Loading ...

Play interactive tourEdit tour

Analysis Report http://www.springdwnld2.com/download/?d=0&h=1&pnid=4&domain=hgovernmentformsonline.com&implementation_id=forms_spt_&source=Bing_v1-dsf_forms--bb8&adprovider=appfocus597&user_id=5028ddaf-0339-416d-a52a-9209a9d61f40&dfn=Governme HTTP/1.1 nt Forms Online&spo=0&appname=Government Forms Online&appdesc=Get your forms instantly from your home and new tab page!&ies=s,h&sso=

Overview

General Information

Joe Sandbox Version:26.0.0 Aquamarine
Analysis ID:132318
Start date:16.05.2019
Start time:03:27:38
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 12s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:browseurl.jbs
Sample URL:http://www.springdwnld2.com/download/?d=0&h=1&pnid=4&domain=hgovernmentformsonline.com&implementation_id=forms_spt_&source=Bing_v1-dsf_forms--bb8&adprovider=appfocus597&user_id=5028ddaf-0339-416d-a52a-9209a9d61f40&dfn=Governme HTTP/1.1 nt Forms Online&spo=0&appname=Government Forms Online&appdesc=Get your forms instantly from your home and new tab page!&ies=s,h&sso=
Analysis system description:Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed:9
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis stop reason:Timeout
Detection:MAL
Classification:mal60.evad.win@9/252@81/62
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
Warnings:
Show All
  • Exclude process from analysis (whitelisted): dllhost.exe, ielowutil.exe, conhost.exe, CompatTelRunner.exe
  • Excluded IPs from analysis (whitelisted): 104.102.4.56, 204.79.197.200, 13.107.21.200, 152.199.19.161, 172.217.168.8, 205.185.208.52, 172.217.168.10, 172.217.168.42, 216.58.215.234, 172.217.168.67, 172.217.168.74, 172.217.168.3, 216.58.215.238, 205.185.216.42, 205.185.216.10, 93.184.221.240, 23.50.102.239, 172.217.168.65, 172.217.168.4, 46.228.164.11, 151.101.2.49, 151.101.66.49, 151.101.130.49, 151.101.194.49, 104.83.99.154, 37.157.6.252, 37.157.2.236, 37.157.4.41, 37.157.6.246, 37.157.2.237, 37.157.4.23, 66.117.28.68, 185.31.128.129, 213.19.162.80, 213.19.162.90, 104.90.192.189
  • Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, cds.s5x3j6q5.hwcdn.net, googleapis.l.google.com, cds.y4n5w9i9.hwcdn.net, googleadapis.l.google.com, track-eu.adformnet.akadns.net, e11290.dspg.akamaiedge.net, audownload.windowsupdate.nsatc.net, afp.dotomi.weighted.com.akadns.net, hlb.apr-52dd2-0.edgecastdns.net, www.google.com, tp00.everesttech.net.akadns.net, www.gstatic.com, www.google-analytics.com, www.bing.com, fonts.googleapis.com, pagead-googlehosted.l.google.com, dual-a-0001.a-msedge.net, ajax.googleapis.com, a-emea.rfihub.com.akadns.net, e9040.f.akamaiedge.net, pagead2.googlesyndication.com, wildcard.media.net.edgekey.net, sb.scorecardresearch.com.edgekey.net, cs9.wpc.v0cdn.net, h2.shared.global.fastly.net, e1879.e7.akamaiedge.net, pixel.rubiconproject.net.akadns.net, adservice.google.com, track.adformnet.akadns.net, wu.azureedge.net, iecvlist.microsoft.com, r.turn.com.akadns.net, go.microsoft.com, www.googletagmanager.com, cs11.wpc.v0cdn.net, a.rfihub.com.akadns.net, wu.wpc.apr-52dd2.edgecastdns.net, tracking.m6r.eu.edgekey.net, www-google-analytics.l.google.com, fonts.gstatic.com, www-googletagmanager.l.google.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, afp.ams.dotomi.weighted.com.akadns.net, ad.turn.com.akadns.net, a-0001.a-afdentry.net.trafficmanager.net, cds.x7b3f6n8.hwcdn.net, tpc.googlesyndication.com, go.microsoft.com.edgekey.net, e607.e11.akamaiedge.net
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing network information.
  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtDeviceIoControlFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtReadFile calls found.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold600 - 100falsemalicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis



Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and Control
Valid AccountsExploitation for Client Execution1Winlogon Helper DLLPort MonitorsWeb Service1Credential DumpingProcess Discovery1Remote File Copy12Data from Local SystemData Encrypted1Web Service1
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesDisabling Security Tools1Network SniffingSecurity Software Discovery121Remote ServicesData from Removable MediaExfiltration Over Other Network MediumStandard Cryptographic Protocol2
Drive-by CompromiseWindows Management InstrumentationAccessibility FeaturesPath InterceptionDLL Side-Loading1Input CaptureRemote System Discovery1Windows Remote ManagementData from Network Shared DriveAutomated ExfiltrationRemote File Copy12
Exploit Public-Facing ApplicationScheduled TaskSystem FirmwareDLL Search Order HijackingObfuscated Files or InformationCredentials in FilesFile and Directory Discovery11Logon ScriptsInput CaptureData EncryptedStandard Non-Application Layer Protocol5
Spearphishing LinkCommand-Line InterfaceShortcut ModificationFile System Permissions WeaknessMasqueradingAccount ManipulationSystem Information Discovery1Shared WebrootData StagedScheduled TransferStandard Application Layer Protocol15

Signature Overview

Click to jump to signature section


AV Detection:

barindex
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\GovernmeHTTP_1.1ntFormsOnline-19792223[1].exevirustotal: Detection: 45%Perma Link
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partialvirustotal: Detection: 45%Perma Link
Source: C:\Users\user\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exevirustotal: Detection: 35%Perma Link

Spreading:

barindex
Enumerates the file systemShow sources
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeFile opened: C:\Users\user\AppData\Local\MicrosoftJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeFile opened: C:\Users\user\AppData\Local\Microsoft\WindowsJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\History\desktop.iniJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeFile opened: C:\Users\user\AppDataJump to behavior

Software Vulnerabilities:

barindex
Potential browser exploit detected (process start blacklist hit)Show sources
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeJump to behavior

Networking:

