Windows Analysis Report
mimecast portal Server Maintenance.pdf

Overview

General Information

Sample Name: mimecast portal Server Maintenance.pdf
Analysis ID: 626055
MD5: ac404af44a269d02efa470af136fff7d
SHA1: 742adee8b08cb1467f78712c56a80f26d8910bdf
SHA256: b1bac52fc5dad9dcd3a240b679e909e75737f806ac331a2901d3abd843d9ee92
Infos:

Detection

HTMLPhisher
Score: 80
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Misleading page title found
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish10
Antivirus detection for URL or domain
Phishing site detected (based on logo template match)
Phishing site detected (based on image similarity)
Potential document exploit detected (unknown TCP traffic)
No HTML title found
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
HTML body contains low number of good links
Potential document exploit detected (performs HTTP gets)
IP address seen in connection with other malware

Classification

AV Detection
barindex
Antivirus detection for URL or domain
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/cUjGMBBbEOAZ1A1trUW8e3VbW20C4UOpd0ehrM4-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-rIOkyagFeRrpfkpu863jviY06vtNzd0wl6bdqtgcBCiFkJBNFM2cjK60kHJsv1cStzrMuJluVaYTTZe83P3ipaSduZvypfp-R9Nl7wnyni6bRrZSlpVqmcL4vXfoyA5jqb8tt2Ttt99UqNWmQ5mVPvJ5gelcSZwaFn0pI9qAD2/wo12vkbsOpyYljv5qbHp741G76PIeZ6FtwtpdE5j9i8wetmbUtVaw21r1SGEL4JtTI SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/xc0mJmP6ydEkvCg3s5L-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-j5EVZtm3fllyufXl7WBP0leU6hjIq1eZmjk0DLoYUssoIdAKbUQom1d-UhGzv6ZeTDZJk60He1zjX6b51v2aRxflDZ/kTWGnZ6KpUi0ZlKktEK9Md4lqN SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#Jjik8mbLYCdEaKzVGfB0 SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

Phishing
barindex
Misleading page title found
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/cUjGMBBbEOAZ1A1trUW8e3VbW20C4UOpd0ehrM4-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-rIOkyagFeRrpfkpu863jviY06vtNzd0wl6bdqtgcBCiFkJBNFM2cjK60kHJsv1cStzrMuJluVaYTTZe83P3ipaSduZvypfp-R9Nl7wnyni6bRrZSlpVqmcL4vXfoyA5jqb8tt2Ttt99UqNWmQ5mVPvJ5gelcSZwaFn0pI9qAD2/wo12vkbsOpyYljv5qbHp741G76PIeZ6FtwtpdE5j9i8wetmbUtVaw21r1SGEL4JtTI Page Title: Sign in with Office 365
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/cUjGMBBbEOAZ1A1trUW8e3VbW20C4UOpd0ehrM4-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-rIOkyagFeRrpfkpu863jviY06vtNzd0wl6bdqtgcBCiFkJBNFM2cjK60kHJsv1cStzrMuJluVaYTTZe83P3ipaSduZvypfp-R9Nl7wnyni6bRrZSlpVqmcL4vXfoyA5jqb8tt2Ttt99UqNWmQ5mVPvJ5gelcSZwaFn0pI9qAD2/wo12vkbsOpyYljv5qbHp741G76PIeZ6FtwtpdE5j9i8wetmbUtVaw21r1SGEL4JtTI Page Title: Sign in with Office 365
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/xc0mJmP6ydEkvCg3s5L-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-j5EVZtm3fllyufXl7WBP0leU6hjIq1eZmjk0DLoYUssoIdAKbUQom1d-UhGzv6ZeTDZJk60He1zjX6b51v2aRxflDZ/kTWGnZ6KpUi0ZlKktEK9Md4lqN Page Title: Sign in with Office 365
Phishing site detected (based on favicon image match)
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/cUjGMBBbEOAZ1A1trUW8e3VbW20C4UOpd0ehrM4-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-rIOkyagFeRrpfkpu863jviY06vtNzd0wl6bdqtgcBCiFkJBNFM2cjK60kHJsv1cStzrMuJluVaYTTZe83P3ipaSduZvypfp-R9Nl7wnyni6bRrZSlpVqmcL4vXfoyA5jqb8tt2Ttt99UqNWmQ5mVPvJ5gelcSZwaFn0pI9qAD2/wo12vkbsOpyYljv5qbHp741G76PIeZ6FtwtpdE5j9i8wetmbUtVaw21r1SGEL4JtTI Matcher: Template: microsoft matched with high similarity
Yara detected HtmlPhish10
Source: Yara match File source: 54090.1.pages.csv, type: HTML
Source: Yara match File source: 03699.3.pages.csv, type: HTML
Phishing site detected (based on logo template match)
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/cUjGMBBbEOAZ1A1trUW8e3VbW20C4UOpd0ehrM4-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-rIOkyagFeRrpfkpu863jviY06vtNzd0wl6bdqtgcBCiFkJBNFM2cjK60kHJsv1cStzrMuJluVaYTTZe83P3ipaSduZvypfp-R9Nl7wnyni6bRrZSlpVqmcL4vXfoyA5jqb8tt2Ttt99UqNWmQ5mVPvJ5gelcSZwaFn0pI9qAD2/wo12vkbsOpyYljv5qbHp741G76PIeZ6FtwtpdE5j9i8wetmbUtVaw21r1SGEL4JtTI Matcher: Template: microsoft matched
Phishing site detected (based on image similarity)
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/cUjGMBBbEOAZ1A1trUW8e3VbW20C4UOpd0ehrM4-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-rIOkyagFeRrpfkpu863jviY06vtNzd0wl6bdqtgcBCiFkJBNFM2cjK60kHJsv1cStzrMuJluVaYTTZe83P3ipaSduZvypfp-R9Nl7wnyni6bRrZSlpVqmcL4vXfoyA5jqb8tt2Ttt99UqNWmQ5mVPvJ5gelcSZwaFn0pI9qAD2/wo12vkbsOpyYljv5qbHp741G76PIeZ6FtwtpdE5j9i8wetmbUtVaw21r1SGEL4JtTI Matcher: Found strong image similarity, brand: Microsoft image: 54090.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/xc0mJmP6ydEkvCg3s5L-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-j5EVZtm3fllyufXl7WBP0leU6hjIq1eZmjk0DLoYUssoIdAKbUQom1d-UhGzv6ZeTDZJk60He1zjX6b51v2aRxflDZ/kTWGnZ6KpUi0ZlKktEK9Md4lqN Matcher: Found strong image similarity, brand: Microsoft image: 03699.3.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
No HTML title found
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/cUjGMBBbEOAZ1A1trUW8e3VbW20C4UOpd0ehrM4-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-rIOkyagFeRrpfkpu863jviY06vtNzd0wl6bdqtgcBCiFkJBNFM2cjK60kHJsv1cStzrMuJluVaYTTZe83P3ipaSduZvypfp-R9Nl7wnyni6bRrZSlpVqmcL4vXfoyA5jqb8tt2Ttt99UqNWmQ5mVPvJ5gelcSZwaFn0pI9qAD2/wo12vkbsOpyYljv5qbHp741G76PIeZ6FtwtpdE5j9i8wetmbUtVaw21r1SGEL4JtTI HTTP Parser: HTML title missing
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/cUjGMBBbEOAZ1A1trUW8e3VbW20C4UOpd0ehrM4-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-rIOkyagFeRrpfkpu863jviY06vtNzd0wl6bdqtgcBCiFkJBNFM2cjK60kHJsv1cStzrMuJluVaYTTZe83P3ipaSduZvypfp-R9Nl7wnyni6bRrZSlpVqmcL4vXfoyA5jqb8tt2Ttt99UqNWmQ5mVPvJ5gelcSZwaFn0pI9qAD2/wo12vkbsOpyYljv5qbHp741G76PIeZ6FtwtpdE5j9i8wetmbUtVaw21r1SGEL4JtTI HTTP Parser: HTML title missing
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/xc0mJmP6ydEkvCg3s5L-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-j5EVZtm3fllyufXl7WBP0leU6hjIq1eZmjk0DLoYUssoIdAKbUQom1d-UhGzv6ZeTDZJk60He1zjX6b51v2aRxflDZ/kTWGnZ6KpUi0ZlKktEK9Md4lqN HTTP Parser: HTML title missing
HTML body contains low number of good links
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/cUjGMBBbEOAZ1A1trUW8e3VbW20C4UOpd0ehrM4-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-rIOkyagFeRrpfkpu863jviY06vtNzd0wl6bdqtgcBCiFkJBNFM2cjK60kHJsv1cStzrMuJluVaYTTZe83P3ipaSduZvypfp-R9Nl7wnyni6bRrZSlpVqmcL4vXfoyA5jqb8tt2Ttt99UqNWmQ5mVPvJ5gelcSZwaFn0pI9qAD2/wo12vkbsOpyYljv5qbHp741G76PIeZ6FtwtpdE5j9i8wetmbUtVaw21r1SGEL4JtTI HTTP Parser: Number of links: 0
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/cUjGMBBbEOAZ1A1trUW8e3VbW20C4UOpd0ehrM4-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-rIOkyagFeRrpfkpu863jviY06vtNzd0wl6bdqtgcBCiFkJBNFM2cjK60kHJsv1cStzrMuJluVaYTTZe83P3ipaSduZvypfp-R9Nl7wnyni6bRrZSlpVqmcL4vXfoyA5jqb8tt2Ttt99UqNWmQ5mVPvJ5gelcSZwaFn0pI9qAD2/wo12vkbsOpyYljv5qbHp741G76PIeZ6FtwtpdE5j9i8wetmbUtVaw21r1SGEL4JtTI HTTP Parser: Number of links: 0
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/xc0mJmP6ydEkvCg3s5L-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-j5EVZtm3fllyufXl7WBP0leU6hjIq1eZmjk0DLoYUssoIdAKbUQom1d-UhGzv6ZeTDZJk60He1zjX6b51v2aRxflDZ/kTWGnZ6KpUi0ZlKktEK9Md4lqN HTTP Parser: Number of links: 0
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/cUjGMBBbEOAZ1A1trUW8e3VbW20C4UOpd0ehrM4-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-rIOkyagFeRrpfkpu863jviY06vtNzd0wl6bdqtgcBCiFkJBNFM2cjK60kHJsv1cStzrMuJluVaYTTZe83P3ipaSduZvypfp-R9Nl7wnyni6bRrZSlpVqmcL4vXfoyA5jqb8tt2Ttt99UqNWmQ5mVPvJ5gelcSZwaFn0pI9qAD2/wo12vkbsOpyYljv5qbHp741G76PIeZ6FtwtpdE5j9i8wetmbUtVaw21r1SGEL4JtTI HTTP Parser: No <meta name="author".. found
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/cUjGMBBbEOAZ1A1trUW8e3VbW20C4UOpd0ehrM4-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-rIOkyagFeRrpfkpu863jviY06vtNzd0wl6bdqtgcBCiFkJBNFM2cjK60kHJsv1cStzrMuJluVaYTTZe83P3ipaSduZvypfp-R9Nl7wnyni6bRrZSlpVqmcL4vXfoyA5jqb8tt2Ttt99UqNWmQ5mVPvJ5gelcSZwaFn0pI9qAD2/wo12vkbsOpyYljv5qbHp741G76PIeZ6FtwtpdE5j9i8wetmbUtVaw21r1SGEL4JtTI HTTP Parser: No <meta name="author".. found
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/xc0mJmP6ydEkvCg3s5L-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-j5EVZtm3fllyufXl7WBP0leU6hjIq1eZmjk0DLoYUssoIdAKbUQom1d-UhGzv6ZeTDZJk60He1zjX6b51v2aRxflDZ/kTWGnZ6KpUi0ZlKktEK9Md4lqN HTTP Parser: No <meta name="author".. found
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/cUjGMBBbEOAZ1A1trUW8e3VbW20C4UOpd0ehrM4-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-rIOkyagFeRrpfkpu863jviY06vtNzd0wl6bdqtgcBCiFkJBNFM2cjK60kHJsv1cStzrMuJluVaYTTZe83P3ipaSduZvypfp-R9Nl7wnyni6bRrZSlpVqmcL4vXfoyA5jqb8tt2Ttt99UqNWmQ5mVPvJ5gelcSZwaFn0pI9qAD2/wo12vkbsOpyYljv5qbHp741G76PIeZ6FtwtpdE5j9i8wetmbUtVaw21r1SGEL4JtTI HTTP Parser: No <meta name="copyright".. found
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/cUjGMBBbEOAZ1A1trUW8e3VbW20C4UOpd0ehrM4-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-rIOkyagFeRrpfkpu863jviY06vtNzd0wl6bdqtgcBCiFkJBNFM2cjK60kHJsv1cStzrMuJluVaYTTZe83P3ipaSduZvypfp-R9Nl7wnyni6bRrZSlpVqmcL4vXfoyA5jqb8tt2Ttt99UqNWmQ5mVPvJ5gelcSZwaFn0pI9qAD2/wo12vkbsOpyYljv5qbHp741G76PIeZ6FtwtpdE5j9i8wetmbUtVaw21r1SGEL4JtTI HTTP Parser: No <meta name="copyright".. found
Source: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/xc0mJmP6ydEkvCg3s5L-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-j5EVZtm3fllyufXl7WBP0leU6hjIq1eZmjk0DLoYUssoIdAKbUQom1d-UhGzv6ZeTDZJk60He1zjX6b51v2aRxflDZ/kTWGnZ6KpUi0ZlKktEK9Md4lqN HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: unknown HTTPS traffic detected: 172.67.194.70:443 -> 192.168.2.5:49877 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.5:49904 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.5:49906 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49905 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49903 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.5:49907 version: TLS 1.2
Potential document exploit detected (unknown TCP traffic)
Source: global traffic TCP traffic: 192.168.2.5:49853 -> 142.250.185.238:443
Potential document exploit detected (performs DNS queries)
Source: global traffic DNS query: name: workers.dev
Potential document exploit detected (performs HTTP gets)
Source: global traffic TCP traffic: 192.168.2.5:49853 -> 142.250.185.238:443
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 188.114.97.10 188.114.97.10
Source: Joe Sandbox View IP Address: 188.114.97.10 188.114.97.10
Source: unknown Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49900
Source: AcroRd32.exe, 00000001.00000000.583590187.000000000B459000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000001.00000000.583590187.000000000B459000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://cipa.jp/exif/1.0/Map_1
Source: AcroRd32.exe, 00000001.00000000.629588904.000000000B214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000001.00000000.582931420.000000000B214000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.629588904.000000000B214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/H
Source: AcroRd32.exe, 00000001.00000000.582931420.000000000B214000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.629588904.000000000B214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000001.00000000.582931420.000000000B214000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.629588904.000000000B214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/0
Source: AcroRd32.exe, 00000001.00000000.582931420.000000000B214000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.629588904.000000000B214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/P
Source: AcroRd32.exe, 00000001.00000000.582931420.000000000B214000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.629588904.000000000B214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000001.00000000.582931420.000000000B214000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.629588904.000000000B214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/=
Source: AcroRd32.exe, 00000001.00000000.582931420.000000000B214000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.629588904.000000000B214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000001.00000000.582931420.000000000B214000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.629588904.000000000B214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/p
Source: AcroRd32.exe, 00000001.00000000.582931420.000000000B214000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.629588904.000000000B214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000001.00000000.583590187.000000000B459000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.626991953.000000000A7EC000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.609061957.000000000AFDA000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.629031035.000000000B0A7000.00000004.00000001.00020000.00000000.sdmp, mimecast portal Server Maintenance.pdf String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000001.00000000.583590187.000000000B459000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/id/)
Source: AcroRd32.exe, 00000001.00000000.583590187.000000000B459000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/id/0
Source: AcroRd32.exe, 00000001.00000000.583590187.000000000B459000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/id/n
Source: AcroRd32.exe, 00000001.00000000.582931420.000000000B214000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.629588904.000000000B214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000001.00000000.582931420.000000000B214000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.629588904.000000000B214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/property#:
Source: AcroRd32.exe, 00000001.00000000.582931420.000000000B214000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.629588904.000000000B214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000001.00000000.582931420.000000000B214000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.629588904.000000000B214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000001.00000000.583590187.000000000B459000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000001.00000000.583590187.000000000B459000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.aiim.org/pdfe/ns/id/G
Source: AcroRd32.exe, 00000001.00000000.583590187.000000000B459000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000001.00000000.591743573.0000000009408000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.quicktime.com.Acrobat
Source: AcroRd32.exe, 00000001.00000000.630144796.000000000B3CE000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.596177894.000000000B0DE000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000001.00000000.629920244.000000000B326000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.583310140.000000000B326000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.609560160.000000000B326000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000001.00000000.629920244.000000000B326000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.583310140.000000000B326000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.609560160.000000000B326000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/4x
Source: AcroRd32.exe, 00000001.00000000.629920244.000000000B326000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.583310140.000000000B326000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.609560160.000000000B326000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/i
Source: AcroRd32.exe, 00000001.00000000.629920244.000000000B326000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.583310140.000000000B326000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.609560160.000000000B326000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/i:
Source: AcroRd32.exe, 00000001.00000000.630144796.000000000B3CE000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/f
Source: AcroRd32.exe, 00000001.00000000.630144796.000000000B3CE000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/y
Source: 58cbff26-8a06-4725-afd9-ea57a186fd29.tmp.25.dr, 1af9bf5c-bfd1-4c4c-a066-e1854ca461c6.tmp.25.dr String found in binary or memory: https://accounts.google.com
Source: craw_window.js.24.dr String found in binary or memory: https://accounts.google.com/MergeSession
Source: 1af9bf5c-bfd1-4c4c-a066-e1854ca461c6.tmp.25.dr String found in binary or memory: https://ajax.googleapis.com
Source: AcroRd32.exe, 00000001.00000000.622728882.000000000D0E8000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.636847435.000000000D0E8000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.582931420.000000000B214000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.602571948.000000000D0E8000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.629588904.000000000B214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000001.00000000.582931420.000000000B214000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.629588904.000000000B214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://api.echosign.comgso
Source: 58cbff26-8a06-4725-afd9-ea57a186fd29.tmp.25.dr, 1af9bf5c-bfd1-4c4c-a066-e1854ca461c6.tmp.25.dr String found in binary or memory: https://apis.google.com
Source: 58cbff26-8a06-4725-afd9-ea57a186fd29.tmp.25.dr, 1af9bf5c-bfd1-4c4c-a066-e1854ca461c6.tmp.25.dr String found in binary or memory: https://clients2.google.com
Source: manifest.json0.24.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 58cbff26-8a06-4725-afd9-ea57a186fd29.tmp.25.dr, 1af9bf5c-bfd1-4c4c-a066-e1854ca461c6.tmp.25.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: 1af9bf5c-bfd1-4c4c-a066-e1854ca461c6.tmp.25.dr String found in binary or memory: https://content-autofill.googleapis.com
Source: 58cbff26-8a06-4725-afd9-ea57a186fd29.tmp.25.dr, 3a66a687-1c3a-4bd2-9992-2bfb992fbdef.tmp.25.dr, 3b407d31-7fd1-4a89-9d15-68b4bcc58f42.tmp.25.dr, 1af9bf5c-bfd1-4c4c-a066-e1854ca461c6.tmp.25.dr String found in binary or memory: https://dns.google
Source: 58cbff26-8a06-4725-afd9-ea57a186fd29.tmp.25.dr, 1af9bf5c-bfd1-4c4c-a066-e1854ca461c6.tmp.25.dr String found in binary or memory: https://fonts.googleapis.com
Source: 58cbff26-8a06-4725-afd9-ea57a186fd29.tmp.25.dr, 1af9bf5c-bfd1-4c4c-a066-e1854ca461c6.tmp.25.dr String found in binary or memory: https://fonts.gstatic.com
Source: craw_background.js.24.dr, craw_window.js.24.dr String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: AcroRd32.exe, 00000001.00000000.609061957.000000000AFDA000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.630144796.000000000B3CE000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas
Source: History Provider Cache.24.dr String found in binary or memory: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/2
Source: History Provider Cache.24.dr String found in binary or memory: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/cUjGMBBbEOAZ1A1trUW8e3VbW20C4UOpd0ehr
Source: AcroRd32.exe, 00000001.00000000.626991953.000000000A7EC000.00000004.00000001.00020000.00000000.sdmp, mimecast portal Server Maintenance.pdf String found in binary or memory: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas)
Source: History Provider Cache.24.dr String found in binary or memory: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas2
Source: AcroRd32.exe, 00000001.00000000.625222369.0000000008F26000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.604812835.0000000008F26000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://ims-na1.adobelogin.com
Source: AcroRd32.exe, 00000001.00000000.625222369.0000000008F26000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.604812835.0000000008F26000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://ims-na1.adobelogin.comx
Source: 58cbff26-8a06-4725-afd9-ea57a186fd29.tmp.25.dr, 1af9bf5c-bfd1-4c4c-a066-e1854ca461c6.tmp.25.dr String found in binary or memory: https://ogs.google.com
Source: manifest.json0.24.dr, craw_window.js.24.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 1af9bf5c-bfd1-4c4c-a066-e1854ca461c6.tmp.25.dr String found in binary or memory: https://r2---sn-1gi7znes.gvt1.com
Source: 1af9bf5c-bfd1-4c4c-a066-e1854ca461c6.tmp.25.dr String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json0.24.dr, craw_window.js.24.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 58cbff26-8a06-4725-afd9-ea57a186fd29.tmp.25.dr, 1af9bf5c-bfd1-4c4c-a066-e1854ca461c6.tmp.25.dr String found in binary or memory: https://ssl.gstatic.com
Source: craw_background.js.24.dr, craw_window.js.24.dr String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: AcroRd32.exe, 00000001.00000000.609061957.000000000AFDA000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.582931420.000000000B214000.00000004.00000001.00020000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.629588904.000000000B214000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.co.uk/Office-2016-Home-Student-Original/dp/B093kCCXWB1/ref=sr_1_7?crid=RFTEXHS50R
