Analysis Report http://www.tfaforms.com/responses/processor

Overview

General Information

Sample URL:	http://www.tfaforms.com/responses/processor
Analysis ID:	358587
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.174.150.168:443 -> 192.168.2.5:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.174.150.168:443 -> 192.168.2.5:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.196.12.68:443 -> 192.168.2.5:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.196.12.68:443 -> 192.168.2.5:49755 version: TLS 1.2

Networking:

Source: global traffic	HTTP traffic detected: GET /responses/processor HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dist/form-builder/5.0.0/wforms-layout.css?v=6b1109ac309299ec751af6a3c690f678773e405f HTTP/1.1Accept: text/css, /Referer: http://www.tfaforms.com/responses/processorAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL; AWSALBCORS=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL
Source: global traffic	HTTP traffic detected: GET /wForms/3.11/js/wforms.js?v=6b1109ac309299ec751af6a3c690f678773e405f HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://www.tfaforms.com/responses/processorAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL; AWSALBCORS=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL
Source: global traffic	HTTP traffic detected: GET /js/iframe_message_helper_internal.js?v=2 HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://www.tfaforms.com/responses/processorAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL; AWSALBCORS=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL
Source: global traffic	HTTP traffic detected: GET /dist/form-builder/5.0.0/wforms-jsonly.css?v=6b1109ac309299ec751af6a3c690f678773e405f HTTP/1.1Accept: text/css, /Referer: http://www.tfaforms.com/responses/processorAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=KCbRl27TtolgZdt9YzzzEVXZShIHcErTPtr3hJOL7l8pRtWwPgaR+axy8lVtC9EdUQZFe9KlOpFVmtCxnGesMOb1TBg7xk0/jGmMcdW5a093IRzUAJECn4roAuCZ; AWSALBCORS=KCbRl27TtolgZdt9YzzzEVXZShIHcErTPtr3hJOL7l8pRtWwPgaR+axy8lVtC9EdUQZFe9KlOpFVmtCxnGesMOb1TBg7xk0/jGmMcdW5a093IRzUAJECn4roAuCZ
Source: global traffic	HTTP traffic detected: GET /responses/favicon.ico HTTP/1.1User-Agent: AutoItHost: www.tfaforms.comCookie: AWSALB=rX+ntaeAJCEkzztTjGj94kJTM2s7FB1FnMDrpmrd32zmMXoTesGf8ZLBQdoUumC0EQIhtCim8tUb7TVUDZ+ZTwG+x22XOR6IjUEs2Y16AidM6w3hGoDIn5hX8FSZ; AWSALBCORS=rX+ntaeAJCEkzztTjGj94kJTM2s7FB1FnMDrpmrd32zmMXoTesGf8ZLBQdoUumC0EQIhtCim8tUb7TVUDZ+ZTwG+x22XOR6IjUEs2Y16AidM6w3hGoDIn5hX8FSZ
Source: global traffic	HTTP traffic detected: GET /support/ HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=Jr1KpBU0IiY2xw54lW1Dmf0+Y1qJzsbrtbg4DyaV5cWmuitGVUmQvVYJhx9Bccjkyqn1DwY/lWDeTSADlti3m4300rktFVFipBuOGSfwKq+wQcNmzRqe/UV6ql2D; AWSALBCORS=Jr1KpBU0IiY2xw54lW1Dmf0+Y1qJzsbrtbg4DyaV5cWmuitGVUmQvVYJhx9Bccjkyqn1DwY/lWDeTSADlti3m4300rktFVFipBuOGSfwKq+wQcNmzRqe/UV6ql2D
Source: global traffic	HTTP traffic detected: GET /pages/support HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=w2xsCRk8PDwyPr2U7uUX039HzmHDtqkU4eBp/O2BRjf+Jny08ehMgk4sD2wTwPyNOmZN2UAaz6WF+V27xF0v0RPZjE1nQN4BrUwpRSJEq5UGNZxx90wDnvw9BcSh; AWSALBCORS=w2xsCRk8PDwyPr2U7uUX039HzmHDtqkU4eBp/O2BRjf+Jny08ehMgk4sD2wTwPyNOmZN2UAaz6WF+V27xF0v0RPZjE1nQN4BrUwpRSJEq5UGNZxx90wDnvw9BcSh