barindex
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
Source: TrafficSnort IDS: 2022893 ET MALWARE MSIL/Adload.AT Beacon 192.168.2.5:49802 -> 107.23.13.37:80
Connects to country known for bullet proof hostersShow sources
Source: unknownNetwork traffic detected: IP: 195.209.111.17 Russian Federation
Connects to many different domainsShow sources
Source: unknownNetwork traffic detected: DNS query count 79
Connects to several IPs in different countriesShow sources
Source: unknownNetwork traffic detected: IP country count 11
Downloads executable code via HTTPShow sources
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 16 May 2019 01:28:30 GMTContent-Type: application/x-msdos-programContent-Length: 998656Connection: keep-aliveServer: Apache/2.4.18 (Ubuntu)Content-Disposition: attachment; filename="GovernmeHTTP/1.1ntFormsOnline-19792223.exe"Last-Modified: Wed, 14 Nov 2018 11:59:53 GMTAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 62 24 3c cb 26 45 52 98 26 45 52 98 26 45 52 98 92 d9 a3 98 2b 45 52 98 92 d9 a1 98 b8 45 52 98 92 d9 a0 98 3b 45 52 98 ff 27 51 99 3e 45 52 98 ff 27 56 99 02 45 52 98 ff 27 57 99 61 45 52 98 2f 3d d1 98 23 45 52 98 2f 3d c1 98 3f 45 52 98 26 45 53 98 06 44 52 98 82 26 5b 99 37 45 52 98 82 26 ad 9
Social media urls found in memory dataShow sources
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.facebook.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.facebook.com/favicon.ico
Downloads compressed data via HTTPShow sources
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 16 May 2019 01:28:42 GMTContent-Type: text/plainContent-Length: 1305Connection: keep-aliveServer: Apache/2.4.18 (Ubuntu)Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 56 4b 73 9b 48 10 be f3 67 0c 83 c9 86 43 0e d6 83 97 01 49 08 18 66 6e 30 58 e6 31 83 a8 18 84 e0 d7 6f 83 e4 94 93 6c b2 a9 ad 3d d9 9a d2 74 4f 7f af d6 cb e8 4c 99 f9 58 ee aa ed 9b 2d 8c 81 19 7a 4f b0 c2 ed ea 5c 06 48 47 34 71 fa 0c c7 7d be 5e 99 99 ea 74 6c 5c ed 33 71 6d 33 11 95 ee da a9 99 a2 2b 4c 0c e5 ae 74 ce 52 6e 05 c3 ae fc 7c 61 28 2e 98 f0 cf ae 28 9a 4c a5 9c 09 ad a3 58 93 a9 d0 c7 2c f1 2f f7 02 3d 41 7a e7 aa de 43 8e 79 bd 0f a3 c1 ab 8a 9a 9a 86 70 c3 a7 49 f2 a6 ba f3 37 5b 44 d7 4a e1 87 4e e1 86 f5 e8 6d 78 b1 c3 07 e4 61 22 7b 6b aa 90 49 86 b3 ad e6 6d a2 ab 5f d2 82 6d 94 82 59 2b 91 21 5f 61 53 a4 f9 23 9d 32 35 1e 25 82 22 fd 20 78 4f 15 1d 79 47 a5 66 88 9e 6e af f1 3a 17 3b e5 6e ad b4 14 d7 22 8d f5 96 6e 14 b1 8c aa e8 13 b3 82
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 16 May 2019 01:28:44 GMTContent-Type: text/html; charset=utf-8Content-Length: 6488Connection: keep-aliveCache-Control: privateContent-Encoding: gzipVary: Accept-EncodingServer: Microsoft-IIS/8.5Set-Cookie: init=true; domain=hgovernmentformsonline.com; expires=Fri, 17-May-2019 01:28:53 GMT; path=/Set-Cookie: nts=t; domain=hgovernmentformsonline.com; path=/X-Content-Type-Options: nosniffAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONSData Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 1e ff ae 4f bf 3c 79 f3 fb bc 3c 4d e7 ed a2 3c fa 8d 93 c7 bf eb f6 f6 f7 8a f3 f4 ec 34 7d 90 7e ff 28 7d 8c
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 16 May 2019 01:28:44 GMTContent-Type: text/css; charset=utf-8Content-Length: 6297Connection: keep-aliveCache-Control: publicContent-Encoding: gzipExpires: Fri, 15 May 2020 01:28:40 GMTLast-Modified: Thu, 16 May 2019 01:28:40 GMTVary: User-Agent,Accept-EncodingServer: Microsoft-IIS/8.5X-Content-Type-Options: nosniffAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONSData Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 ee 7e 2b fd a2 58 16 e7 c5 34 6b 8b 6a 99 9e 67 45 99 cf c6 e9 ab bc 5d d7 cb 62 79 91 ae 97 0b 6e 90 cf d2 69 b5 6c f3 65 db 8c 7f e3 e4 51 5a af 97 db 6d b1 c8 d3 bc ae ab 3a 3d 79
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 16 May 2019 01:28:44 GMTContent-Type: text/javascript; charset=utf-8Content-Length: 626Connection: keep-aliveCache-Control: max-age=86400Content-Encoding: gzipVary: Accept-EncodingServer: Microsoft-IIS/8.5X-Content-Type-Options: nosniffAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONSData Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 ce d7 cb 69 5b 54 cb f4 75 be 9c 9d 2d 56 75 de 34 f4 e7 e7 65 35 c9 ca ad fc 32 5f b6 a3 f4 32 2b d7 f9 28 ad f3 f3 bc ae f3 fa 4e fa 8b 7f e3 e4 c7 da fa 9a 7f fe d8 65 56 a7 85 7d 33 fd 0c 9f fd d8 47 f3 b6 5d 35 8f ee de a5 6f c6 d5 32 6f f2 ac 9e ce c7 55 7d 81
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 16 May 2019 01:28:44 GMTContent-Type: text/css; charset=utf-8Content-Length: 886Connection: keep-aliveCache-Control: publicContent-Encoding: gzipExpires: Fri, 15 May 2020 01:28:53 GMTLast-Modified: Thu, 16 May 2019 01:28:53 GMTVary: User-Agent,Accept-EncodingServer: Microsoft-IIS/8.5X-Content-Type-Options: nosniffAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONSData Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 ce ab aa cd eb 5f bc 28 96 db 57 c5 ac 9d 3f 7a 70 7f 67 f5 ee 97 fc 78 93 b7 6d b1 bc 68 b6 8b 69 b5 fc c5 f2 d5 bd 4f 57 ef 0e e7 79 71 31 6f e5 f7 e9 ba 6e aa fa d1 aa 2a 96 04 e4 7
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 16 May 2019 01:28:44 GMTContent-Type: text/javascript; charset=utf-8Content-Length: 421Connection: keep-aliveCache-Control: publicContent-Encoding: gzipExpires: Fri, 15 May 2020 01:28:36 GMTLast-Modified: Thu, 16 May 2019 01:28:36 GMTVary: User-Agent,Accept-EncodingServer: Microsoft-IIS/8.5X-Content-Type-Options: nosniffAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONSData Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 2e b3 3a 9d 96 d5 f4 6d 35 f9 e9 51 33 af ae da c9 61 5b 5f ff e2 e2 7c cb 7c fc 99 f9 e5 67 7e e6 17 ff 92 91 f9 63 bc 28 ca a2 cd ea eb cf e8 83 ac 7c dd 56 75 76 91 8f 2f f2
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 16 May 2019 01:28:45 GMTContent-Type: text/css; charset=utf-8Content-Length: 1439Connection: keep-aliveCache-Control: publicContent-Encoding: gzipExpires: Fri, 15 May 2020 01:28:41 GMTLast-Modified: Thu, 16 May 2019 01:28:41 GMTVary: User-Agent,Accept-EncodingServer: Microsoft-IIS/8.5X-Content-Type-Options: nosniffAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONSData Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 c6 d9 6c 91 d5 6f f3 76 55 66 d3 7c 44 7f 4e 8a a6 ad ab d1 78 51 4d e7 d9 2f 9e e7 c5 c5 bc 7d 74 6f 6f f5 ee 97 d0 97 5e db b4 58 5c fc e2 ab 62 d6 ce f9 db c3 49 55 cf f2 7a bb ce
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 16 May 2019 01:28:49 GMTContent-Type: text/html; charset=utf-8Content-Length: 2809Connection: keep-aliveServer: Apache/2.4.18 (Ubuntu)Vary: Host,Accept-EncodingAccess-Control-Allow-Origin: *Content-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 95 58 69 73 9b c8 16 fd 3c 53 35 ff 81 f2 ab a9 24 e5 38 42 12 92 c0 8e 53 05 62 d1 02 48 02 81 04 df 58 1a 04 62 33 3b 72 e5 bf bf 06 c9 8e 3c 4e 66 21 56 68 5a b7 cf 3d 7d ee e9 76 e3 af 87 3c 0c be fd f1 fb d7 03 30 ec f6 9e e5 4d 00 60 a3 ed 47 9e 43 23 75 bd e8 1e 4d ea 87 c4 b0 6d 2f 72 bb f6 f7 3f 7e ff 12 5b 77 a0 ce 41 94 79 71 74 17 97 20 0d 8c e6 39 89 33 2f 87 1d f7 8e 57 03 fb 21 8f 93 7b f4 21 00 4e 0e 6f 95 67 e7 87 fb 3e 8a fe f9 70 00 9e 7b c8 cf ed d3 9d 17 d9 a0 be 1f a2 28 fa 60 1a d6 d1 4d e3 22 b2 ef ac 38 88 d3 fb ff b5 bd 97 a6 e3 38 0f 4e 1c e5 77 8e 11 7a 41 73 8f dc cc 40 50 82 dc b3 0c 11 14 e0 8e 6f 41 6f 3e 5f 75 23 6d 3f f2 8b 7e d8 f3 da f1 19 21 53 cf 08 60 0c 5f 58 9e 6d 20 5c 6a 40 56
Downloads files from webservers via HTTPShow sources
Source: global trafficHTTP traffic detected: GET /download/?d=0&h=1&pnid=4&domain=hgovernmentformsonline.com&implementation_id=forms_spt_&source=Bing_v1-dsf_forms--bb8&adprovider=appfocus597&user_id=5028ddaf-0339-416d-a52a-9209a9d61f40&dfn=Governme%20HTTP/1.1%20%20%20%20%20nt%20Forms%20Online&spo=0&appname=Government%20Forms%20Online&appdesc=Get%20your%20forms%20instantly%20from%20your%20home%20and%20new%20tab%20page!&ies=s,h&sso= HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.springdwnld2.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /ies/api.cgi?act=getConfig&id=R292ZXJubWVIVFRQXzEuMW50Rm9ybXNPbmxpbmUtMTk3OTIyMjMuZXhl&rf=0&proto=1 HTTP/1.1Accept-Encoding: gzip,deflateUser-Agent: WinWrapper64Host: www.springtechdld.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /impression.do?domain=hgovernmentformsonline.com&implementation_id=forms_spt__1.30&offer_id=_iei_&source=Bing_v1-dsf_forms--bb8-iei&sub_id=20190516&traffic_source=appfocus597&user_id=5028ddaf-0339-416d-a52a-9209a9d61f40&useragent=Mozilla%2F5.0+(Windows+NT+10.0%3B+WOW64%3B+Trident%2F7.0%3B+rv%3A11.0)+like+Gecko&ts=1557970110&sgn=8d026e43ce56b93e864cbc49a19b7438b66faab9&subid2=11.165.17134.0&event=ex_accepted HTTP/1.1User-Agent: iesHost: www.springdwnld2.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /?uid=5028ddaf-0339-416d-a52a-9209a9d61f40&uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&i_id=forms_spt__1.30 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: search.hgovernmentformsonline.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /styles/home/forms_v2?v=b08OG6R0aymTKmr9-9U6eelDS5zQayShE4vOkPopRuk1 HTTP/1.1Accept: text/css, */*Referer: http://search.hgovernmentformsonline.com/?uid=5028ddaf-0339-416d-a52a-9209a9d61f40&uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&i_id=forms_spt__1.30Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: search.hgovernmentformsonline.comConnection: Keep-AliveCookie: init=true; nts=t
Source: global trafficHTTP traffic detected: GET /get/js/impression?uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&uid=5028ddaf-0339-416d-a52a-9209a9d61f40&i_id=forms_spt__1.30&cid= HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://search.hgovernmentformsonline.com/?uid=5028ddaf-0339-416d-a52a-9209a9d61f40&uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&i_id=forms_spt__1.30Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: search.hgovernmentformsonline.comConnection: Keep-AliveCookie: init=true; nts=t
Source: global trafficHTTP traffic detected: GET /Content/Home/Shared/Images/searchHandHolding.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://search.hgovernmentformsonline.com/?uid=5028ddaf-0339-416d-a52a-9209a9d61f40&uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&i_id=forms_spt__1.30Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: search.hgovernmentformsonline.comConnection: Keep-AliveCookie: init=true; nts=t
Source: global trafficHTTP traffic detected: GET /styles/home/setting?v=ryUN9ROxMocKoOuvctYLZZeK4BqnEgMfzTl9evNnkcM1 HTTP/1.1Accept: text/css, */*Referer: http://search.hgovernmentformsonline.com/?uid=5028ddaf-0339-416d-a52a-9209a9d61f40&uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&i_id=forms_spt__1.30Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: search.hgovernmentformsonline.comConnection: Keep-AliveCookie: init=true; nts=t
Source: global trafficHTTP traffic detected: GET /scripts/home/header_common?v=AAAAH_DbLIleWj0eIMkM9tOvY9PBuu50aQKW3Tf5CW81 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://search.hgovernmentformsonline.com/?uid=5028ddaf-0339-416d-a52a-9209a9d61f40&uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&i_id=forms_spt__1.30Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: search.hgovernmentformsonline.comConnection: Keep-AliveCookie: init=true; nts=t
Source: global trafficHTTP traffic detected: GET /Content/Home/Shared/Images/gear-icon.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://search.hgovernmentformsonline.com/?uid=5028ddaf-0339-416d-a52a-9209a9d61f40&uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&i_id=forms_spt__1.30Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: search.hgovernmentformsonline.comConnection: Keep-AliveCookie: init=true; nts=t
Source: global trafficHTTP traffic detected: GET /scripts/home/forms_common?v=RZwa5ksy3ks-SVIgXpbMBg51irjaoq0xuX4fi_Atops1 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://search.hgovernmentformsonline.com/?uid=5028ddaf-0339-416d-a52a-9209a9d61f40&uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&i_id=forms_spt__1.30Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: search.hgovernmentformsonline.comConnection: Keep-AliveCookie: init=true; nts=t
Source: global trafficHTTP traffic detected: GET /styles/home/monetizedquicklinks?v=bq-qjnJKIdP158TdiPbryytiEg8Ladbsf4GjeYgFJ481 HTTP/1.1Accept: text/css, */*Referer: http://search.hgovernmentformsonline.com/?uid=5028ddaf-0339-416d-a52a-9209a9d61f40&uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&i_id=forms_spt__1.30Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: search.hgovernmentformsonline.comConnection: Keep-AliveCookie: init=true; nts=t
Source: global trafficHTTP traffic detected: GET /Content/Home/Email/Sprites/Sprite_Email_V6.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://search.hgovernmentformsonline.com/?uid=5028ddaf-0339-416d-a52a-9209a9d61f40&uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&i_id=forms_spt__1.30Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: search.hgovernmentformsonline.comConnection: Keep-AliveCookie: init=true; nts=t
Source: global trafficHTTP traffic detected: GET /Content/img/Icons/weatherAgencyIcon.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://search.hgovernmentformsonline.com/?uid=5028ddaf-0339-416d-a52a-9209a9d61f40&uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&i_id=forms_spt__1.30Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: search.hgovernmentformsonline.comConnection: Keep-AliveCookie: init=true; nts=t
Source: global trafficHTTP traffic detected: GET /Content/Images/saveMoney.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://search.hgovernmentformsonline.com/?uid=5028ddaf-0339-416d-a52a-9209a9d61f40&uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&i_id=forms_spt__1.30Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: search.hgovernmentformsonline.comConnection: Keep-AliveCookie: init=true; nts=t
Source: global trafficHTTP traffic detected: GET /Content/img/Icons/recipesIcon.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://search.hgovernmentformsonline.com/?uid=5028ddaf-0339-416d-a52a-9209a9d61f40&uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&i_id=forms_spt__1.30Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: search.hgovernmentformsonline.comConnection: Keep-AliveCookie: init=true; nts=t
Source: global trafficHTTP traffic detected: GET /Content/Home/Email/Sprites/Sprite_Email_V9.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://search.hgovernmentformsonline.com/?uid=5028ddaf-0339-416d-a52a-9209a9d61f40&uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&i_id=forms_spt__1.30Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: search.hgovernmentformsonline.comConnection: Keep-AliveCookie: init=true; nts=t
Source: global trafficHTTP traffic detected: GET /quicklinkicons/amazon.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://search.hgovernmentformsonline.com/?uid=5028ddaf-0339-416d-a52a-9209a9d61f40&uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&i_id=forms_spt__1.30Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: dap2y8k6nefku.cloudfront.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /quicklinkicons/news-1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://search.hgovernmentformsonline.com/?uid=5028ddaf-0339-416d-a52a-9209a9d61f40&uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&i_id=forms_spt__1.30Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: dap2y8k6nefku.cloudfront.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /quicklinkicons/facebook.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://search.hgovernmentformsonline.com/?uid=5028ddaf-0339-416d-a52a-9209a9d61f40&uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&i_id=forms_spt__1.30Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: dap2y8k6nefku.cloudfront.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /Content/Images/quicklinkIcons/IRS.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://search.hgovernmentformsonline.com/?uid=5028ddaf-0339-416d-a52a-9209a9d61f40&uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&i_id=forms_spt__1.30Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: search.hgovernmentformsonline.comConnection: Keep-AliveCookie: init=true; nts=t
Source: global trafficHTTP traffic detected: GET /Content/Home/Forms/Sprites/Sprite_Forms_V0.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://search.hgovernmentformsonline.com/?uid=5028ddaf-0339-416d-a52a-9209a9d61f40&uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&i_id=forms_spt__1.30Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: search.hgovernmentformsonline.comConnection: Keep-AliveCookie: init=true; nts=t
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: search.hgovernmentformsonline.comConnection: Keep-AliveCookie: init=true; nts=t; w=39~02n
Source: global trafficHTTP traffic detected: GET /ie/hh/dshp.html?source=Bing_v1-dsf_forms--bb8&appname=Government%20Forms%20Online&adprovider=appfocus597&nbl=808&nbh=53 HTTP/1.1Accept: */*Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.springdwnld2.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /impression.do?domain=hgovernmentformsonline.com&implementation_id=forms_spt__1.30&offer_id=_iei_&source=Bing_v1-dsf_forms--bb8-iei&sub_id=20190516&traffic_source=appfocus597&user_id=5028ddaf-0339-416d-a52a-9209a9d61f40&useragent=Mozilla%2F5.0+(Windows+NT+10.0%3B+WOW64%3B+Trident%2F7.0%3B+rv%3A11.0)+like+Gecko&ts=1557970110&sgn=8d026e43ce56b93e864cbc49a19b7438b66faab9&subid2=11.165.17134.0&event=ex_shown_ds HTTP/1.1User-Agent: iesHost: www.springdwnld2.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /impression.do?domain=hgovernmentformsonline.com&implementation_id=forms_spt__1.30&offer_id=_iei_&source=Bing_v1-dsf_forms--bb8-iei&sub_id=20190516&traffic_source=appfocus597&user_id=5028ddaf-0339-416d-a52a-9209a9d61f40&useragent=Mozilla%2F5.0+(Windows+NT+10.0%3B+WOW64%3B+Trident%2F7.0%3B+rv%3A11.0)+like+Gecko&ts=1557970110&sgn=8d026e43ce56b93e864cbc49a19b7438b66faab9&subid2=11.165.17134.0&event=ex_set_hp HTTP/1.1User-Agent: iesHost: www.springdwnld2.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /impression.do?domain=hgovernmentformsonline.com&implementation_id=forms_spt__1.30&offer_id=_iei_&source=Bing_v1-dsf_forms--bb8-iei&sub_id=20190516&traffic_source=appfocus597&user_id=5028ddaf-0339-416d-a52a-9209a9d61f40&useragent=Mozilla%2F5.0+(Windows+NT+10.0%3B+WOW64%3B+Trident%2F7.0%3B+rv%3A11.0)+like+Gecko&ts=1557970110&sgn=8d026e43ce56b93e864cbc49a19b7438b66faab9&subid2=11.165.17134.0&event=ex_installed HTTP/1.1User-Agent: iesHost: www.springdwnld2.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /impression.do?domain=hgovernmentformsonline.com&implementation_id=forms_spt__1.30&offer_id=_iei_&source=Bing_v1-dsf_forms--bb8-iei&sub_id=20190516&traffic_source=appfocus597&user_id=5028ddaf-0339-416d-a52a-9209a9d61f40&useragent=Mozilla%2F5.0+(Windows+NT+10.0%3B+WOW64%3B+Trident%2F7.0%3B+rv%3A11.0)+like+Gecko&ts=1557970110&sgn=8d026e43ce56b93e864cbc49a19b7438b66faab9&subid2=11.165.17134.0&event=ex_executed HTTP/1.1User-Agent: iesHost: www.springdwnld2.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /home/click?uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&uid=5028ddaf-0339-416d-a52a-9209a9d61f40&i_id=forms_spt__1.30&cid=&url=https%3a%2f%2fnationalweatheragency.org%2f%3fuc%3d20190516%26ap%3dappfocus597%26source%3dBing_v1-dsf_forms--bb8-iei%26uid%3d5028ddaf-0339-416d-a52a-9209a9d61f40%26i_id%3dforms_spt__1.30%26cid%3d&value=toolbar_nationalweatheragency_msq HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: search.hgovernmentformsonline.comConnection: Keep-AliveCookie: init=true; nts=t; w=39~02n
Found strings which match to known social media urlsShow sources
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: By continuing with installation, you agree to set your home page, new tab page and default search on Internet Explorer to <span class="cls_ies-domain" id = "ies_domain1">#domain</span> powered by Yahoo. equals www.yahoo.com (Yahoo)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: "Google Adwords, Bing Ad Center, Yahoo. We run our own affiliate network." equals www.yahoo.com (Yahoo)
Source: FJLK1KGC.htm.5.drString found in binary or memory: <li class="hp-quicklink" id="quicklink-youtube" title="Go to YouTube.com" onclick="return webHelpers.changeUrl('/home/click?uc=20190516&amp;ap=appfocus597&amp;source=Bing_v1-dsf_forms--bb8-iei&amp;uid=5028ddaf-0339-416d-a52a-9209a9d61f40&amp;i_id=forms_spt__1.30&amp;cid=&amp;url=https%3a%2f%2fyoutube.com&amp;value=quicklink_youtube',event)"></li> equals www.youtube.com (Youtube)
Source: FJLK1KGC.htm.5.drString found in binary or memory: <li class="hp-quicklink" id="quicklink-facebook" title="Go to Facebook.com" onclick="return webHelpers.changeUrl('/home/click?uc=20190516&amp;ap=appfocus597&amp;source=Bing_v1-dsf_forms--bb8-iei&amp;uid=5028ddaf-0339-416d-a52a-9209a9d61f40&amp;i_id=forms_spt__1.30&amp;cid=&amp;url=https%3a%2f%2fwww.facebook.com&amp;value=quicklink_facebook',event)"></li> equals www.facebook.com (Facebook)
Source: forms_common[1].js.5.drString found in binary or memory: * Copyright 2011-2015 Twitter, Inc. equals www.twitter.com (Twitter)
Source: prompt[1].js1.5.drString found in binary or memory: // https://github.com/facebook/flow/issues/2696 equals www.facebook.com (Facebook)
Source: prompt[1].js1.5.drString found in binary or memory: // HTMLStyleElement needs fixing https://github.com/facebook/flow/issues/2696 equals www.facebook.com (Facebook)
Source: prompt[1].js1.5.drString found in binary or memory: // See https://github.com/facebook/regenerator/issues/274 for more details. equals www.facebook.com (Facebook)
Source: prompt[1].js1.5.drString found in binary or memory: * Copyright (c) 2014-present, Facebook, Inc. equals www.facebook.com (Facebook)
Source: prompt[1].js1.5.drString found in binary or memory: * Copyright 2014-2015, Facebook, Inc. equals www.facebook.com (Facebook)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: "Free Hotmail.url" equals www.hotmail.com (Hotmail)
Source: forms_common[1].js.5.drString found in binary or memory: "use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=function(){function e(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,r.key,r)}}return function(t,n,r){return n&&e(t.prototype,n),r&&e(t,r),t}}(),t=require("../functions/cross-fetch"),n=require("../functions/strip_html");function r(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}var o=function(){function o(e){r(this,o),this.active=e}return e(o,[{key:"getResults",value:function(e){var n=this;if(!1===this.active)return Promise.resolve([]);var r=encodeURIComponent(e),o="undefined"==typeof window?"json":"jsonp";return(0,t.crossFetch)("https://ff.search.yahoo.com/gossip?output="+o+"&command="+r,{method:"GET",headers:{"Content-Type":"application/x-suggestions+json"}}).then(function(e){return e.json()}).then(function(e){return e.gossip.results.map(function(e){return n.getParseResultItem(e)})}).catch(function(e){ret
Source: forms_common[1].js.5.drString found in binary or memory: "use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=function(){function e(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,r.key,r)}}return function(t,n,r){return n&&e(t.prototype,n),r&&e(t,r),t}}(),t=require("fetch-jsonp"),n=u(t),r=require("../functions/strip_html");function u(e){return e&&e.__esModule?e:{default:e}}function o(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}var i=function(){function t(e){o(this,t),this.active=e}return e(t,[{key:"getResults",value:function(e){if(!1===this.active)return Promise.resolve([]);var t="output=jsonp&nresults=10&command="+encodeURIComponent(e);return(0,n.default)("https://sugg.search.yahoo.net/sg/?"+t,{method:"GET"}).then(function(e){return e.json()}).then(function(e){return e.gossip.results.map(function(e){return{source:"yahoo",title:e.key,click_url:"",image_url:"",strippedTitle:(0,r.stripHTML)(e.key)}})}).catch(funct
Source: forms_common[1].js.5.drString found in binary or memory: "use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=function(){return function(e,t){if(Array.isArray(e))return e;if(Symbol.iterator in Object(e))return function(e,t){var o=[],r=!0,n=!1,i=void 0;try{for(var u,s=e[Symbol.iterator]();!(r=(u=s.next()).done)&&(o.push(u.value),!t||o.length!==t);r=!0);}catch(e){n=!0,i=e}finally{try{!r&&s.return&&s.return()}finally{if(n)throw i}}return o}(e,t);throw new TypeError("Invalid attempt to destructure non-iterable instance")}}(),t=function(){function e(e,t){for(var o=0;o<t.length;o++){var r=t[o];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,r.key,r)}}return function(t,o,r){return o&&e(t.prototype,o),r&&e(t,r),t}}(),o=require("./duckduckgo"),r=v(o),n=require("./hardcoded"),i=v(n),u=require("./google"),s=v(u),a=require("./amazon"),l=v(a),d=require("./yahoo"),g=v(d),c=require("./yahoo_gossip"),f=v(c),h=require("../functions/fudge"),y=require("../functions/superfudge");function v(e){return e&&e.__esModu
Source: forms_common[1].js.5.drString found in binary or memory: "use strict";Object.defineProperty(exports,"__esModule",{value:!0});var o=function(){function o(o,e){for(var t=0;t<e.length;t++){var a=e[t];a.enumerable=a.enumerable||!1,a.configurable=!0,"value"in a&&(a.writable=!0),Object.defineProperty(o,a.key,a)}}return function(e,t,a){return t&&o(e.prototype,t),a&&o(e,a),e}}(),e=require("../functions/strip_html");function t(o,e){if(!(o instanceof e))throw new TypeError("Cannot call a class as a function")}var a=function(){function a(o){t(this,a),this.active=o,this.hardcoded={},this.hardcoded.yahoo=[["yahoo",0,[131]],["yahoomail",0,[131]],["yahoo<b> mail sign in</b>",0,[131]],["yahoo<b> Mail</b>",0,[131]],["yahoo",0,[131]],["yahoo<b> finance</b>",0],["www.yahoo.com",0],["yahoo.com",0,[131]],["yahoo<b> news</b>",0,[131]]],this.hardcoded.youtube=[["www.<b>youtube</b>.com",0,[131]],["youtube <b>to mp3</b>",0,[131]],["youtube <b>videos</b>",0,[131]],["youtube.com",0,[131]],["YouTube",0,[131]],["youtube <b>music</b>",0,[131]],["You Tube",0,[131]]],this.hardcoded.aol=[["AOL <b>e
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: 3@#32770ex_shown_ds{exEvent}iesHHScreenArialPowered by %sdomainparams1http://www.springtechdld.com/ies/api.cgi?act=getConfig&id=%1&rf=%2!d!&proto=%3&id=%1&rf=%2!d!&proto=%3{}%1!d!%2!02d!%3!02d!{"all_url_match":[{"domain":"(search\\.hemailaccessonline\\.com$)"}],"ds_ico" : "","ds_url" : "http://search.hemailaccessonline.com/s?source=-lp0-bb9&uid=%1&uc=%2&ap=appfocus1&i_id=email_spt__1.30&query={searchTerms}","hp_url" : "http://search.hemailaccessonline.com/?source=-lp0-bb9&uid=%1&uc=%2&ap=appfocus1&i_id=email_spt__1.30","ds_sug" : "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}","sln" : 1,"app_name" : "Email Access Online","app_desc" : "Search your favorite Email sites instantly from your home and new tab page!","ds_name" : "Email Access Online - Powered by Yahoo!","imp_url" : "http://imp.hemailaccessonline.com/impression.do?implementation_id=email_spt__1.30&source=-lp0-b
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <FavoriteIcon>http://search.yahoo.co.jp/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <FavoriteIcon>http://search.yahoo.com/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <SuggestionsURL>http://ie.search.yahoo.com/os?command={SearchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <URL>http://br.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <URL>http://de.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <URL>http://es.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <URL>http://espanol.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <URL>http://fr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <URL>http://in.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <URL>http://it.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <URL>http://kr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <URL>http://ru.search.yahoo.com</URL> equals www.yahoo.com (Yahoo)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <URL>http://sads.myspace.com/</URL> equals www.myspace.com (Myspace)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <URL>http://search.cn.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <URL>http://search.yahoo.co.jp</URL> equals www.yahoo.com (Yahoo)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <URL>http://search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <URL>http://tw.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <URL>http://uk.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
Source: msapplication.xml0.4.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x36b4c8e4,0x01d50bd2</date><accdate>0x36b4c8e4,0x01d50bd2</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.4.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x36b4c8e4,0x01d50bd2</date><accdate>0x36b75284,0x01d50bd2</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.4.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x36be8a05,0x01d50bd2</date><accdate>0x36be8a05,0x01d50bd2</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.4.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x36be8a05,0x01d50bd2</date><accdate>0x36be8a05,0x01d50bd2</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.4.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x36c1b024,0x01d50bd2</date><accdate>0x36c1b024,0x01d50bd2</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.4.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x36c1b024,0x01d50bd2</date><accdate>0x36c1b024,0x01d50bd2</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: Uninstall %shttps://www.google.com/search?q={searchTerms}Googlehttps://www.google.com/https://search.yahoo.com/search?p={searchTerms}Yahoohttps://www.yahoo.com/https://www.bing.com/search?q={searchTerms}Binghttps://www.msn.com/&offer_id=%dex_uninstalled{exEvent}ieuThe program was uninstalled successfully.SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}DisplayNameUninstallImpressionUninstallHomepageUninstallDialogUninstallEngineID equals www.yahoo.com (Yahoo)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: www.springdwnld2.com
Posts data to webserverShow sources
Source: unknownHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 16 May 2019 01:28:44 GMTContent-Type: text/html; charset=utf-8Content-Length: 6488Connection: keep-aliveCache-Control: privateContent-Encoding: gzipVary: Accept-EncodingServer: Microsoft-IIS/8.5Set-Cookie: init=true; domain=hgovernmentformsonline.com; expires=Fri, 17-May-2019 01:28:53 GMT; path=/Set-Cookie: nts=t; domain=hgovernmentformsonline.com; path=/X-Content-Type-Options: nosniffAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONSData Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 1e ff ae 4f bf 3c 79 f3 fb bc 3c 4d e7 ed a2 3c fa 8d 93 c7 bf eb f6 f6 f7 8a f3 f4 ec 34 7d 90 7e ff 28 7d 8c
Urls found in memory or binary dataShow sources
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://%s.com
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://activecouponsexplore.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://amazon.fr/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/accordion/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/autocomplete/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/blind-effect/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/bounce-effect/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/button/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/category/effects-core/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/category/ui-core/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/clip-effect/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/datepicker/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/dialog/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/draggable/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/drop-effect/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/droppable/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/explode-effect/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/fade-effect/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/fold-effect/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/highlight-effect/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/jQuery.widget/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/menu/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/mouse/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/position/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/progressbar/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/puff-effect/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/pulsate-effect/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/resizable/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/scale-effect/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/selectable/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/selectmenu
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/shake-effect/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/size-effect/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/slide-effect/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/slider/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/sortable/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/spinner/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/tabs/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/tooltip/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://api.jqueryui.com/transfer-effect/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://ariadna.elmundo.es/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://arianna.libero.it/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://arianna.libero.it/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://asp.usatoday.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://asp.usatoday.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://auone.jp/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://auto.search.msn.com/response.asp?MT=
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://bestfileconverter.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://br.search.yahoo.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://browse.guardian.co.uk/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
Source: jquery-ui[1].js.5.drString found in binary or memory: http://bugs.jquery.com/ticket/11778
Source: jquery-migrate-1.2.1[1].js.5.drString found in binary or memory: http://bugs.jquery.com/ticket/13335
Source: jquery-ui[1].js.5.drString found in binary or memory: http://bugs.jquery.com/ticket/8235
Source: jquery-ui[1].js.5.drString found in binary or memory: http://bugs.jquery.com/ticket/9413
Source: jquery-ui[1].js.5.drString found in binary or memory: http://bugs.jquery.com/ticket/9413)
Source: jquery-ui[1].js.5.drString found in binary or memory: http://bugs.jquery.com/ticket/9917
Source: jquery-ui[1].js.5.drString found in binary or memory: http://bugs.jqueryui.com/ticket/7552
Source: jquery-ui[1].js.5.drString found in binary or memory: http://bugs.jqueryui.com/ticket/9446
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://busca.buscape.com.br/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://busca.buscape.com.br/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://busca.estadao.com.br/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://busca.igbusca.com.br/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://busca.orange.es/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://busca.u
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://busca.uol.com.br/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://buscador.lycos.es/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://buscador.terra.com.br/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://buscador.terra.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://buscador.terra.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://buscador.terra.es/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://buscar.ozu.es/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://buscar.ya.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://busqueda.aol.com.mx/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://cerca.lycos.it/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://cgi.search.biglobe.ne.jp/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://classifiedlist.net/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://classifiedseasy.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://clients5.google.com/complete/search?hl=
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://cnet.search.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://converterpro.app/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://corp.naukri.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://corp.naukri.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://crimereport.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://dailybibleverses.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://dailysocialweb.com/
Source: prompt[1].js1.5.drString found in binary or memory: http://davidwalsh.name/vendor-prefix
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://de.search.yahoo.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://designyoursite.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://directionsandmapstab.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://discovermyancestry.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://dopplerweatherradar.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://downloadmyemailhub.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://downloadmyinboxhelper.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://easyconverter.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://easycouponsaccess.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://easyformsonline.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://easymapfinder.net/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://easyrecipesnow.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://easyspeedtest.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://easystreamingnow.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://easytaxes.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://email-login.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://emailaccountlogin.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://emailassistant.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://emailloginnow.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://es.ask.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://es.search.yahoo.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://esearch.rakuten.co.jp/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://espanol.search.yahoo.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://espn.go.com/favicon.ico
Source: jquery.fancybox[1].css.5.drString found in binary or memory: http://fancybox.net
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://fastdirectionsfinder.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://fasterlogin.net/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://fastformfinder.com/form-ot3b/?source=ae
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://fastpackagetracker.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://fastspeedtestnow.com/fast-t8c/?source=ae
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://fasttologin.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://fileconverter.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://find.joins.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://findformsfast.com/form-cx7eb/?source=ae
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://findmapsanddirections.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://findmyroute.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://findweathernow.com/weather-ot3bb/?source=ae
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://findyourroute.net/
Source: jquery.tools.min[1].js.5.drString found in binary or memory: http://flowplayer.org/tools/
Source: font-awesome[1].css.5.drString found in binary or memory: http://fontawesome.io
Source: font-awesome[1].css.5.drString found in binary or memory: http://fontawesome.io/license
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://fr.search.yahoo.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://freeforms.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://freeformsnow.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://freeliveradio.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://get.couponsimplified.com/
Source: forms_common[1].js.5.drString found in binary or memory: http://getbootstrap.com)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://getdirectionsquick.org/map-oti3b/?source=ae
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://getfitnow.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://getsports.net/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://gomaps.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://gomapsandirections.com/
Source: forms_common[1].js.5.drString found in binary or memory: http://google.com
Source: forms_common[1].js.5.drString found in binary or memory: http://google.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://google.pchome.com.tw/
Source: jquery.easing.1.3[1].js.5.drString found in binary or memory: http://gsgd.co.uk/sandbox/jquery/easing/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://home.altervista.org/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://home.altervista.org/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://ie.search.yahoo.com/os?command=
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://images.monster.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://img.atlas.cz/favicon.ico
Source: forms_common[1].js.5.drString found in binary or memory: http://img.nsgnav.com/img/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://imp.hemailaccessonline.com/impression.do?implementation_id=email_spt__1.30&source=-lp0-bb9&su
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://in.search.yahoo.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://instantnewsnow.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://it.search.dada.net/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://it.search.dada.net/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://it.search.yahoo.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://jobsearch.monster.com/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://jquery.org/license
Source: jquery-ui.min[1].css.5.dr, jquery-ui[1].js.5.drString found in binary or memory: http://jqueryui.com
Source: jquery-ui.min[1].css.5.drString found in binary or memory: http://jqueryui.com/themeroller/?bgShadowXPos=&bgOverlayXPos=&bgErrorXPos=&bgHighlightXPos=&bgConten
Source: prompt[1].js1.5.drString found in binary or memory: http://jsperf.com/array-join-vs-for
Source: prompt[1].js1.5.drString found in binary or memory: http://jsperf.com/element-style-object-access-vs-plain-object
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://kr.search.yahoo.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://legal.__domain__
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://legal.__domain__/Home/ContactUs
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://legal.__domain__/Home/ContactUs?source=ae
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://legal.__domain__/Home/Terms?source=ae
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://legal.__domain__/home/privacy
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://legal.__domain__/home/privacy?source=ae
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://legal.__domain__/home/terms
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://legal.__domain__?source=ae
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://legal.hemailaccessonline.com/Home/Terms?source=ae
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://legal.hemailaccessonline.com/home/privacy?source=ae
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://legal.hgovernmentformsonline.com/Home/Terms?source=ae
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://legal.hgovernmentformsonline.com/home/privacy?source=ae
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://legal.loginfaster.com/legal/privacy
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://legal.loginfaster.com/legal/terms
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://list.taobao.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://livetvnow.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://localclassifiedlist.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://localweatherradar.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://loginemailnow.com/email-ot13b/?source=ae
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://loginnow.net/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://mail.live.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://mapsanddirections.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://mapsanddrivingdirection.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://mapsnt.com/
Source: grid[1].css.5.drString found in binary or memory: http://meyerweb.com/eric/tools/css/reset/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://msk.afisha.ru/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://musicktab.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://mybanklogin.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://myconverterhub.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://myemailcenter.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://myemailhelper.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://myflightapp.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://mylocaltransit.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://mymapshomepage.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://mynewswire.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://myonlinecalendar.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://myquickconverter.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://myspeedtester.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://mytemplates.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://mytvcenter.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://myutilitybox.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://myweatherhomepage.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://myweatherradar.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://myweathertab.com/
Source: forms_common[1].js.5.drString found in binary or memory: http://navigation.nsgnav.com/query.php?a=nav&p=SSS&l=
Source: home[1].htm1.5.drString found in binary or memory: http://newsapi.org
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://notepadpro.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://ocnsearch.goo.ne.jp/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://officeworksuite.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://ontheradio.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://openimage.interpark.com/interpark.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://p.zhongsou.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://p.zhongsou.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://packageintransit.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://packagetrackingpro.com/track-ot4b/?source=ae
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://pdf-converter.app/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://playfreemusic.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://price.ru/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://price.ru/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://quickemailaccess.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://quickemaillogin.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://quickmapsanddirections.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://quickpackagefinder.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://recherche.linternaute.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://recherche.tf1.fr/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://recherche.tf1.fr/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://recipenetwork.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://rover.ebay.com
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://ru.search.yahoo.com
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://s2.symcb.com0
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://sads.myspace.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search-dyn.tiscali.it/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.about.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.alice.it/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.alice.it/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.aol.co.uk/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.aol.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.aol.in/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.atlas.cz/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.auction.co.kr/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.auone.jp/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.books.com.tw/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.books.com.tw/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.centrum.cz/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.centrum.cz/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.chol.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.chol.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.cn.yahoo.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.daum.net/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.daum.net/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.dreamwiz.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.dreamwiz.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.ebay.co.uk/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.ebay.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.ebay.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.ebay.de/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.ebay.es/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.ebay.fr/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.ebay.in/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.ebay.it/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.empas.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.empas.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.espn.go.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.gamer.com.tw/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.gamer.com.tw/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.gismeteo.ru/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.goo.ne.jp/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.goo.ne.jp/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.hanafos.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.hanafos.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://search.hemailaccessonline.com/?source=-lp0-bb9&uid=%1&uc=%2&ap=appfocus1&i_id=email_spt__1.30
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://search.hemailaccessonline.com/s?source=-lp0-bb9&uid=%1&uc=%2&ap=appfocus1&i_id=email_spt__1.3
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe, {604FBD87-77C5-11E9-AAD9-C25F135D3C65}.dat.4.drString found in binary or memory: http://search.hgovernmentformsonline.com/?uid=5028ddaf-0339-416d-a52a-9209a9d61f40&uc=20190516&ap=ap
Source: imagestore.dat.5.drString found in binary or memory: http://search.hgovernmentformsonline.com/favicon.ico
Source: imagestore.dat.5.drString found in binary or memory: http://search.hgovernmentformsonline.com/favicon.ico~
Source: ~DF70D4D26ADAB45BA5.TMP.4.dr, {688F6A98-77C5-11E9-AAD9-C25F135D3C65}.dat.4.drString found in binary or memory: http://search.hgovernmentformsonline.com/home/click?uc=20190516&ap=appfocus597&source=Bing_v1-dsf_fo
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.hgovernmentformsonline.com/s?uid=5028ddaf-0339-416d-a52a-9209a9d61f40&uc=20190516&ap=a
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.interpark.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.ipop.co.kr/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.ipop.co.kr/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.live.com/results.aspx?q=
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.livedoor.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.livedoor.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.lycos.co.uk/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.lycos.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.lycos.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.msn.com/results.aspx?q=
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.nate.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.naver.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.naver.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.nifty.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.orange.co.uk/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.orange.co.uk/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.rediff.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.rediff.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.seznam.cz/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.seznam.cz/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.sify.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.yahoo.co.jp
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.yahoo.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.yahoo.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search.yam.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search1.taobao.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://search2.estadao.com.br/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://searchresults.news.com.au/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://service2.bfast.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://shipmenttracker.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://simpleconverter.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://sitesearch.timesonline.co.uk/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://so-net.search.goo.ne.jp/
Source: home[1].htm1.5.drString found in binary or memory: http://storage.ie6countdown.com/assets/100/images/banners/warning_bar_0000_us.jpg
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://suche.aol.de/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://suche.freenet.de/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://suche.freenet.de/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://suche.lycos.de/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://suche.t-online.de/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://suche.web.de/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://suche.web.de/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://sv.symcd.com0&
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://testmyspeeds.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://thebookhub.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://thecalendar.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://thelocalclassifieds.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://thenewssource.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://thenewssource.net/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://thereadinghub.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://theweathercenter.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://trackmyflight.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://trackyourflight.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://trackyourpackages.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://trackyourpackages.net/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://transitlocator.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://transitschedule.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://treyresearch.net
Source: touchTouch.jquery[1].js.5.drString found in binary or memory: http://tutorialzine.com/2012/04/mobile-touch-gallery/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://tv-now.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://tw.search.yahoo.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://udn.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://udn.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://uk.ask.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://uk.ask.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://uk.search.yahoo.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://unclaimedcashfinder.com/cash-ot3b/?source=ae
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://universalconverter.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://vachercher.lycos.fr/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://video.globo.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://video.globo.com/favicon.ico
Source: prompt[1].js1.5.drString found in binary or memory: http://w3.org/TR/2012/WD-url-20120524/#collect-url-parameters
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://wallstreetwatch.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://watchallsports.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://watchanysports.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://watchsportslive.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://watchsportsnow.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://watchtvnow.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://weatherforecaster.net/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://weathernation.co/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://web.ask.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://wildforscrapbooking.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.%s.com
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.abril.com.br/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.abril.com.br/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://www.accesoamicorreoelectronico.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.alarabiya.net/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.alarabiya.net/favicon.i
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.amazon.co.jp/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.amazon.co.uk/
Source: msapplication.xml.4.drString found in binary or memory: http://www.amazon.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.amazon.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&amp;tag=ie8search-20&amp;index=blended&amp;linkCode=qs&amp;c
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.amazon.de/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.aol.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.arrakis.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.arrakis.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.asharqalawsat.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.ask.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.auction.co.kr/auction.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.baidu.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.baidu.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.cdiscount.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.cdiscount.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.ceneo.pl/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.ceneo.pl/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.cjmall.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.cjmall.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.clarin.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.cnet.co.uk/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.cnet.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.dailymail.co.uk/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.docUrl.com/bar.htm
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://www.emaileasyaccess.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.etmall.com.tw/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.etmall.com.tw/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.excite.co.jp/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.expedia.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.expedia.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.gismeteo.ru/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.gmarket.co.kr/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
Source: jquery.fancybox[1].css.5.drString found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.google.co.in/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.google.co.jp/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.google.co.uk/
Source: forms_common[1].js.5.drString found in binary or memory: http://www.google.com
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.google.com.br/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.google.com.sa/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.google.com.tw/
Source: msapplication.xml1.4.dr, forms_common[1].js.5.drString found in binary or memory: http://www.google.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.google.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.google.cz/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.google.de/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.google.es/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.google.fr/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.google.it/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.google.pl/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.google.ru/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.google.si/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.iask.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.iask.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://www.jetztkonvertieren.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.kkbox.com.tw/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.linternaute.com/favicon.ico
Source: msapplication.xml2.4.drString found in binary or memory: http://www.live.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.maktoob.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://www.meinemailzentrum.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://www.meinlokaleswetter.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.mercadolibre.com.mx/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.mercadolivre.com.br/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.merlin.com.pl/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.merlin.com.pl/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&amp;a=
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://www.monconvertisseur.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.mtv.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.mtv.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.myspace.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.najdi.si/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.najdi.si/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.nate.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.neckermann.de/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.neckermann.de/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.news.com.au/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.nifty.com/favicon.ico
Source: msapplication.xml3.4.drString found in binary or memory: http://www.nytimes.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://www.obtenezemail.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://www.obtenezemails.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
Source: jquery.fancybox[1].css.5.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.orange.fr/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.otto.de/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.ozon.ru/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.ozon.ru/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.ozu.es/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.paginasamarillas.es/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.pchome.com.tw/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://www.previsionmeteolocale.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.priceminister.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.priceminister.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.rambler.ru/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.rambler.ru/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.recherche.aol.fr/
Source: msapplication.xml4.4.drString found in binary or memory: http://www.reddit.com/
Source: jquery-ui[1].js.5.drString found in binary or memory: http://www.robertpenner.com/easing)
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.rtl.de/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.rtl.de/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.servicios.clarin.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.shopzilla.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.sify.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.sogou.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.sogou.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.soso.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.soso.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.springdwnld2.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.springdwnld2.com/ie/hh/dshp.html?sour
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.springdwnld2.com/ie/hh/dshp.html?source=Bing_v1-dsf_forms--bb8&appname=Government%20Forms
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.springdwnld2.com/impression.do?domain=hgovernmentformsonline.com&implementation_id=forms_
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.springtechdld.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe, GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://www.springtechdld.com/advplatform/api.cgi
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.springtechdld.com/advplatform/api.cgi?act=postStat
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.springtechdld.com/advplatform/api.cgi?act=postStat&id=R292ZXJubWVIVFRQXzEuMW50Rm9ybXNPbmx
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://www.springtechdld.com/advplatform/api.cgi?act=postStatex_accepted11.0.9600.18015ex_already_in
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://www.springtechdld.com/download/?d=
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://www.springtechdld.com/ies/api.cgi?act=getConfig&id=%1&rf=%2
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.springtechdld.com/ies/api.cgi?act=getConfig&id=R292ZXJubWVIVFRQXzEuMW50Rm9ybXNPbmxpbmUtMT
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://www.symauth.com/cps0(
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://www.symauth.com/rpa00
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.t-online.de/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.taobao.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.taobao.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.target.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.target.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.tchibo.de/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.tchibo.de/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.tesco.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.tesco.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.tiscali.it/favicon.ico
Source: msapplication.xml5.4.drString found in binary or memory: http://www.twitter.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.univision.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.univision.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.w3.or
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.walmart.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.walmart.com/favicon.ico
Source: msapplication.xml6.4.drString found in binary or memory: http://www.wikipedia.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.ya.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www.yam.com/favicon.ico
Source: msapplication.xml7.4.drString found in binary or memory: http://www.youtube.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://www.zugriffemail.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www3.fnac.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://www3.fnac.com/favicon.ico
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&amp;Version=2008-06-26&amp;Operation
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://yourpackagetrackednow.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: http://yoursportsinfonow.com/
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: http://z.about.com/m/a08.ico
Source: prompt[1].js1.5.drString found in binary or memory: https://5thavenuenews.com/
Source: forms_common[1].js.5.drString found in binary or memory: https://ac.duckduckgo.com/ac/?q=
Source: js[1].js.5.drString found in binary or memory: https://adservice.google.com/ddm/regclk
Source: home[1].htm1.5.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Source: analytics[1].js.5.drString found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: app_v2[1].js.5.drString found in binary or memory: https://api.openweathermap.org/data/2.5/forecast?
Source: app_v2[1].js.5.drString found in binary or memory: https://api.openweathermap.org/data/2.5/weather?
Source: forms_common[1].js.5.drString found in binary or memory: https://api.openweathermap.org/data/2.5/weather?appid=
Source: prompt[1].js1.5.drString found in binary or memory: https://api.pushible.com/api/getpayloadtwo
Source: forms_common[1].js.5.drString found in binary or memory: https://api.searchemoji.global/search
Source: {604FBD87-77C5-11E9-AAD9-C25F135D3C65}.dat.4.dr, FJLK1KGC.htm.5.drString found in binary or memory: https://appfocus.go2cloud.org/aff_l?offer_id=2825&adv_sub=forms_&adv_sub2=5028ddaf-0339-416d-a52a-92
Source: app_v2[1].js.5.drString found in binary or memory: https://autocomplete.wunderground.com/aq?&c=US&cb=call=?
Source: serve.js[1].htm0.5.drString found in binary or memory: https://bttrack.com/pixel/cookiesync?source=0b0edea9-c9fe-4b9c-9bcd-a51022f2873f&publisherid=MWRiNTh
Source: jquery-ui[1].js.5.drString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=47182
Source: jquery-ui[1].js.5.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=561664
Source: prompt[1].js1.5.drString found in binary or memory: https://caniuse.com/#search=appearance
Source: prompt[1].js1.5.drString found in binary or memory: https://caniuse.com/#search=color-adjust
Source: prompt[1].js1.5.drString found in binary or memory: https://caniuse.com/#search=keyframes
Source: prompt[1].js1.5.drString found in binary or memory: https://caniuse.com/#search=mask
Source: prompt[1].js1.5.drString found in binary or memory: https://caniuse.com/#search=multicolumn
Source: prompt[1].js1.5.drString found in binary or memory: https://caniuse.com/#search=overscroll-behavior
Source: prompt[1].js1.5.drString found in binary or memory: https://caniuse.com/#search=scroll-snap
Source: prompt[1].js1.5.drString found in binary or memory: https://caniuse.com/#search=transform
Source: prompt[1].js1.5.drString found in binary or memory: https://caniuse.com/#search=transition
Source: prompt[1].js1.5.drString found in binary or memory: https://caniuse.com/#search=writing-mode
Source: forms_common[1].js.5.drString found in binary or memory: https://clients1.google.com/complete/search?
Source: jquery-ui[1].js.5.drString found in binary or memory: https://code.google.com/p/maashaack/source/browse/packages/graphics/trunk/src/graphics/colors/HUE2RG
Source: home[1].htm1.5.drString found in binary or memory: https://code.jquery.com/ui/1.11.4/jquery-ui.js
Source: home[1].htm1.5.drString found in binary or memory: https://couponsventure.com/?uc=20190516&amp;ap=appfocus597&amp;source=Bing_v1-dsf_forms--bb8-iei&amp
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: https://d.symcb.com/cps0%
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: https://d.symcb.com/rpa0
Source: FJLK1KGC.htm.5.drString found in binary or memory: https://d3ff8olul1r3ot.cloudfront.net/forms.png
Source: prompt[1].js1.5.drString found in binary or memory: https://desktop-notification-63145.firebaseio.com
Source: ~DF70D4D26ADAB45BA5.TMP.4.drString found in binary or memory: https://dmp.adblade.com/srv/sync/gateway/?cId=SolveMedia;__src=adblade
Source: prompt[1].js1.5.drString found in binary or memory: https://do.pushible.com/impression.do?event=
Source: home[1].htm1.5.drString found in binary or memory: https://exmarketplace.com/bidder/adsbooster.js
Source: home[1].htm1.5.drString found in binary or memory: https://exmarketplace.com/bidder/polarity/nationalweatheragency.dfp.js
Source: home[1].htm1.5.drString found in binary or memory: https://exmarketplace.com/bidder/prebid.js
Source: forms_common[1].js.5.drString found in binary or memory: https://ff.search.yahoo.com/gossip?output=
Source: firebase-messaging[1].js.5.drString found in binary or memory: https://firebase.google.com/terms/
Source: rev2.min[1].js.5.drString found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat:300
Source: css[1].css.5.drString found in binary or memory: https://fonts.gstatic.com/s/cabin/v13/u-4x0qWljRw-Pd8w__s.woff)
Source: css[2].css.5.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v16/mem5YaGs126MiZpBA-UN7rgOUuhv.woff)
Source: css[2].css.5.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v16/mem5YaGs126MiZpBA-UN_r8OUuhv.woff)
Source: css[2].css.5.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v16/mem6YaGs126MiZpBA-UFUK0Zdcs.woff)
Source: css[2].css.5.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v16/mem8YaGs126MiZpBA-UFVZ0d.woff)
Source: css[2].css0.5.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
Source: css[2].css0.5.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
Source: css[1].css1.5.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v19/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: forms_common[1].js.5.drString found in binary or memory: https://fsquizmast.blob.core.windows.net/images/1_adbistro/20181019/bookingbuddy-W5uH1XLPAYA.png
Source: forms_common[1].js.5.drString found in binary or memory: https://fsquizmast.blob.core.windows.net/images/1_adbistro/20181030/home_depot-fzTSuXHUAYA.png
Source: forms_common[1].js.5.drString found in binary or memory: https://fsquizmast.blob.core.windows.net/images/1_adbistro/20181030/target-eIH2V9dKAMA.png
Source: serve.js[1].htm.5.drString found in binary or memory: https://g.cwkuki.com/cs/D8f2l?u=MWRiNThhZDNlOWUyOTY3OTA2ZDMyZTQ1M2Y0NmEzMmQ=
Source: prompt[1].js1.5.drString found in binary or memory: https://github.com/facebook/flow/issues/2696
Source: prompt[1].js1.5.drString found in binary or memory: https://github.com/facebook/regenerator/issues/274
Source: jquery-ui[1].js.5.drString found in binary or memory: https://github.com/jquery/jquery-color
Source: jquery-migrate-1.2.1[1].js.5.drString found in binary or memory: https://github.com/jquery/jquery-migrate
Source: prompt[1].js1.5.drString found in binary or memory: https://github.com/jsstyles/css-vendor
Source: js[1].js.5.drString found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: prompt[1].js1.5.drString found in binary or memory: https://github.com/postcss/autoprefixer/issues/177
Source: prompt[1].js1.5.drString found in binary or memory: https://github.com/postcss/autoprefixer/issues/324.
Source: prompt[1].js1.5.drString found in binary or memory: https://github.com/postcss/autoprefixer/issues/491
Source: forms_common[1].js.5.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: forms_common[1].js.5.drString found in binary or memory: https://google.com
Source: forms_common[1].js.5.drString found in binary or memory: https://google.com/
Source: ~DF70D4D26ADAB45BA5.TMP.4.drString found in binary or memory: https://googleads.g.doubleclick.net/pagead/drt/si
Source: forms_common[1].js.5.drString found in binary or memory: https://goto.target.com/c/1248655/81938/2092?subId1=toolbar&subId2=homepage&u=https%3A%2F%2Fwww.targ
Source: forms_common[1].js.5.drString found in binary or memory: https://homedepot.sjv.io/c/1257166/456723/8154?subId1=Search_ext&u=https%3A%2F%2Fwww.homedepot.com%2
Source: serve.js[1].htm.5.drString found in binary or memory: https://ib.adnxs.com/getuid?https%3A%2F%2Fcm.revcontent.com%2Fpixel_sync%3Fbidder%3D115%26bidder_uid
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe, GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: https://ie.search.yahoo.com/os?appid=ie8&command=
Source: impression[1].js.5.drString found in binary or memory: https://imp.onesearch.org/impression.do?event=
Source: prompt[1].js1.5.drString found in binary or memory: https://jsperf.com/indexof-vs-substr-vs-regex-at-the-beginning-3
Source: home[1].htm1.5.drString found in binary or memory: https://legal.nationalweatheragency.org/home/privacy
Source: home[1].htm1.5.drString found in binary or memory: https://legal.nationalweatheragency.org/home/privacy#cookiePolicy
Source: home[1].htm1.5.drString found in binary or memory: https://legal.nationalweatheragency.org/home/terms
Source: forms_common[1].js.5.drString found in binary or memory: https://link.searchemoji.global/link/r?u=http%3A%2F%2Fwww.walmart.com&client_id=BQoLAQ8LAwsOAgsPBA8G
Source: forms_common[1].js.5.drString found in binary or memory: https://link.searchemoji.global/link/r?u=https%3A%2F%2Fwww.ebay.com&campaign_id=DgMPCgkKAAoMCQMHBAEH
Source: prebid[1].js.5.drString found in binary or memory: https://lockerdome.com/ladbid/prebid
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: https://login.live.com
Source: FJLK1KGC.htm.5.drString found in binary or memory: https://mail.google.com
Source: forms_common[1].js.5.drString found in binary or memory: https://myemailsimplified.com/?ap=
Source: FJLK1KGC.htm.5.drString found in binary or memory: https://nationalweatheragency.org/
Source: {688F6A98-77C5-11E9-AAD9-C25F135D3C65}.dat.4.drString found in binary or memory: https://nationalweatheragency.org/?uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei&uid=
Source: imagestore.dat.5.drString found in binary or memory: https://nationalweatheragency.org/favicon.ico
Source: imagestore.dat.5.drString found in binary or memory: https://nationalweatheragency.org/favicon.ico~
Source: home[1].htm1.5.drString found in binary or memory: https://nationalweatheragency.org/home/?uc=20190516&amp;ap=appfocus597&amp;source=Bing_v1-dsf_forms-
Source: ~DF70D4D26ADAB45BA5.TMP.4.drString found in binary or memory: https://nationalweatheragency.org/home/?uc=20190516&ap=appfocus597&source=Bing_v1-dsf_forms--bb8-iei
Source: home[1].htm1.5.drString found in binary or memory: https://nationalweatheragency.org/home/climate?uc=20190516&amp;ap=appfocus597&amp;source=Bing_v1-dsf
Source: home[1].htm1.5.drString found in binary or memory: https://nationalweatheragency.org/home/photos?uc=20190516&amp;ap=appfocus597&amp;source=Bing_v1-dsf_
Source: {688F6A98-77C5-11E9-AAD9-C25F135D3C65}.dat.4.drString found in binary or memory: https://nationalweernmentformsonline.com/home/click?uc=20190516&ap=appfocus597&source=Bing_v1-dsf_fo
Source: FJLK1KGC.htm.5.drString found in binary or memory: https://news.mynewswire.co
Source: home[1].htm1.5.drString found in binary or memory: https://news.mynewswire.co/?uc=20190516&amp;ap=appfocus597&amp;source=Bing_v1-dsf_forms--bb8-iei&amp
Source: forms_common[1].js.5.drString found in binary or memory: https://openweathermap.org/img/w/
Source: ~DF70D4D26ADAB45BA5.TMP.4.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/s/cookie_push.html
Source: ~DF70D4D26ADAB45BA5.TMP.4.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/s/cookie_push.html#aHR0cHM6Ly91bS5zaW1wbGkuZmkvZ3BfbWF0
Source: ~DF70D4D26ADAB45BA5.TMP.4.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/s/cookie_push.html#aHR0cHM6Ly9hZC50dXJuLmNvbS9yL2NzP3Bp
Source: ~DF70D4D26ADAB45BA5.TMP.4.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/s/cookie_push.html#aHR0cHM6Ly9jbXMucXVhbnRzZXJ2ZS5jb20v
Source: ~DF70D4D26ADAB45BA5.TMP.4.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/s/cookie_push.html#aHR0cHM6Ly9nY20uY3Ruc25ldC5jb20vaW50
Source: ~DF70D4D26ADAB45BA5.TMP.4.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/s/cookie_push.html#aHR0cHM6Ly9nb29nbGUyd2F5Y20ubmV0bW5n
Source: ~DF70D4D26ADAB45BA5.TMP.4.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/s/cookie_push.html#aHR0cHM6Ly9tYXRjaC5hZHNieS5iaWR0aGVh
Source: ~DF70D4D26ADAB45BA5.TMP.4.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/s/cookie_push.html#aHR0cHM6Ly9wLnJmaWh1Yi5jb20vY20_aW49
Source: ~DF70D4D26ADAB45BA5.TMP.4.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/s/cookie_push.html#aHR0cHM6Ly9waXhlbC5ldmVyZXN0dGVjaC5u
Source: prompt[1].js1.5.drString found in binary or memory: https://people.mozilla.org/~jorendorff/es6-draft.html#sec-generatorresume
Source: show[1].js0.5.drString found in binary or memory: https://pixel.yabidos.com/fltiu.js?qid
Source: home[1].htm1.5.drString found in binary or memory: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Source: forms_common[1].js.5.drString found in binary or memory: https://prf.hn/click/camref:1101l4nMX/destination:http:/www.bookingbuddy.com/en-US/hero/?mode=air&cu
Source: prompt[1].js1.5.drString found in binary or memory: https://pushible.com/Content/Images/3d-push-button.jpg
Source: prompt[1].js1.5.drString found in binary or memory: https://pushible.com/Content/Images/news.jpg
Source: prompt[1].js1.5.drString found in binary or memory: https://pushible.com/api/add?id=
Source: prompt[1].js1.5.drString found in binary or memory: https://pushible.com/api/add?id=$
Source: prompt[1].js1.5.drString found in binary or memory: https://pushible.com/content/images/news.jpg
Source: prompt[1].js1.5.drString found in binary or memory: https://pushible.com/content/images/newsicon.jpg
Source: home[1].htm1.5.drString found in binary or memory: https://pushible.com/js/prompt?imp=weather_microsite&amp;publisher=weather_newtab&amp;ap=appfocus597
Source: show[1].js0.5.drString found in binary or memory: https://sb.scorecardresearch.com/beacon.js?c1
Source: show[1].js0.5.drString found in binary or memory: https://secure.quantserve.com/quant.js
Source: serve.js[1].htm.5.drString found in binary or memory: https://sspcks.mynativeplatform.com/pub2/web/ssp/cksync.js?clientKey=3pAKMAvn9TUeXmaWzDetN3&sspUid=M
Source: prompt[1].js1.5.drString found in binary or memory: https://stackoverflow.com/questions/41328728/force-casting-in-flow
Source: impsc[1].js1.5.dr, impsc[1].js0.5.drString found in binary or memory: https://static-cdn.adblade.com/banners/images/298x224/4365_59441b2ce2cf8.jpg
Source: impsc[1].js.5.drString found in binary or memory: https://static-cdn.adblade.com/css/zones/zone9457.css
Source: serve.js[1].htm0.5.drString found in binary or memory: https://static.criteo.net/js/ld/publishertag.js
Source: analytics[1].js.5.drString found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: analytics[1].js.5.drString found in binary or memory: https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&
Source: forms_common[1].js.5.drString found in binary or memory: https://sugg.search.yahoo.net/sg/?
Source: ~DF70D4D26ADAB45BA5.TMP.4.drString found in binary or memory: https://tpc.googlesyndication.com/safeframe/1-0-33/html/container.html
Source: home[1].htm1.5.drString found in binary or memory: https://trends.revcontent.com/serve.js.php?w=89283&t=
Source: impsc[1].js0.5.drString found in binary or memory: https://web.adblade.com/clicks.php?appId=54035&zid=59441b31ca935&adId=409370&pos=1&impt=1557970187&z
Source: impsc[1].js1.5.drString found in binary or memory: https://web.adblade.com/clicks.php?appId=54035&zid=59441b31ca935&adId=409370&pos=1&impt=1557970217&z
Source: home[1].htm0.5.drString found in binary or memory: https://web.adblade.com/js/ads/async/show.js
Source: analytics[1].js.5.drString found in binary or memory: https://www.google-analytics.com/analytics
Source: js[1].js.5.drString found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.5.drString found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.5.drString found in binary or memory: https://www.google-analytics.com/u/d
Source: analytics[1].js.5.drString found in binary or memory: https://www.google.%/ads/ga-audiences
Source: forms_common[1].js.5.drString found in binary or memory: https://www.google.com
Source: forms_common[1].js.5.drString found in binary or memory: https://www.google.com/
Source: analytics[1].js.5.drString found in binary or memory: https://www.google.com/analytics/web/inpage/pub/inpage.js?
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: https://www.google.com/https://search.yahoo.com/search?p=
Source: s[1].htm.5.drString found in binary or memory: https://www.google.com/pagead/drt/ui
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drString found in binary or memory: https://www.google.com/search?q=
Source: home[1].htm1.5.drString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-137697940-1
Source: js[1].js.5.drString found in binary or memory: https://www.googletraveladservices.com/travel/clk/pagead/conversion/
Source: js[1].js.5.drString found in binary or memory: https://www.googletraveladservices.com/travel/flights/clk
Source: home[1].htm1.5.drString found in binary or memory: https://www.gstatic.com/firebasejs/4.6.2/firebase-app.js
Source: home[1].htm1.5.drString found in binary or memory: https://www.gstatic.com/firebasejs/4.6.2/firebase-messaging.js
Source: FJLK1KGC.htm.5.drString found in binary or memory: https://www.irs.gov/forms-instructions
Source: FJLK1KGC.htm.5.drString found in binary or memory: https://www.irs.gov/pub/irs-pdf/f1040.pdf
Source: FJLK1KGC.htm.5.drString found in binary or memory: https://www.irs.gov/pub/irs-pdf/fw4.pdf
Source: FJLK1KGC.htm.5.drString found in binary or memory: https://www.irs.gov/pub/irs-pdf/fw9.pdf
Source: impsc[1].js0.5.drString found in binary or memory: https://www.newszoom.com/celebs-entertainment/rihannas-instagram-proves-shes-one-baddest-women-alive
Source: forms_common[1].js.5.drString found in binary or memory: https://www.searchencrypt.com/?ps=3ac
Source: serve.js[1].htm.5.drString found in binary or memory: https://x.bidswitch.net/sync?ssp=revcontent
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443