Source: 58cbff26-8a06-4725-afd9-ea57a186fd29.tmp.25.dr, 1af9bf5c-bfd1-4c4c-a066-e1854ca461c6.tmp.25.dr String found in binary or memory: https://www.google.com
Source: manifest.json0.24.dr String found in binary or memory: https://www.google.com/
Source: craw_window.js.24.dr String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.24.dr String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.24.dr String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.24.dr String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.24.dr String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: craw_background.js.24.dr, 58cbff26-8a06-4725-afd9-ea57a186fd29.tmp.25.dr, craw_window.js.24.dr, 1af9bf5c-bfd1-4c4c-a066-e1854ca461c6.tmp.25.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json0.24.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.24.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json0.24.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.24.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json0.24.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: 58cbff26-8a06-4725-afd9-ea57a186fd29.tmp.25.dr, 1af9bf5c-bfd1-4c4c-a066-e1854ca461c6.tmp.25.dr String found in binary or memory: https://www.gstatic.com
Source: unknown HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknown DNS traffic detected: queries for: workers.dev
Source: global traffic HTTP traffic detected: GET /?bbre=xzodiszxas HTTP/1.1Host: holy-sun-e797.harmony232.workers.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /627d3fc97d9c24192c2124f3.js HTTP/1.1Host: vaps.quatiappcn.pwConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /nyrjthsfdzxxz/themes/css/3dd3f0a4b26facac349e2acbdc6bb40bnbr1652375496.css HTTP/1.1Host: nanmmachineapcnds.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /nyrjthsfdzxxz/themes/css/91003913e52edf331292b68b833ff0cdnbr1652375496.css HTTP/1.1Host: nanmmachineapcnds.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /axios@0.16.1/dist/axios.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /nyrjthsfdzxxz/themes/3dd3f0a4b26facac349e2acbdc6bb40bnbr1652375496.js HTTP/1.1Host: nanmmachineapcnds.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /vue@2.6.11/dist/vue.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /vue-router@2.7.0/dist/vue-router.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/vuex/2.3.1/vuex.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /?bbre=xzodiszxas HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: holy-sun-e797.harmony232.workers.dev
Source: global traffic HTTP traffic detected: GET /ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/vue-i18n/7.0.3/vue-i18n.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /lodash@4.17.4/lodash.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/mobile-detect/1.3.6/mobile-detect.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /nyrjthsfdzxxz/themes/957104c6b9b5615ff19f8784c7d27586.js HTTP/1.1Host: nanmmachineapcnds.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /nyrjthsfdzxxz/themes/js/a3107e4d4ae0ea783cd1177c52f1e6301652375486.js HTTP/1.1Host: nanmmachineapcnds.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /nyrjthsfdzxxz/themes/imgs/microsoft_logo.svg HTTP/1.1Host: nanmmachineapcnds.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /nyrjthsfdzxxz/themes/imgs/ellipsis_grey.svg HTTP/1.1Host: nanmmachineapcnds.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /nyrjthsfdzxxz/themes/imgs/microsoft_logo.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: nanmmachineapcnds.web.app
Source: global traffic HTTP traffic detected: GET /nyrjthsfdzxxz/themes/imgs/ellipsis_grey.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: nanmmachineapcnds.web.app
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msauth.net
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msauth.net
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msftauth.net
Source: global traffic HTTP traffic detected: GET /?bbre=xzodiszxas HTTP/1.1Host: holy-sun-e797.harmony232.workers.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /627d3fc97d9c24192c2124f3.js HTTP/1.1Host: vaps.quatiappcn.pwConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /nyrjthsfdzxxz/themes/css/3dd3f0a4b26facac349e2acbdc6bb40bnbr1652375496.css HTTP/1.1Host: nanmmachineapcnds.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "2c2f42530360d92df6a9043afb8385defb5a11ba6299d3a885ecfdb3ce6e12e7"If-Modified-Since: Thu, 12 May 2022 17:17:54 GMT
Source: global traffic HTTP traffic detected: GET /nyrjthsfdzxxz/themes/css/91003913e52edf331292b68b833ff0cdnbr1652375496.css HTTP/1.1Host: nanmmachineapcnds.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "294c860867c1b1d2be411ed200eabe8050404d38af5d156fe237d3ab557f301a"If-Modified-Since: Thu, 12 May 2022 17:17:54 GMT