Source: unknown

DNS traffic detected: queries for: www.tfaforms.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 Feb 2021 20:54:05 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveSet-Cookie: AWSALB=Jr1KpBU0IiY2xw54lW1Dmf0+Y1qJzsbrtbg4DyaV5cWmuitGVUmQvVYJhx9Bccjkyqn1DwY/lWDeTSADlti3m4300rktFVFipBuOGSfwKq+wQcNmzRqe/UV6ql2D; Expires=Thu, 04 Mar 2021 20:54:04 GMT; Path=/Set-Cookie: AWSALBCORS=Jr1KpBU0IiY2xw54lW1Dmf0+Y1qJzsbrtbg4DyaV5cWmuitGVUmQvVYJhx9Bccjkyqn1DwY/lWDeTSADlti3m4300rktFVFipBuOGSfwKq+wQcNmzRqe/UV6ql2D; Expires=Thu, 04 Mar 2021 20:54:04 GMT; Path=/; SameSite=NoneServer: nginxP3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"Set-Cookie: CAKEPHP=08f519fdfa456469e460b5af44981a9f; HttpOnly=1; Path=/; SameSite=None; SecureData Raw: 36 63 62 30 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 28 77 69 6e 64 6f 77 2e 4e 52 45 55 4d 7c 7c 28 4e 52 45 55 4d 3d 7b 7d 29 29 2e 69 6e 69 74 3d 7b 70 72 69 76 61 63 79 3a 7b 63 6f 6f 6b 69 65 73 5f 65 6e 61 62 6c 65 64 3a 66 61 6c 73 65 7d 7d 3b 28 77 69 6e 64 6f 77 2e 4e 52 45 55 4d 7c 7c 28 4e 52 45 55 4d 3d 7b 7d 29 29 2e 6c 6f 61 64 65 72 5f 63 6f 6e 66 69 67 3d 7b 78 70 69 64 3a 22 56 51 41 4f 55 56 42 54 43 78 41 4a 56 46 46 55 44 67 63 46 56 41 3d 3d 22 2c 6c 69 63 65 6e 73 65 4b 65 79 3a 22 63 33 33 32 39 34 66 35 64 66 22 2c 61 70 70 6c 69 63 61 74 69 6f 6e 49 44 3a 22 39 30 30 36 39 36 32 32 22 7d 3b 77 69 6e 64 6f 77 2e 4e 52 45 55 4d 7c 7c 28 4e 52 45 55 4d 3d 7b 7d 29 2c 5f 5f 6e 72 5f 72 65 71 75 69 72 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 6e 29 7b 69 66 28 21 65 5b 6e 5d 29 7b 76 61 72 20 69 3d 65 5b 6e 5d 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 74 5b 6e 5d 5b 30 5d 2e 63 61 6c 6c 28 69 2e 65 78 70 6f 72 74 73 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 69 3d 74 5b 6e 5d 5b 31 5d 5b 65 5d 3b 72 65 74 75 72 6e 20 72 28 69 7c 7c 65 29 7d 2c 69 2c 69 2e 65 78 70 6f 72 74 73 29 7d 72 65 74 75 72 6e 20 65 5b 6e 5d 2e 65 78 70 6f 72 74 73 7d 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 5f 5f 6e 72 5f 72 65 71 75 69 72 65 29 72 65 74 75 72 6e 20 5f 5f 6e 72 5f 72 65 71 75 69 72 65 3b 66 6f 72 28 76 61 72 20 69 3d 30 3b 69 3c 6e 2e 6c 65 6e 67 74 68 3b Data Ascii: 6cb0<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/><script type="text/javascript">(window.NREUM||(NREUM={})).init={privacy:{cookies_enabled:false}};(window.NREUM||(NREUM={})).loader_config={xpid:"VQAOUVBTCxAJVFFUDgcFVA==",licenseKey:"c33294f5df",applicationID:"90069622"};window.NREUM||(NREUM={}),__nr_require=function(t,e,n){function r(n){if(!e[n]){var i=e[n]

Source: flat-ui-icons-regular[1].eot.2.dr	String found in binary or memory: http://creativecommons.org/licenses/by-nc-nd/3.0/Version
Source: flat-ui-icons-regular[1].eot.2.dr	String found in binary or memory: http://designmodo.com/flatSergey
Source: flat-ui-icons-regular[1].eot.2.dr	String found in binary or memory: http://designmodo.comAttribution-NonCommercial-NoDerivs
Source: g=koCss[1].css.2.dr	String found in binary or memory: http://designmodo.github.io/Flat-UI/)
Source: g=koFontawesome[1].css.2.dr, fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.io
Source: g=koFontawesome[1].css.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.io/license/
Source: fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: g=koCss[1].css.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: wforms-layout[1].css.2.dr	String found in binary or memory: http://stackoverflow.com/questions/1716183/html-fieldset-allows-children-to-expand-indefinitely
Source: wforms-layout[1].css.2.dr	String found in binary or memory: http://stackoverflow.com/questions/20524815/ie-11-bug-image-inside-label-inside-form
Source: g=publicJsFooter[1].js.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: ~DF48068F2185627C41.TMP.1.dr	String found in binary or memory: http://www.tfaforms.com/responses/processor
Source: {FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: http://www.tfaforms.com/responses/processor2FRoot
Source: {FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: http://www.tfaforms.com/responses/processor2Fbly.com/helpocessorRoot
Source: ~DF48068F2185627C41.TMP.1.dr	String found in binary or memory: http://www.tfaforms.com/responses/processor2FormAssembly.com
Source: {FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: http://www.tfaforms.com/responses/processorRoot
Source: help[1].htm.2.dr	String found in binary or memory: http://www3.formassembly.com/blog/wp-content/uploads/2014/03/play.png);
Source: help[1].htm.2.dr	String found in binary or memory: http://www3.formassembly.com/blog/wp-content/uploads/2014/03/play_orange.png);
Source: analytics[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: help[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Lato
Source: help[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wWA.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhv.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0d.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjo0oSmb2Rl.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoa4Omb2Rl.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISmb2Rl.woff)
Source: help[1].htm.2.dr	String found in binary or memory: https://formassembly.workable.com
Source: iframe_message_helper_internal[1].js.2.dr	String found in binary or memory: https://github.com/andris9/simpleStorage
Source: g=koCss[1].css.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: {FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: https://help.formassem
Source: help[1].htm.2.dr	String found in binary or memory: https://help.formassembly.com/app/image/id/5eac6dd7ad121cde5ddf2202/n/avenir-heavy.woff2
Source: ~DF48068F2185627C41.TMP.1.dr, help[1].htm.2.dr	String found in binary or memory: https://help.formassembly.com/help
Source: help[1].htm.2.dr	String found in binary or memory: https://help.formassembly.com/help/form-tags-and-descriptions
Source: ~DF48068F2185627C41.TMP.1.dr	String found in binary or memory: https://help.formassembly.com/helpVFormAssembly
Source: ~DF48068F2185627C41.TMP.1.dr	String found in binary or memory: https://help.formassembly.com/helpocessor
Source: ~DF48068F2185627C41.TMP.1.dr	String found in binary or memory: https://help.formassembly.com/helpocessorf
Source: {FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: https://help.formassembly.com/helpocessorx
Source: iframe_message_helper_internal[1].js.2.dr	String found in binary or memory: https://help.formassembly.com/knowledgebase/articles/340359-publish-with-an-iframe
Source: {FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: https://help.formassemm/responses/processorbly.com/helpocessorRoot
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: analytics[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.formassembly.com/content/uploads/2017/05/Favicon.png
Source: help[1].htm.2.dr	String found in binary or memory: https://www.formassembly.com/privacy-policy.php
Source: help[1].htm.2.dr	String found in binary or memory: https://www.formassembly.com/terms-of-service.php
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: help[1].htm.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: recaptcha__en[1].js.2.dr, api[1].js.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: api[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/jxFQ7RQ9s9HTGKeWcoa6UQdD/recaptcha__en.js

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.174.150.168:443 -> 192.168.2.5:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.174.150.168:443 -> 192.168.2.5:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.196.12.68:443 -> 192.168.2.5:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.196.12.68:443 -> 192.168.2.5:49755 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: clean0.win@3/41@9/5

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FD194315-77F6-11EB-90E5-ECF4BB570DC9}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF049D6DF724C2332B.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4616 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4616 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.224.89.142	unknown	United States	16509	AMAZON-02US	false
35.174.150.168	unknown	United States	14618	AMAZON-AESUS	false
104.196.12.68	unknown	United States	15169	GOOGLEUS	false
3.226.66.230	unknown	United States	14618	AMAZON-AESUS	false
54.152.202.195	unknown	United States	14618	AMAZON-AESUS	false

Contacted Domains

Name	IP	Active
formassembly.knowledgeowl.com	54.152.202.195	true
app-elbapp-a6b1wbowxm9e-391051627.us-east-1.elb.amazonaws.com	3.226.66.230	true
app.knowledgeowl.com	54.152.202.195	true
dyzz9obi78pm5.cloudfront.net	13.224.89.142	true
pi-ue1-lba3.pardot.com	35.174.150.168	true
formassembly.com	104.196.12.68	true
www.tfaforms.com	unknown	unknown
js-agent.newrelic.com	unknown	unknown
help.formassembly.com	unknown	unknown
bam-cell.nr-data.net	unknown	unknown
www.formassembly.com	unknown	unknown
pi.pardot.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
http://www.tfaforms.com/responses/processor	false	high
http://www.tfaforms.com/wForms/3.11/js/wforms.js?v=6b1109ac309299ec751af6a3c690f678773e405f	false	high
http://www.tfaforms.com/js/iframe_message_helper_internal.js?v=2	false	high
http://www.tfaforms.com/support/	false	high
https://help.formassembly.com/help	false	high
http://www.tfaforms.com/responses/favicon.ico	false	high
http://www.tfaforms.com/dist/form-builder/5.0.0/wforms-jsonly.css?v=6b1109ac309299ec751af6a3c690f678773e405f	false	high
http://www.tfaforms.com/pages/support	false	high
http://www.tfaforms.com/dist/form-builder/5.0.0/wforms-layout.css?v=6b1109ac309299ec751af6a3c690f678773e405f	false	high
http://www.tfaforms.com/responses/processor	false	high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\DURNCK2N\www.tfaforms[1].xml	ASCII text, with no line terminators	132294CA22370B52822C17DCB5BE3AF6	DD26B82638AD38AD471F7621A9EB79FED448A71C	451ABBE0AEFC000F49967DABF8D42344D146429F03C8C8D4AE5E33FF9963CF77
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FD194315-77F6-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	B8D5EF430AD0B9D97F8BAE1E542BB308	3DF93C92E05464EDB0262CD61974A73D4EDD83E2	7ACB3E5EBC810FA75570D1602EFB1B83875371AB712439273F2827B34AB54C1C
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	BD959427FE90F6C2B29CE1C96155D59C	0515D0EBEAEF4EBEA8C1A3AD70DDC67ED933BB93	D002A0654B0543EC8F1AA735EF8E55C79893409652AD1102F09CA5DF2FDE7F3F
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FD194318-77F6-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	A9960B910D188984CE9830D587FCF3E8	0897D1B55DE3B26045BBB7987A063A28A35FB504	A8E23AD72DA2DAB97C61F7C0397F77D4F17DCA1F191FCE9EB4A8DC4828FC356F
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\dikxvqf\imagestore.dat	data	A7ABA22AB5FE3A8403F0052EAF1FA3F7	C14ADDC997BC88B346D6505BBD341800F59ECB43	306D7634E159C01D65DF65B57EC8E3EE9E56869792C8B210A42553CC506EF764
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\Favicon[1].htm	HTML document, ASCII text, with CRLF line terminators	4F8E702CC244EC5D4DE32740C0ECBD97	3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF	9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\analytics[1].js	ASCII text, with very long lines	6A10EB2BB5C90414980729F4F96FFBDA	8BBBD5948255549E4B691B614AA3177DEA9AF1B7	0F3BE44690AE9914AE3E47B7752E1BDEA316F09938E9094F99E0DE19CCD8987A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\flat-ui-icons-regular[1].eot	Embedded OpenType (EOT), flat-ui-pro-icons family	F1D025E1D5DC1B25678397FCF6AE70D7	ACA0199880BA1945FEB4AE85DFDF7436D4AFFEC2	DD97A7F8D8B4B790804C55C6C7FE10CBF0D6DC7CA4782201774A4DE1196E290F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\fontawesome-webfont[1].eot	Embedded OpenType (EOT), FontAwesome family	674F50D287A8C48DC19BA404D20FE713	D980C2CE873DC43AF460D4D572D441304499F400	7BFCAB6DB99D5CFBF1705CA0536DDC78585432CC5FA41BBD7AD0F009033B2979
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\g=koCss[1].css	ASCII text, with very long lines	94A9B8F202B7E5F82FA1D9D1D3782DF1	AC5D534A5964FCB8DAF843168F19A6C559E316F8	870425DFBB1EBF55058A7C67FF5C86A28B7900555D0D9BB54557CED4E498120E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\help[1].htm	HTML document, ASCII text, with very long lines, with CRLF, LF line terminators	92742A0BE374285C597B3D43C7C19A2B	75CFCEEF32E42E124E6EDB7746646C5BD17A19E9	AAE0D2C03A00C3C87C027DBDA79F55CCE98CFE4B1145CCE3B1114BB99396178E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\rainbow-custom.min[1].js	ASCII text, with very long lines	83B8621ACC08A9921D10DAD68E6CB234	BFD1BAC2B6EA455B05076E3DA688B71BA4DC9C78	7D396FB0806284C2D164F205B2D2251339F3A30E91D0935E1D3EB9B76112BA45
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\wforms-jsonly[1].css	ASCII text	7115B3A93075ECB5E36335002FCAFF7E	F655788CAA361AA3F2A6A3A1AAD1FCA871450743	2C3626D21F1D22DC053238489A0AC7B58C451C95B516C1A13BD8BCF08E555C1A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\Favicon[1].png	PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced	9BC284924A839F4CCDEB5167E28804B7	6CC3350B72D727F596BE53C1891D101C844F7D66	E7650F78F6405F203399B6A590BC2A884AF74616E89A63E0E0078CA94EC8165C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\api[1].js	ASCII text, with very long lines, with no line terminators	F265186D221473A895D2373E5666BC80	1B167F3E67EA18FD54FA21AFB265156B4AEAF7E6	7BE93782718B63BDF0478467DBAE39879064F603EB44D42A90A6C6FEE1EE81A3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\css[1].css	ASCII text	21293E4BE383F939F010DEEFB93A12DC	63B5D1E607AC77495ABCC9450717EFC4DD39B35B	A026EF5D961447E008A0E17E2D1B5076A09D1AD83C1FE38C6954E66B420A8484
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\css[2].css	ASCII text	44CB14977FC77909F0C8EA26B9A22094	236BB248452AD13193C37AE0A040C8C68420C7DA	4696FA8BF1CF824217DDF70DF758460696FFF45DE941540F52C5E17DB3D40800
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\g=publicJsFooter[1].js	ASCII text, with very long lines	7BF4A2C91F6A22CA2A39FE11830F431B	3E2A5DE28278B18AF1A15089AA066A154BB6E50F	2FD1FFA5DD8AED0B247F54A5FA28EF1EEDBECD3D7DF803D4B1664FB3FCD2147B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\pd[1].js	ASCII text, with very long lines	4801DAC64526FE7AE9A2B34F19E7943F	4DF465117F396C248B6A3EFC4E897D496C1D2041	925BE107869153B6120DE872C1AE333977BFAEE69A0F7C6271F32D4A8348BCA8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\wforms-layout[1].css	ASCII text	468114E6FD705DA883A1EC1182EA0513	196C780923CCB37B90C395086F3274FDC19D90CC	7DAD717CD3BBABC16A91B8404874EDA70C68F023A66DDEEA1D26579C0C774215
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\wforms[1].js	ASCII text, with very long lines	14E383468CFC2E8356E5007F5946F85E	97124AC35550A0FA6165EFD184E4D1D92E7F06D8	900D2CBF35F85BDB03AFBD715CF013E206C87C932134D4D966399ABE5BFC1F39
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\c33294f5df[1].gif	GIF image data, version 89a, 1 x 1	BC32ED98D624ACB4008F986349A20D26	2D3DF8C11D2168CE2C27E0937421D11D85016361	0C9CF152A0AD00D4F102C93C613C104914BE5517AC8F8E0831727F8BFBE8B300
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\g=koFontawesome[1].css	ASCII text, with very long lines	4405176548FEF6B438C79BA353FDFFB5	E3679C8CD9EE81EB23D782A8B6FB996C9102ACD7	A9F4746243E00C74C7CAE7F9BE3E0A6B588C8513711E80FD7D8B887251C2834E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\jquery.min[1].js	ASCII text, with very long lines	D72D040960D0CD6ABDF28AE022F1DE3D	D5339F5085091C053614137F81390BB5CBB3EB41	54BC986C1297FEDA871DEFF1E37DBA0FD6545EA40491C1FAB05E28BBD7309322
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\lato-black[1].eot	Embedded OpenType (EOT), Lato Black family	5407DE996A439DD4470D0A1E98ECD396	4C4F74BFD9C499AE6FF7E5BA3CC13A9C3F2C22DD	D572501EFAA6AFF46941C17D10C9A8B2F8A2ECA3E33E7EF0C4C49D73E41FD206
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\lato-bold[1].eot	Embedded OpenType (EOT), Lato family	2D4919CE2E98D98674657605CEEF758B	3A74EA081B6A622B43164D4C43AF7D78FAA1C52B	3A18A112543C04AD0AD5C0365F4B535A5D6CEAD1C720D88595729A33FAAA12C1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\lato-bolditalic[1].eot	Embedded OpenType (EOT), Lato family	8A6AF3182A48E9E713931C04E6C656E8	1D7EF4A285A6B3E4D942E25FB05718357D26B532	F63842BB377D0345DA11E322928CB4D363F138AFAEF944BBCB31439A32E255EE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\lato-italic[1].eot	Embedded OpenType (EOT), Lato family	CCE53FC2EB9E68832563771801E3B84B	68DA735AB36101777F8C0F03AB257A5AF4EB3A32	642B31507C814CEC165C55FFC37F06AF12502BAB0BD4377EA1D8FA67CA6DAC7B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\lato-light[1].eot	Embedded OpenType (EOT), Lato Light family	1B75C6E45BFC6D5659B119723A95FB0C	DE33FE3EDF02B9A283840D832DBD7CA6EC751746	6EABBF263F4E5F08EC1046F174EA06598B573D807320C2B833987F84F3047518
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\lato-regular[1].eot	Embedded OpenType (EOT), Lato family	77F286E48A458105B9DEB4433D0844D9	7CC6733853B2A7F917824B68FDDBED2A735E0828	DFE79473D1A937DFDEE1EF16C453B7C52FDE7E35ECC37798EFE80710A091D6F0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\nr-1198.min[1].js	ASCII text, with very long lines, with no line terminators	59C98195BA35E0B45CBE2E5BEEBD1AC8	BB1DD82667456B0B608750BBF8D2871A018535B0	39893061747F88B837A34D0395D05FCA83E7CD5BBF2D582D181A73C5C9A174C6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\S6uyw4BMUTPHjx4wWA[1].woff	Web Open Font Format, TrueType, length 28660, version 1.1	B8EE546ACD6CC0C49F42AD3D48EF244F	7D8BFF4143A36AA9CC1C2801F60FA0E99969E3F6	04050BAE4CC3B9CCD20D3C7F57F5B1BA249D4A54D6EFF75A1E4DF504362E8C00
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\analytics[1].htm	UTF-8 Unicode text, with no line terminators	5090AC56E33ACAFB87EF9885B07AD758	3323A659231A1C5E6D0E2B7D94443C8393CC91D7	D5ED0D3BB98AE16AD90BE29DB3BECF6153A1390B922506A19CCCF2400BBDB1C1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\c33294f5df[1].gif	GIF image data, version 89a, 1 x 1	BC32ED98D624ACB4008F986349A20D26	2D3DF8C11D2168CE2C27E0937421D11D85016361	0C9CF152A0AD00D4F102C93C613C104914BE5517AC8F8E0831727F8BFBE8B300
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\c33294f5df[1].js	ASCII text, with no line terminators	06DD80AEB628C60DC680BC7A4BEE6651	8C86EB7DDFF5E1E5D527BD7A41C9D3F6767E23E0	5E864C2E3F674C60970513411EAEEEAFD2D615D842E65EC01D09CCFCB4A7B38D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\iframe_message_helper_internal[1].js	ASCII text, with very long lines	2487F6102C216F30BAE1C6F30719AA4E	219F04E9D52126BAF4019155A37704A2506A106D	3F43A10CC040E064D28E2200C192C162A48C22ECB10BA69EFAE5F628DD0EFDE4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\recaptcha__en[1].js	ASCII text, with very long lines	32C49DC5F9FA12F530A84CD51D5E274A	89C75509FB3E3807679E55B57A4C0569A4B8EDD8	46C97699759B3239F2306F7D09DF96131FB1044315B07CFDD62B66C2E4C0125B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\slideout.min[1].js	ASCII text, with very long lines, with no line terminators	5EAA0D1BEFD974B5B2188B52A9E5318C	A89CB7085989D9D127F12748721E03D2C4CE5D56	D42CCAA3D862E908AD8059D0504F077FB9313F3A7FDAAB6930EF382A71D73422
C:\Users\user\AppData\Local\Temp\~DF049D6DF724C2332B.TMP	data	BE9BAAB6F57ACB9443FF68E274A2CF0D	636915D391C71B692A1B9764D3BE0D0D30B925C0	EA0AE2F045E532FF6970148AE95608F9A40E4A61E2082850C016C8EA3C085542
C:\Users\user\AppData\Local\Temp\~DF48068F2185627C41.TMP	data	C3BF47D12E2DC3DDBFA316093C3E426C	D86257D1D0B253C0D1369397378EAECDFB304E7A	C53375DB680FD405C18F823C3411D47BC6BF24AE86B48ACB15B949C3AEEB4831
C:\Users\user\AppData\Local\Temp\~DF6DEBFC0F3597EB51.TMP	data	5957EC2EA352A8C408047A47D41A938E	B77922F75DA7E383C3F74421B0A1073638505B24	55D4A902DC89B0C8E380E57796B6D00103BF0419F0535CA894FDF087E27252AF