Change of System Appearance:

barindex
Changes the start page of internet explorerShow sources
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Start PageJump to behavior

System Summary:

barindex
PE file contains executable resources (Code or Archives)Show sources
Source: GovernmeHTTP_1.1ntFormsOnline-19792223[1].exe.2.drStatic PE information: Resource name: FILES type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drStatic PE information: Resource name: FILES type: PE32 executable (GUI) Intel 80386, for MS Windows
PE file contains strange resourcesShow sources
Source: GovernmeHTTP_1.1ntFormsOnline-19792223[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: GovernmeHTTP_1.1ntFormsOnline-19792223[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: GovernmeHTTP_1.1ntFormsOnline-19792223[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: GovernmeHTTP_1.1ntFormsOnline-19792223[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partial.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Uninstall.exe.3.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Uninstall.exe.3.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Uninstall.exe.3.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Uninstall.exe.3.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Uninstall.exe.3.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Reads the hosts fileShow sources
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Tries to load missing DLLsShow sources
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeSection loaded: wow64log.dllJump to behavior
Classification labelShow sources
Source: classification engineClassification label: mal60.evad.win@9/252@81/62
Creates files inside the user directoryShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
Creates temporary filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF56985E04CA2F9A00.TMPJump to behavior
Reads ini filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Reads software policiesShow sources
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Sample might require command line arguments (.Net)Show sources
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: api-ms-win-stateseparation-helpers-l1-1-0
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: F-stop
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: "Opens the Favorites folder.-Adds the current page to your Favorites list.-Displays more items in your Favorites folder.)Opens this item in your Favorites folder."
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: "Show blocked pop-ups.4Remove the current site from the allowed sites list./Add the current site to the allowed sites list."
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: "%Opens a new Internet Explorer window./Adds the current page to your Favorites folder.&Previews how this document will print.*Prints the document in the selected frame."
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: "6This is the full list of %s. No filters are available. Sho&w: %s0Add-ons that have been used by Internet Explorer-Add-ons that run without requiring permission$Downloaded ActiveX Controls (32-bit)-Add-ons currently loaded in Internet Explorer"
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: "Add-on encountered a problem-Add-ons currently loaded in Internet Explorer)The attempt to update this add-on failed.[The add-on was installed successfully. Please restart your computer to complete the update.:There is no update available for this add-on at this time.$The add-on was updated successfully."
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: "// Get the auto-launch preference from registry"
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeString found in binary or memory: "// Set the auto-launch preference from registry"
Spawns processesShow sources
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3988 CREDAT:17410 /prefetch:2
Source: unknownProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exe 'C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exe'
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\IEXPLORE.EXE' -noframemerging
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3772 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3988 CREDAT:17410 /prefetch:2Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exe 'C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\IEXPLORE.EXE' -noframemerging Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3772 CREDAT:17410 /prefetch:2Jump to behavior
Found GUI installer (many successful clicks)Show sources
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Install
Found graphical window changes (likely an installer)Show sources
Source: Window RecorderWindow detected: More than 3 window changes detected
Creates a software uninstall entryShow sources
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeRegistry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}Jump to behavior
Uses new MSVCR DllsShow sources
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_171\bin\msvcr100.dllJump to behavior

Persistence and Installation Behavior:

barindex
Drops PE filesShow sources
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeFile created: C:\Users\user\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exeJump to dropped file
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\GovernmeHTTP_1.1ntFormsOnline-19792223[1].exeJump to dropped file
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exe.xrolrgi.partialJump to dropped file

Hooking and other Techniques for Hiding and Protection:

barindex
Disables application error messsages (SetErrorMode)Show sources
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion:

barindex
Allocates memory with a write watch (potentially for evading sandboxes)Show sources
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeMemory allocated: 40E0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeMemory allocated: 9B40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeMemory allocated: 9CC0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeMemory allocated: 9D00000 memory reserve | memory write watchJump to behavior
Enumerates the file systemShow sources
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeFile opened: C:\Users\user\AppData\Local\MicrosoftJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeFile opened: C:\Users\user\AppData\Local\Microsoft\WindowsJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\History\desktop.iniJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeFile opened: C:\Users\user\AppDataJump to behavior
Found dropped PE file which has not been started or loadedShow sources
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exeJump to dropped file
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)Show sources
Source: GovernmeHTTP_1.1ntFormsOnline-19792223.exeBinary or memory string: "Hyper-V RAW"
Queries a list of all running processesShow sources
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging:

barindex
Checks for debuggers (devices)Show sources
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeFile opened: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))Show sources
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeSystem information queried: KernelDebuggerInformationJump to behavior
Creates guard pages, often used to prevent reverse engineering and debuggingShow sources
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeMemory allocated: page read and write | page guardJump to behavior

Language, Device and Operating System Detection:

barindex
Queries the volume information (name, serial number etc) of a deviceShow sources
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GovernmeHTTP_1.1ntFormsOnline-19792223.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info