Source: global traffic HTTP traffic detected: GET /nyrjthsfdzxxz/themes/3dd3f0a4b26facac349e2acbdc6bb40bnbr1652375496.js HTTP/1.1Host: nanmmachineapcnds.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "18436deb674b50728be198a9912eab2947b4e3b5a74daafe8daf6805d969d6cf"If-Modified-Since: Thu, 12 May 2022 17:17:54 GMT
Source: global traffic HTTP traffic detected: GET /nyrjthsfdzxxz/themes/957104c6b9b5615ff19f8784c7d27586.js HTTP/1.1Host: nanmmachineapcnds.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "b66195c538f93ae95c26225f87bb053e84a118e8a7084552bec99667088f66ef"If-Modified-Since: Thu, 12 May 2022 17:17:54 GMT
Source: global traffic HTTP traffic detected: GET /?bbre=xzodiszxas HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: holy-sun-e797.harmony232.workers.dev
Source: global traffic HTTP traffic detected: GET /nyrjthsfdzxxz/themes/js/c0f5e0dd4f642062f92481ef2bb438191652375488.js HTTP/1.1Host: nanmmachineapcnds.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /nyrjthsfdzxxz/themes/js/a3107e4d4ae0ea783cd1177c52f1e6301652375486.js HTTP/1.1Host: nanmmachineapcnds.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "1c116e5f4d068b2d2b3cc8f54e929237b088989d6a757a3b557691aaa42bdadf"If-Modified-Since: Thu, 12 May 2022 17:17:54 GMT
Source: global traffic HTTP traffic detected: GET /nyrjthsfdzxxz/themes/imgs/microsoft_logo.svg HTTP/1.1Host: nanmmachineapcnds.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "a88f22478e52f27f6f24668e3ff397bf66ba51e21b2cc2375100de1d281417be"If-Modified-Since: Thu, 12 May 2022 17:17:54 GMT
Source: global traffic HTTP traffic detected: GET /nyrjthsfdzxxz/themes/imgs/ellipsis_grey.svg HTTP/1.1Host: nanmmachineapcnds.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxasAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "8bd35fb6e43a52fbd3fac4f46b28b8cc71b6f00e2b06636395e54a9c210d997e"If-Modified-Since: Thu, 12 May 2022 17:17:54 GMT
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msauth.netIf-Modified-Since: Sun, 18 Oct 2020 03:02:03 GMTIf-None-Match: 0x8D8731230C851A6
Source: global traffic HTTP traffic detected: GET /nyrjthsfdzxxz/themes/imgs/microsoft_logo.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: nanmmachineapcnds.web.appIf-Modified-Since: Thu, 12 May 2022 17:17:54 GMTIf-None-Match: "a88f22478e52f27f6f24668e3ff397bf66ba51e21b2cc2375100de1d281417be"
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msftauth.netIf-Modified-Since: Tue, 10 Nov 2020 03:41:05 GMTIf-None-Match: 0x8D8852A740F01B9
Source: global traffic HTTP traffic detected: GET /nyrjthsfdzxxz/themes/imgs/ellipsis_grey.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: nanmmachineapcnds.web.appIf-Modified-Since: Thu, 12 May 2022 17:17:54 GMTIf-None-Match: "8bd35fb6e43a52fbd3fac4f46b28b8cc71b6f00e2b06636395e54a9c210d997e"
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msauth.netIf-Modified-Since: Thu, 13 Feb 2020 02:05:12 GMTIf-None-Match: 0x8D7B0292911C366
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: holy-sun-e797.harmony232.workers.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /627d3fc97d9c24192c2124f3.js HTTP/1.1Host: vaps.quatiappcn.pwConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://holy-sun-e797.harmony232.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: holy-sun-e797.harmony232.workers.dev
Source: unknown HTTPS traffic detected: 172.67.194.70:443 -> 192.168.2.5:49877 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.5:49904 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.5:49906 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49905 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49903 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.5:49907 version: TLS 1.2
Source: mimecast portal Server Maintenance.pdf Initial sample: https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas
Source: unknown Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\mimecast portal Server Maintenance.pdf
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer /prefetch:1 "C:\Users\user\Desktop\mimecast portal Server Maintenance.pdf
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1704,14194608840040640770,5398593831925990468,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=6617144028443422470 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6617144028443422470 --renderer-client-id=2 --mojo-platform-channel-handle=1716 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1704,14194608840040640770,5398593831925990468,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=5415585108340997460 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1704,14194608840040640770,5398593831925990468,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=11406917737202262938 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11406917737202262938 --renderer-client-id=4 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1704,14194608840040640770,5398593831925990468,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=3951330346937668208 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3951330346937668208 --renderer-client-id=5 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation -- "https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1640,15869349639212850944,16358401514718396099,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1628 /prefetch:8
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer /prefetch:1 "C:\Users\user\Desktop\mimecast portal Server Maintenance.pdf Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation -- "https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1704,14194608840040640770,5398593831925990468,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=6617144028443422470 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6617144028443422470 --renderer-client-id=2 --mojo-platform-channel-handle=1716 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1704,14194608840040640770,5398593831925990468,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=5415585108340997460 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1704,14194608840040640770,5398593831925990468,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=11406917737202262938 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11406917737202262938 --renderer-client-id=4 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1704,14194608840040640770,5398593831925990468,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=3951330346937668208 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3951330346937668208 --renderer-client-id=5 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1640,15869349639212850944,16358401514718396099,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1628 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx Jump to behavior
Source: classification engine Classification label: mal80.phis.winPDF@44/159@12/13
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File read: C:\Program Files (x86)\desktop.ini Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File opened: C:\Windows\SysWOW64\Msftedit.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: mimecast portal Server Maintenance.pdf Initial sample: PDF keyword /JS count = 0
Source: mimecast portal Server Maintenance.pdf Initial sample: PDF keyword /JavaScript count = 0
Source: mimecast portal Server Maintenance.pdf Initial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: AcroRd32.exe, 00000001.00000000.583733492.000000000B4A0000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: AcroRd32.exe, 00000001.00000000.624902571.0000000005AC0000.00000002.00000001.00040000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.577165605.0000000005AC0000.00000002.00000001.00040000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.604575713.0000000005AC0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000001.00000000.624902571.0000000005AC0000.00000002.00000001.00040000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.577165605.0000000005AC0000.00000002.00000001.00040000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.604575713.0000000005AC0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progman
Source: AcroRd32.exe, 00000001.00000000.624902571.0000000005AC0000.00000002.00000001.00040000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.577165605.0000000005AC0000.00000002.00000001.00040000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.604575713.0000000005AC0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: YProgram Managerf
Source: AcroRd32.exe, 00000001.00000000.624902571.0000000005AC0000.00000002.00000001.00040000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.577165605.0000000005AC0000.00000002.00000001.00040000.00000000.sdmp, AcroRd32.exe, 00000001.00000000.604575713.0000000005AC0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progmanlock
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 626055 Sample: mimecast portal Server Main... Startdate: 13/05/2022 Architecture: WINDOWS Score: 80 28 part-0032.t-0009.t-msedge.net 2->28 30 nanmmachineapcnds.web.app 2->30 32 4 other IPs or domains 2->32 48 Antivirus detection for URL or domain 2->48 50 Misleading page title found 2->50 52 Phishing site detected (based on favicon image match) 2->52 54 3 other signatures 2->54 8 AcroRd32.exe 15 43 2->8         started        signatures3 process4 process5 10 RdrCEF.exe 69 8->10         started        13 chrome.exe 15 267 8->13         started        15 AcroRd32.exe 10 7 8->15         started        dnsIp6 40 192.168.2.1 unknown unknown 10->40 17 RdrCEF.exe 10->17         started        19 RdrCEF.exe 10->19         started        21 RdrCEF.exe 10->21         started        23 RdrCEF.exe 10->23         started        42 192.168.2.23 unknown unknown 13->42 44 239.255.255.250 unknown Reserved 13->44 25 chrome.exe 27 13->25         started        46 workers.dev 15->46 process7 dnsIp8 34 part-0032.t-0009.t-msedge.net 13.107.246.60, 443, 49892, 49895 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 25->34 36 clients.l.google.com 142.250.185.238, 443, 49853, 49900 GOOGLEUS United States 25->36 38 11 other IPs or domains 25->38
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
188.114.97.10
 vaps.quatiappcn.pw European Union
13335 CLOUDFLARENETUS false
172.67.194.70
 holy-sun-e797.harmony232.workers.dev United States
13335 CLOUDFLARENETUS false
142.250.185.238
 clients.l.google.com United States
15169 GOOGLEUS false
13.107.246.60
 part-0032.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
104.16.125.175
 unpkg.com United States
13335 CLOUDFLARENETUS false
199.36.158.100
 nanmmachineapcnds.web.app United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
152.199.23.37
 cs1100.wpc.omegacdn.net United States
15133 EDGECASTUS false
142.250.186.77
 accounts.google.com United States
15169 GOOGLEUS false
104.17.25.14
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false

Private

IP
192.168.2.1
192.168.2.23
127.0.0.1

Contacted Domains

Name IP Active
cs1100.wpc.omegacdn.net 152.199.23.37 true
holy-sun-e797.harmony232.workers.dev 172.67.194.70 true
accounts.google.com 142.250.186.77 true
vaps.quatiappcn.pw 188.114.97.10 true
cdnjs.cloudflare.com 104.17.25.14 true
nanmmachineapcnds.web.app 199.36.158.100 true
part-0032.t-0009.t-msedge.net 13.107.246.60 true
workers.dev 104.18.40.50 true
clients.l.google.com 142.250.185.238 true
unpkg.com 104.16.125.175 true
clients2.google.com unknown unknown
aadcdn.msftauth.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://cdnjs.cloudflare.com/ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js false
    		high
    https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/xc0mJmP6ydEkvCg3s5L-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-j5EVZtm3fllyufXl7WBP0leU6hjIq1eZmjk0DLoYUssoIdAKbUQom1d-UhGzv6ZeTDZJk60He1zjX6b51v2aRxflDZ/kTWGnZ6KpUi0ZlKktEK9Md4lqN true
    • 0%, Virustotal, Browse
    • SlashNext: Credential Stealing type: Phishing & Social Engineering
    		 unknown
    https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas true
    • SlashNext: Credential Stealing type: Phishing & Social Engineering
    		 unknown
    https://nanmmachineapcnds.web.app/nyrjthsfdzxxz/themes/imgs/microsoft_logo.svg false
    • Avira URL Cloud: safe
    		 unknown
    https://nanmmachineapcnds.web.app/nyrjthsfdzxxz/themes/js/c0f5e0dd4f642062f92481ef2bb438191652375488.js false
    • Avira URL Cloud: safe
    		 unknown
    https://nanmmachineapcnds.web.app/nyrjthsfdzxxz/themes/3dd3f0a4b26facac349e2acbdc6bb40bnbr1652375496.js false
    • Avira URL Cloud: safe
    		 unknown
    https://nanmmachineapcnds.web.app/nyrjthsfdzxxz/themes/js/a3107e4d4ae0ea783cd1177c52f1e6301652375486.js false
    • Avira URL Cloud: safe
    		 unknown
    https://nanmmachineapcnds.web.app/nyrjthsfdzxxz/themes/imgs/ellipsis_grey.svg false
    • Avira URL Cloud: safe
    		 unknown
    https://nanmmachineapcnds.web.app/nyrjthsfdzxxz/themes/957104c6b9b5615ff19f8784c7d27586.js false
    • Avira URL Cloud: safe
    		 unknown
    https://nanmmachineapcnds.web.app/nyrjthsfdzxxz/themes/css/91003913e52edf331292b68b833ff0cdnbr1652375496.css false
    • Avira URL Cloud: safe
    		 unknown
    https://cdnjs.cloudflare.com/ajax/libs/vue-i18n/7.0.3/vue-i18n.min.js false
      		high
      https://unpkg.com/vue@2.6.11/dist/vue.min.js false
        		high
        https://unpkg.com/lodash@4.17.4/lodash.min.js false
          		high
          https://vaps.quatiappcn.pw/627d3fc97d9c24192c2124f3.js false
          • Avira URL Cloud: safe
          		 unknown
          https://nanmmachineapcnds.web.app/nyrjthsfdzxxz/themes/css/3dd3f0a4b26facac349e2acbdc6bb40bnbr1652375496.css false
          • Avira URL Cloud: safe
          		 unknown
          https://holy-sun-e797.harmony232.workers.dev/ false
            		unknown
            https://cdnjs.cloudflare.com/ajax/libs/vuex/2.3.1/vuex.min.js false
              		high
              https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 false
                		high
                https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard false
                  		high
                  https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#/cUjGMBBbEOAZ1A1trUW8e3VbW20C4UOpd0ehrM4-!@&LH84Fdvujw2I5C&!Iu1NoVelDrFYWPc0n&@!-rIOkyagFeRrpfkpu863jviY06vtNzd0wl6bdqtgcBCiFkJBNFM2cjK60kHJsv1cStzrMuJluVaYTTZe83P3ipaSduZvypfp-R9Nl7wnyni6bRrZSlpVqmcL4vXfoyA5jqb8tt2Ttt99UqNWmQ5mVPvJ5gelcSZwaFn0pI9qAD2/wo12vkbsOpyYljv5qbHp741G76PIeZ6FtwtpdE5j9i8wetmbUtVaw21r1SGEL4JtTI true
                  • SlashNext: Credential Stealing type: Phishing & Social Engineering
                  		 unknown
                  https://unpkg.com/vue-router@2.7.0/dist/vue-router.min.js false
                    		high
                    https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg false
                    • URL Reputation: safe
                    		 unknown
                    https://holy-sun-e797.harmony232.workers.dev/ true
                      		unknown
                      https://unpkg.com/axios@0.16.1/dist/axios.min.js false
                        		high
                        https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas true
                        • SlashNext: Credential Stealing type: Phishing & Social Engineering
                        		 unknown
                        https://holy-sun-e797.harmony232.workers.dev/?bbre=xzodiszxas#Jjik8mbLYCdEaKzVGfB0 true
                        • SlashNext: Credential Stealing type: Phishing & Social Engineering
                        		 unknown
                        https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.3.6/mobile-detect.min.js false
                          		high