2VyaWQ9NDcxJmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&2028&&&http://gbmaucstans.com/?ddg5B=ZnJhbmNvaXMuYm91bGFuZ2VyQGNnaS5jb20=	HTTP Parser: No favicon
Source: http://gbmaucstans.com/main/	HTTP Parser: No favicon
Source: http://gbmaucstans.com/main/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/jgoie/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/jgoie/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normal	HTTP Parser: No favicon
Source: http://gbmaucstans.com/main/main.php#76BTvXEpvR7qiZVvg2YviuUz8X02NMvVS7Po5uNAlV1EVW9bZ7GhBARJyRMmDihwp6UuAI5WD6Ay3JJ2Qqkr1bbz3YWGgddFk8aVQfRumr2paMs1dNteYFO1DKITYWzi4KeV05pmwsMHfeJs1cH0Rw2ugLofHXxLIMGIR64ozQ6O5Ph71Y8SuanLWL0DJyprk6acceAL5GAbvRjxPrqkCN6yz6biFBK0HVcU9NGfugrZ7KxXcXhOKnmjuyCa9naRinLsarIFH9EPUbM683VTrhcVQP50cgRuDCWO4EtMO8BIknOtrJmS1zOSoUSBaK6On2DrH7dwgOeAc34DNrwP1kHqeA1pk7dHaR9SYmoebCPnGU1ulxjmS1M7CNwWVKE5BNXzalOlYDJFxL9Tisfbu2i6QP3LzIRavOKGay19cLOKwXDPqT0UWj1M84yHMpSieCYoa0xnLl7ijL7JF8EBrFozKWhxl9PzLOYWOvjARrSad0US8yuzeS9ZOqwazmJlaIhZdBA52sgfta8BJCbYukXjLutlQdG0VY09zAfB3vRwGZ8qBko6FmpqQSMG6sH1qIb0iqCmVtTCt124lra0NzrDsdjyG1A7JL72bKo7dhJGjMLFdWG0w7EYlYx1Z79JShL419berVVKIHpVD5W9dA7yyFAyMJhF03J1dVgERcpzTOvwUrG72OGBtgaf0rU1vD3IzjmqwLZpAuWvWCDYqjATAK8Bc3CHHGpg0MGwyGV9bSE7uh6UBGNcqWNDZqkG6KW6xDC6kyfvqUDUcKPNqC0RzNuzdPfjAcq7Q2daAtG1njVA3KounomXbRwpGMJgZ9oPbB0M5GNtZJ33urxSPUP1Lmqs8aJ7j7XuJXhOE5hEOkHjMfbC91EVn5nwf6EydB2XzkLdp3RdozxaOJNYKrT8wgFLmjkAUnytHjH6nykL7RWWAKUlbNuI49ursO1nbARSTyZh7j2fbZbMJ68VTCEXL8o...	HTTP Parser: No favicon

HTTP Parser: No <meta name="author".. found

HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49742 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49723 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49742 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://gbmaucstans.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/bcc5fb0a8815/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://gbmaucstans.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/jgoie/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: http://gbmaucstans.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/jgoie/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8753fe19daf9b0e5 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/jgoie/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1360135987:1713267177:eg-nWfnh6VWXyBLyYRHZmVxAI3xrmNba1OE1g2HfQMw/8753fe19daf9b0e5/0ac2a8def4e2792 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8753fe19daf9b0e5/1713268593731/8Wn8SnzbY0rE6bf HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/jgoie/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8753fe19daf9b0e5/1713268593731/8Wn8SnzbY0rE6bf HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1360135987:1713267177:eg-nWfnh6VWXyBLyYRHZmVxAI3xrmNba1OE1g2HfQMw/8753fe19daf9b0e5/0ac2a8def4e2792 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1360135987:1713267177:eg-nWfnh6VWXyBLyYRHZmVxAI3xrmNba1OE1g2HfQMw/8753fe19daf9b0e5/0ac2a8def4e2792 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://gbmaucstans.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mail/favicon.ico HTTP/1.1Host: outlook.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://gbmaucstans.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mail/favicon.ico HTTP/1.1Host: outlook.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v3/auth HTTP/1.1Host: bc1qhefefhkqg4a9rhm372pr0wj.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adfs/portal/css/style.css HTTP/1.1Host: federation.cgi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: http://gbmaucstans.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adfs/portal/logo/logo.png?id=3013B2477D4F66BAEB617DB660EB3146818DCFD9D6B396C4B418E49E6B862AAD HTTP/1.1Host: federation.cgi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://gbmaucstans.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adfs/portal/illustration/illustration.jpg?id=9D9D353725787D2503EC8832EBCA188E379D39FDC95E12EFAE6C3247161E3AE3 HTTP/1.1Host: federation.cgi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://gbmaucstans.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adfs/portal/logo/logo.png?id=3013B2477D4F66BAEB617DB660EB3146818DCFD9D6B396C4B418E49E6B862AAD HTTP/1.1Host: federation.cgi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adfs/portal/illustration/illustration.jpg?id=9D9D353725787D2503EC8832EBCA188E379D39FDC95E12EFAE6C3247161E3AE3 HTTP/1.1Host: federation.cgi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /track?type=click&enid=bWFpbGluZ2lkPTM2MjMmbWVzc2FnZWlkPTQxMjEmZGF0YWJhc2VpZD05MDEmc2VyaWFsPTEyNzU1MDM1NzUmZW1haWxpZD13YXJpZXN0NTkzMzgud2Vla2x5bWFpbEBibG9nZ2VyLmNvbSZ1c2VyaWQ9NDcxJmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&2028&&&http://gbmaucstans.com/?ddg5B=ZnJhbmNvaXMuYm91bGFuZ2VyQGNnaS5jb20= HTTP/1.1Host: cubes.concordia.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?ddg5B=ZnJhbmNvaXMuYm91bGFuZ2VyQGNnaS5jb20= HTTP/1.1Host: gbmaucstans.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://cubes.concordia.ca/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /main/ HTTP/1.1Host: gbmaucstans.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://cubes.concordia.ca/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=btpuk4floh1qk6oeujtvrton07
Source: global traffic	HTTP traffic detected: GET /main/src.js HTTP/1.1Host: gbmaucstans.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://gbmaucstans.com/main/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=btpuk4floh1qk6oeujtvrton07
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gbmaucstans.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://gbmaucstans.com/main/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=btpuk4floh1qk6oeujtvrton07
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gbmaucstans.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=btpuk4floh1qk6oeujtvrton07

Source: unknown

DNS traffic detected: queries for: cubes.concordia.ca

Source: unknown

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49723 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@19/35@28/12

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 --field-trial-handle=2540,i,10552630930107338584,18205451540120361499,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cubes.concordia.ca/track?type=click&enid=bWFpbGluZ2lkPTM2MjMmbWVzc2FnZWlkPTQxMjEmZGF0YWJhc2VpZD05MDEmc2VyaWFsPTEyNzU1MDM1NzUmZW1haWxpZD13YXJpZXN0NTkzMzgud2Vla2x5bWFpbEBibG9nZ2VyLmNvbSZ1c2VyaWQ9NDcxJmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&2028&&&http://gbmaucstans.com/?ddg5B=ZnJhbmNvaXMuYm91bGFuZ2VyQGNnaS5jb20="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 --field-trial-handle=2540,i,10552630930107338584,18205451540120361499,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1426704
Product:	CloudBasic
Start time:	13:55:35
Start date:	16.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs