Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe | File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll | Jump to behavior |
Source: unknown | HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49727 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49728 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49733 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49731 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49732 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49734 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49739 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49740 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49748 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49744 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49749 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49747 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49746 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49750 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 35.174.150.168:443 -> 192.168.2.5:49756 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 35.174.150.168:443 -> 192.168.2.5:49757 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.196.12.68:443 -> 192.168.2.5:49754 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.196.12.68:443 -> 192.168.2.5:49755 version: TLS 1.2 |
Source: global traffic | HTTP traffic detected: GET /responses/processor HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /dist/form-builder/5.0.0/wforms-layout.css?v=6b1109ac309299ec751af6a3c690f678773e405f HTTP/1.1Accept: text/css, */*Referer: http://www.tfaforms.com/responses/processorAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL; AWSALBCORS=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL |
Source: global traffic | HTTP traffic detected: GET /wForms/3.11/js/wforms.js?v=6b1109ac309299ec751af6a3c690f678773e405f HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.tfaforms.com/responses/processorAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL; AWSALBCORS=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL |
Source: global traffic | HTTP traffic detected: GET /js/iframe_message_helper_internal.js?v=2 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.tfaforms.com/responses/processorAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL; AWSALBCORS=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL |
Source: global traffic | HTTP traffic detected: GET /dist/form-builder/5.0.0/wforms-jsonly.css?v=6b1109ac309299ec751af6a3c690f678773e405f HTTP/1.1Accept: text/css, */*Referer: http://www.tfaforms.com/responses/processorAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=KCbRl27TtolgZdt9YzzzEVXZShIHcErTPtr3hJOL7l8pRtWwPgaR+axy8lVtC9EdUQZFe9KlOpFVmtCxnGesMOb1TBg7xk0/jGmMcdW5a093IRzUAJECn4roAuCZ; AWSALBCORS=KCbRl27TtolgZdt9YzzzEVXZShIHcErTPtr3hJOL7l8pRtWwPgaR+axy8lVtC9EdUQZFe9KlOpFVmtCxnGesMOb1TBg7xk0/jGmMcdW5a093IRzUAJECn4roAuCZ |