There are no high impact signatures.

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.174.150.168:443 -> 192.168.2.5:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.174.150.168:443 -> 192.168.2.5:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.196.12.68:443 -> 192.168.2.5:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.196.12.68:443 -> 192.168.2.5:49755 version: TLS 1.2

Networking:

Source: global traffic	HTTP traffic detected: GET /responses/processor HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dist/form-builder/5.0.0/wforms-layout.css?v=6b1109ac309299ec751af6a3c690f678773e405f HTTP/1.1Accept: text/css, /Referer: http://www.tfaforms.com/responses/processorAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL; AWSALBCORS=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL
Source: global traffic	HTTP traffic detected: GET /wForms/3.11/js/wforms.js?v=6b1109ac309299ec751af6a3c690f678773e405f HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://www.tfaforms.com/responses/processorAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL; AWSALBCORS=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL
Source: global traffic	HTTP traffic detected: GET /js/iframe_message_helper_internal.js?v=2 HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://www.tfaforms.com/responses/processorAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL; AWSALBCORS=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL
Source: global traffic	HTTP traffic detected: GET /dist/form-builder/5.0.0/wforms-jsonly.css?v=6b1109ac309299ec751af6a3c690f678773e405f HTTP/1.1Accept: text/css, /Referer: http://www.tfaforms.com/responses/processorAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=KCbRl27TtolgZdt9YzzzEVXZShIHcErTPtr3hJOL7l8pRtWwPgaR+axy8lVtC9EdUQZFe9KlOpFVmtCxnGesMOb1TBg7xk0/jGmMcdW5a093IRzUAJECn4roAuCZ; AWSALBCORS=KCbRl27TtolgZdt9YzzzEVXZShIHcErTPtr3hJOL7l8pRtWwPgaR+axy8lVtC9EdUQZFe9KlOpFVmtCxnGesMOb1TBg7xk0/jGmMcdW5a093IRzUAJECn4roAuCZ
Source: global traffic	HTTP traffic detected: GET /responses/favicon.ico HTTP/1.1User-Agent: AutoItHost: www.tfaforms.comCookie: AWSALB=rX+ntaeAJCEkzztTjGj94kJTM2s7FB1FnMDrpmrd32zmMXoTesGf8ZLBQdoUumC0EQIhtCim8tUb7TVUDZ+ZTwG+x22XOR6IjUEs2Y16AidM6w3hGoDIn5hX8FSZ; AWSALBCORS=rX+ntaeAJCEkzztTjGj94kJTM2s7FB1FnMDrpmrd32zmMXoTesGf8ZLBQdoUumC0EQIhtCim8tUb7TVUDZ+ZTwG+x22XOR6IjUEs2Y16AidM6w3hGoDIn5hX8FSZ
Source: global traffic	HTTP traffic detected: GET /support/ HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=Jr1KpBU0IiY2xw54lW1Dmf0+Y1qJzsbrtbg4DyaV5cWmuitGVUmQvVYJhx9Bccjkyqn1DwY/lWDeTSADlti3m4300rktFVFipBuOGSfwKq+wQcNmzRqe/UV6ql2D; AWSALBCORS=Jr1KpBU0IiY2xw54lW1Dmf0+Y1qJzsbrtbg4DyaV5cWmuitGVUmQvVYJhx9Bccjkyqn1DwY/lWDeTSADlti3m4300rktFVFipBuOGSfwKq+wQcNmzRqe/UV6ql2D
Source: global traffic	HTTP traffic detected: GET /pages/support HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=w2xsCRk8PDwyPr2U7uUX039HzmHDtqkU4eBp/O2BRjf+Jny08ehMgk4sD2wTwPyNOmZN2UAaz6WF+V27xF0v0RPZjE1nQN4BrUwpRSJEq5UGNZxx90wDnvw9BcSh; AWSALBCORS=w2xsCRk8PDwyPr2U7uUX039HzmHDtqkU4eBp/O2BRjf+Jny08ehMgk4sD2wTwPyNOmZN2UAaz6WF+V27xF0v0RPZjE1nQN4BrUwpRSJEq5UGNZxx90wDnvw9BcSh