Source: global traffic | HTTP traffic detected: GET /responses/favicon.ico HTTP/1.1User-Agent: AutoItHost: www.tfaforms.comCookie: AWSALB=rX+ntaeAJCEkzztTjGj94kJTM2s7FB1FnMDrpmrd32zmMXoTesGf8ZLBQdoUumC0EQIhtCim8tUb7TVUDZ+ZTwG+x22XOR6IjUEs2Y16AidM6w3hGoDIn5hX8FSZ; AWSALBCORS=rX+ntaeAJCEkzztTjGj94kJTM2s7FB1FnMDrpmrd32zmMXoTesGf8ZLBQdoUumC0EQIhtCim8tUb7TVUDZ+ZTwG+x22XOR6IjUEs2Y16AidM6w3hGoDIn5hX8FSZ |
Source: global traffic | HTTP traffic detected: GET /support/ HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=Jr1KpBU0IiY2xw54lW1Dmf0+Y1qJzsbrtbg4DyaV5cWmuitGVUmQvVYJhx9Bccjkyqn1DwY/lWDeTSADlti3m4300rktFVFipBuOGSfwKq+wQcNmzRqe/UV6ql2D; AWSALBCORS=Jr1KpBU0IiY2xw54lW1Dmf0+Y1qJzsbrtbg4DyaV5cWmuitGVUmQvVYJhx9Bccjkyqn1DwY/lWDeTSADlti3m4300rktFVFipBuOGSfwKq+wQcNmzRqe/UV6ql2D |
Source: global traffic | HTTP traffic detected: GET /pages/support HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=w2xsCRk8PDwyPr2U7uUX039HzmHDtqkU4eBp/O2BRjf+Jny08ehMgk4sD2wTwPyNOmZN2UAaz6WF+V27xF0v0RPZjE1nQN4BrUwpRSJEq5UGNZxx90wDnvw9BcSh; AWSALBCORS=w2xsCRk8PDwyPr2U7uUX039HzmHDtqkU4eBp/O2BRjf+Jny08ehMgk4sD2wTwPyNOmZN2UAaz6WF+V27xF0v0RPZjE1nQN4BrUwpRSJEq5UGNZxx90wDnvw9BcSh |
Source: unknown | DNS traffic detected: queries for: www.tfaforms.com |
Source: global traffic | HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 Feb 2021 20:54:05 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveSet-Cookie: AWSALB=Jr1KpBU0IiY2xw54lW1Dmf0+Y1qJzsbrtbg4DyaV5cWmuitGVUmQvVYJhx9Bccjkyqn1DwY/lWDeTSADlti3m4300rktFVFipBuOGSfwKq+wQcNmzRqe/UV6ql2D; Expires=Thu, 04 Mar 2021 20:54:04 GMT; Path=/Set-Cookie: AWSALBCORS=Jr1KpBU0IiY2xw54lW1Dmf0+Y1qJzsbrtbg4DyaV5cWmuitGVUmQvVYJhx9Bccjkyqn1DwY/lWDeTSADlti3m4300rktFVFipBuOGSfwKq+wQcNmzRqe/UV6ql2D; Expires=Thu, 04 Mar 2021 20:54:04 GMT; Path=/; SameSite=NoneServer: nginxP3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"Set-Cookie: CAKEPHP=08f519fdfa456469e460b5af44981a9f; HttpOnly=1; Path=/; SameSite=None; SecureData Raw: 36 63 62 30 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 28 77 69 6e 64 6f 77 2e 4e 52 45 55 4d 7c 7c 28 4e 52 45 55 4d 3d 7b 7d 29 29 2e 69 6e 69 74 3d 7b 70 72 69 76 61 63 79 3a 7b 63 6f 6f 6b 69 65 73 5f 65 6e 61 62 6c 65 64 3a 66 61 6c 73 65 7d 7d 3b 28 77 69 6e 64 6f 77 2e 4e 52 45 55 4d 7c 7c 28 4e 52 45 55 4d 3d 7b 7d 29 29 2e 6c 6f 61 64 65 72 5f 63 6f 6e 66 69 67 3d 7b 78 70 69 64 3a 22 56 51 41 4f 55 56 42 54 43 78 41 4a 56 46 46 55 44 67 63 46 56 41 3d 3d 22 2c 6c 69 63 65 6e 73 65 4b 65 79 3a 22 63 33 33 32 39 34 66 35 64 66 22 2c 61 70 70 6c 69 63 61 74 69 6f 6e 49 44 3a 22 39 30 30 36 39 36 32 32 22 7d 3b 77 69 6e 64 6f 77 2e 4e 52 45 55 4d 7c 7c 28 4e 52 45 55 4d 3d 7b 7d 29 2c 5f 5f 6e 72 5f 72 65 71 75 69 72 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 6e 29 7b 69 66 28 21 65 5b 6e 5d 29 7b 76 61 72 20 69 3d 65 5b 6e 5d 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 74 5b 6e 5d 5b 30 5d 2e 63 61 6c 6c 28 69 2e 65 78 70 6f 72 74 73 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 69 3d 74 5b 6e 5d 5b 31 5d 5b 65 5d 3b 72 65 74 75 72 6e 20 72 28 69 7c 7c 65 29 7d 2c 69 2c 69 2e 65 78 70 6f 72 74 73 29 7d 72 65 74 75 72 6e 20 65 5b 6e 5d 2e 65 78 70 6f 72 74 73 7d 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 5f 5f 6e 72 5f 72 65 71 75 69 72 65 29 72 65 74 75 72 6e 20 5f 5f 6e 72 5f 72 65 71 75 69 72 65 3b 6 |