Source: unknown

DNS traffic detected: queries for: www.tfaforms.com

Source: global traffic

Source: flat-ui-icons-regular[1].eot.2.dr	String found in binary or memory: http://creativecommons.org/licenses/by-nc-nd/3.0/Version
Source: flat-ui-icons-regular[1].eot.2.dr	String found in binary or memory: http://designmodo.com/flatSergey
Source: flat-ui-icons-regular[1].eot.2.dr	String found in binary or memory: http://designmodo.comAttribution-NonCommercial-NoDerivs
Source: g=koCss[1].css.2.dr	String found in binary or memory: http://designmodo.github.io/Flat-UI/)
Source: g=koFontawesome[1].css.2.dr, fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.io
Source: g=koFontawesome[1].css.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.io/license/
Source: fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: g=koCss[1].css.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: wforms-layout[1].css.2.dr	String found in binary or memory: http://stackoverflow.com/questions/1716183/html-fieldset-allows-children-to-expand-indefinitely
Source: wforms-layout[1].css.2.dr	String found in binary or memory: http://stackoverflow.com/questions/20524815/ie-11-bug-image-inside-label-inside-form
Source: g=publicJsFooter[1].js.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: ~DF48068F2185627C41.TMP.1.dr	String found in binary or memory: http://www.tfaforms.com/responses/processor
Source: {FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: http://www.tfaforms.com/responses/processor2FRoot
Source: {FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: http://www.tfaforms.com/responses/processor2Fbly.com/helpocessorRoot
Source: ~DF48068F2185627C41.TMP.1.dr	String found in binary or memory: http://www.tfaforms.com/responses/processor2FormAssembly.com
Source: {FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: http://www.tfaforms.com/responses/processorRoot
Source: help[1].htm.2.dr	String found in binary or memory: http://www3.formassembly.com/blog/wp-content/uploads/2014/03/play.png);
Source: help[1].htm.2.dr	String found in binary or memory: http://www3.formassembly.com/blog/wp-content/uploads/2014/03/play_orange.png);
Source: analytics[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: help[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Lato
Source: help[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wWA.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhv.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0d.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjo0oSmb2Rl.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoa4Omb2Rl.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISmb2Rl.woff)
Source: help[1].htm.2.dr	String found in binary or memory: https://formassembly.workable.com
Source: iframe_message_helper_internal[1].js.2.dr	String found in binary or memory: https://github.com/andris9/simpleStorage
Source: g=koCss[1].css.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: {FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: https://help.formassem
Source: help[1].htm.2.dr	String found in binary or memory: https://help.formassembly.com/app/image/id/5eac6dd7ad121cde5ddf2202/n/avenir-heavy.woff2
Source: ~DF48068F2185627C41.TMP.1.dr, help[1].htm.2.dr	String found in binary or memory: https://help.formassembly.com/help
Source: help[1].htm.2.dr	String found in binary or memory: https://help.formassembly.com/help/form-tags-and-descriptions
Source: ~DF48068F2185627C41.TMP.1.dr	String found in binary or memory: https://help.formassembly.com/helpVFormAssembly
Source: ~DF48068F2185627C41.TMP.1.dr	String found in binary or memory: https://help.formassembly.com/helpocessor
Source: ~DF48068F2185627C41.TMP.1.dr	String found in binary or memory: https://help.formassembly.com/helpocessorf
Source: {FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: https://help.formassembly.com/helpocessorx
Source: iframe_message_helper_internal[1].js.2.dr	String found in binary or memory: https://help.formassembly.com/knowledgebase/articles/340359-publish-with-an-iframe
Source: {FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: https://help.formassemm/responses/processorbly.com/helpocessorRoot
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: analytics[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.formassembly.com/content/uploads/2017/05/Favicon.png
Source: help[1].htm.2.dr	String found in binary or memory: https://www.formassembly.com/privacy-policy.php
Source: help[1].htm.2.dr	String found in binary or memory: https://www.formassembly.com/terms-of-service.php
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: help[1].htm.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: recaptcha__en[1].js.2.dr, api[1].js.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: api[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/jxFQ7RQ9s9HTGKeWcoa6UQdD/recaptcha__en.js

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.174.150.168:443 -> 192.168.2.5:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.174.150.168:443 -> 192.168.2.5:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.196.12.68:443 -> 192.168.2.5:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.196.12.68:443 -> 192.168.2.5:49755 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: clean0.win@3/41@9/5

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FD194315-77F6-11EB-90E5-ECF4BB570DC9}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF049D6DF724C2332B.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4616 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4616 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

ID:	358587
Product:	CloudBasic
Start time:	21:53:00
Start date:	25.02.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Analysis Report http://www.tfaforms.com/responses/processor

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs