Windows Analysis Report eLVzfyydCC.exe

Overview

General Information

Sample Name: eLVzfyydCC.exe
Analysis ID: 551536
MD5: f5b2750348fc459bb7da5c62d9e78959
SHA1: 4d16ea637bf1c62716ad0905b07661e78d1908fd
SHA256: 1d01909e17918dfcf1f39c280bb67b0b0a36f10163f021944df87c657b56f7f5
Tags: exeGozi
Infos:

Most interesting Screenshot:

Detection

Ursnif
Score: 92
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected Ursnif
Antivirus / Scanner detection for submitted sample
Writes or reads registry keys via WMI
Machine Learning detection for sample
Writes registry values via WMI
Uses 32bit PE files
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
IP address seen in connection with other malware
Found evasive API chain checking for process token information
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Uses Microsoft's Enhanced Cryptographic Provider

Classification

AV Detection:

barindex
Found malware configuration
Source: eLVzfyydCC.exe Malware Configuration Extractor: Ursnif {"RSA Public Key": "VmXgLFsGtmpv5UFNqOMKfr0bQb92JPtdvvowHDJjkcSsK9jcUZlaQ6iXE5japhvoxPqRWk5IIJokHayTapPtkCdY5JrUtPvVruWyRldgR+UJRy2GqJO+i8zXukuoTAdIlrIhEsilDaGjhfbpVdibfm3BDbnXusiwcmim77qYOtpDP+xBzaY0x5xORvjah7KauUIP6BwsfyuU7cJTiQJuQytCX1etYoLxXBskIQZpZQuCKWsabk1OCSSGG5ZJYp0JNAkJTc2w/nTKxLw/R7FbsSOd0CoOEEW09MMqIq2i2gHlnpZPuc59tliqYm3utpZ/+G04rfEyu/NJgHipl21RpkWtrb9lsCeKXtEhKFh5p+0=", "c2_domain": ["update.kaspersky.com", "plunger.in", "update.fortinet.com", "blancs.ws", "piepes.in", "csite.ws"], "botnet": "2001", "server": "50", "serpent_key": "3FBmeOqlY71WmiXZ", "sleep_time": "1", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "0"}
Multi AV Scanner detection for submitted file
Source: eLVzfyydCC.exe ReversingLabs: Detection: 46%
Antivirus / Scanner detection for submitted sample
Source: eLVzfyydCC.exe Avira: detected
Machine Learning detection for sample
Source: eLVzfyydCC.exe Joe Sandbox ML: detected
Antivirus or Machine Learning detection for unpacked file
Source: 0.0.eLVzfyydCC.exe.400000.0.unpack Avira: Label: TR/Crypt.ZPACK.Gen
Source: 0.2.eLVzfyydCC.exe.400000.0.unpack Avira: Label: TR/Crypt.ZPACK.Gen

Cryptography:

barindex
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Code function: 0_2_00574872 CryptAcquireContextW,memcpy,CryptImportKey,CryptSetKeyParam,memcpy,CryptEncrypt,CryptDecrypt,GetLastError,GetLastError,CryptDestroyKey,GetLastError,CryptReleaseContext,GetLastError, 0_2_00574872

Compliance:

barindex
Uses 32bit PE files
Source: eLVzfyydCC.exe Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Source: unknown HTTPS traffic detected: 77.74.178.40:443 -> 192.168.2.5:49760 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.85.15.47:443 -> 192.168.2.5:49769 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.85.15.47:443 -> 192.168.2.5:49768 version: TLS 1.2
Source: unknown HTTPS traffic detected: 216.58.212.136:443 -> 192.168.2.5:49776 version: TLS 1.2
Source: unknown HTTPS traffic detected: 216.58.212.136:443 -> 192.168.2.5:49777 version: TLS 1.2
Source: unknown HTTPS traffic detected: 93.159.228.11:443 -> 192.168.2.5:49800 version: TLS 1.2
Source: unknown HTTPS traffic detected: 93.159.228.11:443 -> 192.168.2.5:49801 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.211.244.253:443 -> 192.168.2.5:49837 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.211.244.253:443 -> 192.168.2.5:49836 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.36.218.177:443 -> 192.168.2.5:49843 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.36.218.177:443 -> 192.168.2.5:49842 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.16.52.14:443 -> 192.168.2.5:49839 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.16.52.14:443 -> 192.168.2.5:49838 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.142:443 -> 192.168.2.5:49844 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.142:443 -> 192.168.2.5:49845 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.85.15.46:443 -> 192.168.2.5:49847 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.85.15.46:443 -> 192.168.2.5:49846 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.126.175:443 -> 192.168.2.5:49855 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.126.175:443 -> 192.168.2.5:49854 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.226.159.97:443 -> 192.168.2.5:49856 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.226.159.97:443 -> 192.168.2.5:49857 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.192.164.101:443 -> 192.168.2.5:49852 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.192.164.101:443 -> 192.168.2.5:49853 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.102.147.248:443 -> 192.168.2.5:49869 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.102.147.248:443 -> 192.168.2.5:49868 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.226.159.34:443 -> 192.168.2.5:49866 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.226.159.34:443 -> 192.168.2.5:49870 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.186.249.72:443 -> 192.168.2.5:49873 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.186.249.72:443 -> 192.168.2.5:49874 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.228.170.24:443 -> 192.168.2.5:49872 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.228.170.24:443 -> 192.168.2.5:49871 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.12.5:443 -> 192.168.2.5:49876 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.12.5:443 -> 192.168.2.5:49875 version: TLS 1.2
Source: unknown HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.5:49878 version: TLS 1.2
Source: unknown HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.5:49877 version: TLS 1.2
Source: unknown HTTPS traffic detected: 108.177.15.157:443 -> 192.168.2.5:49879 version: TLS 1.2
Source: unknown HTTPS traffic detected: 108.177.15.157:443 -> 192.168.2.5:49880 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.195.126.67:443 -> 192.168.2.5:49882 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.195.126.67:443 -> 192.168.2.5:49883 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.185.195:443 -> 192.168.2.5:49887 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.36:443 -> 192.168.2.5:49889 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.185.195:443 -> 192.168.2.5:49886 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.36:443 -> 192.168.2.5:49888 version: TLS 1.2
Source: unknown HTTPS traffic detected: 64.70.19.170:443 -> 192.168.2.5:49936 version: TLS 1.2
Source: unknown HTTPS traffic detected: 64.70.19.170:443 -> 192.168.2.5:49937 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.36:443 -> 192.168.2.5:49966 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.36:443 -> 192.168.2.5:49967 version: TLS 1.2
Source: unknown HTTPS traffic detected: 216.58.212.136:443 -> 192.168.2.5:49975 version: TLS 1.2
Source: unknown HTTPS traffic detected: 216.58.212.136:443 -> 192.168.2.5:49976 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.142:443 -> 192.168.2.5:49979 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.142:443 -> 192.168.2.5:49978 version: TLS 1.2

Networking:

barindex
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Source: Traffic Snort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.5:49756 -> 185.85.15.26:80
Source: Traffic Snort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.5:49934 -> 64.70.19.203:80
Source: Traffic Snort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.5:49934 -> 64.70.19.203:80
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 13.36.218.177 13.36.218.177
Source: Joe Sandbox View IP Address: 64.70.19.203 64.70.19.203
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49888 -> 443
Source: fbevents[1].js.8.dr String found in binary or memory: (function(a,b,c,d){var e={exports:{}};e.exports;(function(){var f=a.fbq;f.execStart=a.performance&&a.performance.now&&a.performance.now();if(!function(){var b=a.postMessage||function(){};if(!f){b({action:"FB_LOG",logType:"Facebook Pixel Error",logMessage:"Pixel code is not installed correctly on this page"},"*");"error"in console&&console.error("Facebook Pixel Error: Pixel code is not installed correctly on this page");return!1}return!0}())return;f.__fbeventsModules||(f.__fbeventsModules={},f.__fbeventsResolvedModules={},f.getFbeventsModules=function(a){f.__fbeventsResolvedModules[a]||(f.__fbeventsResolvedModules[a]=f.__fbeventsModules[a]());return f.__fbeventsResolvedModules[a]},f.fbIsModuleLoaded=function(a){return!!f.__fbeventsModules[a]},f.ensureModuleRegistered=function(b,a){f.fbIsModuleLoaded(b)||(f.__fbeventsModules[b]=a)});f.ensureModuleRegistered("signalsFBEventsGetIwlUrl",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=f.getFbeventsModules("signalsFBEventsGetTier");e.exports=function(b,c){c=a(c);c=c==null?"www.facebook.com":"www."+c+".facebook.com";return"https://"+c+"/signals/iwl.js?pixel_id="+b}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("signalsFBEventsGetTier",function(){return function(f,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=/^https:\/\/www\.([A-Za-z0-9\.]+)\.facebook\.com\/tr\/?$/,b=["https://www.facebook.com/tr","https://www.facebook.com/tr/"];e.exports=function(c){if(b.indexOf(c)!==-1)return null;var d=a.exec(c);if(d==null)throw new Error("Malformed tier: "+c);return d[1]}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsFBEvents.plugins.iwlbootstrapper",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var c=f.getFbeventsModules("SignalsFBEventsIWLBootStrapEvent"),d=f.getFbeventsModules("SignalsFBEventsLogging"),g=f.getFbeventsModules("SignalsFBEventsNetworkConfig"),h=f.getFbeventsModules("SignalsFBEventsPlugin"),i=f.getFbeventsModules("signalsFBEventsGetIwlUrl"),j=f.getFbeventsModules("signalsFBEventsGetTier"),k=d.logUserError,l=/^https:\/\/.*\.facebook\.com$/i,m="FACEBOOK_IWL_CONFIG_STORAGE_KEY",n=a.sessionStorage?a.sessionStorage:{getItem:function(a){return null},removeItem:function(a){},setItem:function(a,b){}};e.exports=new h(function(d,e){function h(c,d){var e=b.createElement("script");e.async=!0;e.onload=function(){if(!a.FacebookIWL||!a.FacebookIWL.init)return;var b=j(g.ENDPOINT);b!=null&&a.FacebookIWL.set&&a.FacebookIWL.set("tier",b);d()};a.FacebookIWLSessionEnd=function(){n.removeItem(m),a.close()};e.src=i(c,g.ENDPOINT);b.body&&b.body.appendChild(e)}var o=!1,p=function(a){return!!(e&&e.pixelsByID&&Object.prototype.hasOwnProperty.call(e.pixelsByID,a))};function q(){if(o)return;var b=n.getItem(m);if(!b)return;b=JSON.parse(b);var c=b.pixelID,d=b.graphToken,e=b.sessionStartTime;o=!0;h(c,function(){var b=p(c)?c:null;a.FacebookIWL.init(b,d,e)})}function r(b){if(o)return;h(b,func
Source: msapplication.xml0.7.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xe4d2460c,0x01d807dd</date><accdate>0xe4f14465,0x01d807dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.7.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xe63f119a,0x01d807dd</date><accdate>0xe694e212,0x01d807dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.7.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xe6fdca6f,0x01d807dd</date><accdate>0xe71cc945,0x01d807dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: gtm[1].js0.8.dr, js[3].js.8.dr String found in binary or memory: E=W("YT"),D=function(){e(C)};I(q.vtp_gtmOnSuccess);if(E)E.ready&&E.ready(D);else{var F=W("onYouTubeIframeAPIReady");xt("onYouTubeIframeAPIReady",function(){F&&F();D()});I(function(){for(var S=W("document"),M=S.getElementsByTagName("script"),J=M.length,K=0;K<J;K++){var Q=M[K].getAttribute("src");if(b(Q,"iframe_api")||b(Q,"player_api"))return}for(var N=S.getElementsByTagName("iframe"),V=N.length,aa=0;aa<V;aa++)if(!t&&c(N[aa],C.rb)){U("https://www.youtube.com/iframe_api");t=!0;break}})}}else I(q.vtp_gtmOnSuccess)} equals www.youtube.com (Youtube)
Source: gtm[1].js.8.dr, gtm[1].js0.8.dr, js[3].js.8.dr String found in binary or memory: function qv(a,b){}function rv(a,b,c){};var sv=["www.youtube.com","www.youtube-nocookie.com"],tv,uv=!1,vv=0; equals www.youtube.com (Youtube)
Source: gtm[1].js.8.dr, gtm[1].js0.8.dr, js[3].js.8.dr String found in binary or memory: var Iw=function(a,b){return b};var Yb=ca(["data-gtm-yt-inspected-"]),Jw=["www.youtube.com","www.youtube-nocookie.com"],Kw,Lw=!1; equals www.youtube.com (Youtube)
Source: gtm[1].js0.8.dr, js[3].js.8.dr String found in binary or memory: var p=["www.youtube.com","www.youtube-nocookie.com"],r={UNSTARTED:-1,ENDED:0,PLAYING:1,PAUSED:2,BUFFERING:3,CUED:5},u,t=!1;(function(q){Z.__ytl=q;Z.__ytl.m="ytl";Z.__ytl.isVendorTemplate=!0;Z.__ytl.priorityOverride=0})(function(q){q.vtp_triggerStartOption?n(q):lm(function(){n(q)})})}(); equals www.youtube.com (Youtube)
Source: wc_landing[1].htm.27.dr String found in binary or memory: http://blancs.ws
Source: ~DF5FB64BEAADE76AFF.TMP.26.dr, {39E1AB7A-73D1-11EC-90E5-ECF4BB570DC9}.dat.26.dr String found in binary or memory: http://blancs.ws/drew/SVohbxNR_2FyCYmenSW7CXy/mnUNl0_2BA/r7aNUwhQrLgjTBURN/to2yS6Hh74Jd/I8HRX9nlHVK/
Source: imagestore.dat.8.dr String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
Source: {293D228C-73D1-11EC-90E5-ECF4BB570DC9}.dat.23.dr, ~DF18CD11B8A0C5DC0C.TMP.23.dr String found in binary or memory: http://update.fortinet.com/drew/Bd1T9k4DekRs4gmX6OdkU/C5XR7mudVSICYH_2/B89CqXj2t_2F1GO/T5QYfvi5_2Fi7
Source: msapplication.xml.7.dr String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.7.dr String found in binary or memory: http://www.google.com/
Source: wc_landing[1].htm.27.dr String found in binary or memory: http://www.icann.org/en/registrars/registrant-rights-responsibilities-en.htm
Source: wc_landing[1].htm.27.dr String found in binary or memory: http://www.icann.org/en/udrp/udrp.htm
Source: msapplication.xml2.7.dr String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.7.dr String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.7.dr String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.7.dr String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.7.dr String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.7.dr String found in binary or memory: http://www.youtube.com/
Source: js[2].js.8.dr, gtm[1].js0.8.dr String found in binary or memory: https://ade.googlesyndication.com/ddm/activity
Source: js[2].js.8.dr, gtm[1].js0.8.dr String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://africa.kaspersky.com/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://afrique.kaspersky.com/
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://algerie.kaspersky.com/
Source: analytics[2].js.8.dr String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: js[3].js.8.dr String found in binary or memory: https://analytics.google.com/g/collect
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://app.appsflyer.com/com.kms.free
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://app.appsflyer.com/com.kms.free?pid=klsite
Source: js[2].js.8.dr, gtm[1].js.8.dr, gtm[1].js0.8.dr, js[3].js.8.dr String found in binary or memory: https://cct.google/taggy/agent.js
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://companyaccount.kaspersky.com/account/login
Source: gtm[1].js.8.dr String found in binary or memory: https://consent.cookiebot.com/uc.js?cbid=
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://content.kaspersky-labs.com/se/ca/content/en-ca/images/baseline/homepage/merch-cards/kts-card
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://content.kaspersky-labs.com/se/com/content/en-global/images/baseline/masthead-home/business-a
Source: gtm[1].js.8.dr, gtm[1].js0.8.dr String found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://help.kaspersky.com/Legal/Security-Cloud/en-US/KSCRegions.htm
Source: s_code_single_suite[1].js.8.dr String found in binary or memory: https://kaspersky-mkt-prod1-m.adobe-campaign.com
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://latam.kaspersky.com/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://me-en.kaspersky.com/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://me.kaspersky.com/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://my.kaspersky.com/
Source: js[2].js.8.dr, gtm[1].js0.8.dr String found in binary or memory: https://pagead2.googlesyndication.com
Source: gtm[1].js0.8.dr String found in binary or memory: https://pagead2.googlesyndication.com/
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://partnersearch.kaspersky.com/?b2b
Source: insight.min[1].js.8.dr String found in binary or memory: https://px.ads.linkedin.com/collect?
Source: insight.min[1].js.8.dr String found in binary or memory: https://px.ads.linkedin.com/insight_tag_errors.gif?
Source: gtm[1].js0.8.dr String found in binary or memory: https://s.kk-resources.com/ks.js
Source: gtm[1].js0.8.dr String found in binary or memory: https://s.kk-resources.com/kst.js
Source: gtm[1].js0.8.dr String found in binary or memory: https://s.kk-resources.com/leadtag.js
Source: gtm[1].js0.8.dr String found in binary or memory: https://smct.co/tm/?t=
Source: gtm[1].js0.8.dr String found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.min.js
Source: js[3].js.8.dr String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: js[3].js.8.dr String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: analytics[2].js.8.dr String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://store.kaspersky.com/store/kasperuk/en_GB/DisplayCustomerServiceOrderSearchPage
Source: analytics[2].js.8.dr String found in binary or memory: https://tagassistant.google.com/
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://usa.kaspersky.com/?ignoreredirects=true
Source: gtm[1].js.8.dr String found in binary or memory: https://www.awin1.com/sread.img?tt=ns&tv=2&
Source: gtm[1].js.8.dr String found in binary or memory: https://www.dwin1.com/
Source: gtm[1].js.8.dr String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[2].js.8.dr String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: js[3].js.8.dr String found in binary or memory: https://www.google-analytics.com/g/collect
Source: analytics[2].js.8.dr String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[2].js.8.dr String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: js[2].js.8.dr, gtm[1].js0.8.dr String found in binary or memory: https://www.google.com
Source: analytics[2].js.8.dr String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: imagestore.dat.8.dr String found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
Source: gtm[1].js0.8.dr String found in binary or memory: https://www.google.com/pagead/conversion_async.js
Source: js[2].js.8.dr, gtm[1].js.8.dr, gtm[1].js0.8.dr, js[3].js.8.dr String found in binary or memory: https://www.googletagmanager.com/a?id=
Source: analytics[2].js.8.dr String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: wc_landing[1].htm.27.dr String found in binary or memory: https://www.icann.org/resources/pages/transfer-policy-2015-09-24-en
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.be/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.bg/
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.ca/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.co.in/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.co.jp/
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.co.kr/
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.co.th/
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.co.uk/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.co.za/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com.au/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com.br/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com.cn/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com.hk/
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com.tr/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com.tw/
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com.vn/
Source: ~DF2B88529D39626A07.TMP.7.dr, {FBB47D09-73D0-11EC-90E5-ECF4BB570DC9}.dat.7.dr String found in binary or memory: https://www.kaspersky.com/?domain=update.kaspersky.com
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com/about/press-releases/2021_kaspersky-recognized-as-a-2021-gartner-peer-insi
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com/content/en-global/images/baseline/masthead-home/MRG_Effitas.png
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com/content/en-global/images/baseline/masthead-home/av-2020.png
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com/content/en-global/images/baseline/masthead-home/business-award-1.png
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com/content/en-global/images/baseline/masthead-home/business-award-2.png
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com/content/en-global/images/baseline/masthead-home/business-award-3.png
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com/content/en-global/images/baseline/masthead-home/home-award-3.png
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com/content/en-global/images/baseline/masthead-home/home-award-4.png
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com/content/en-global/images/baseline/masthead-home/home-award-5.png
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com/content/en-global/images/baseline/masthead-home/home-mobile.png
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com/content/en-global/images/baseline/masthead-home/home-tablet.png
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com/content/en-global/images/baseline/masthead-home/home.png
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.com/content/en-global/images/baseline/merch-cards/kis-card.png
Source: imagestore.dat.8.dr String found in binary or memory: https://www.kaspersky.com/favicon.ico~
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.cz/
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.de/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.dk/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.es/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.fi/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.fr/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.gr/
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.hu/
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.it/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.ma/
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.nl/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.no/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.pl/
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.pt/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.ro/
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.rs/
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.ru?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.se/?ignoreredirects=true
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.tn/
Source: HET0OTHY.htm.8.dr String found in binary or memory: https://www.kaspersky.ua/
Source: 6i[1].htm.27.dr String found in binary or memory: https://www.website.ws/wc_landing.dhtml?domain=blancs.ws
Source: gtm[1].js0.8.dr, js[3].js.8.dr String found in binary or memory: https://www.youtube.com/iframe_api
Source: unknown HTTP traffic detected: POST /j/collect?v=1&_v=j96&a=2133978934&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.kaspersky.com%2F%3Fdomain%3Dupdate.kaspersky.com&dp=%2F%3Fdomain%3Dupdate.kaspersky.com&ul=en-us&de=utf-8&dt=Kaspersky%20Cyber%20Security%20Solutions%20for%20Home%20%26%20Business%20%7C%20Kaspersky&sd=24-bit&sr=1280x1024&vp=767x554&je=1&fl=29.0%20r0&ec=Timer&ea=15sec&_u=YEBAAEQAAAAAAC~&jid=27385254&gjid=1869784295&cid=388491555.1642010231&uid=19200230165318792082030216481562829755&tid=UA-63997723-2&_gid=1932271643.1642010231&_r=1&gtm=2wg1a0WZ7LJ3&z=673975022 HTTP/1.1Accept: */*Content-Type: text/plainReferer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USOrigin: https://www.kaspersky.comAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.google-analytics.comContent-Length: 0Connection: Keep-AliveCache-Control: no-cache
Source: unknown DNS traffic detected: queries for: update.kaspersky.com
Source: global traffic HTTP traffic detected: GET /?domain=update.kaspersky.com HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.kaspersky.com
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/css/d065abc22e2b68eda666.css HTTP/1.1Accept: text/css, */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/css/9b428f5ec98113084430.css HTTP/1.1Accept: text/css, */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/css/a9ed3a1594363c6938f8.css HTTP/1.1Accept: text/css, */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/css/c5c20187bc88132abb4a.css HTTP/1.1Accept: text/css, */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/css/d4badb8db511cd24e95e.css HTTP/1.1Accept: text/css, */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /se/com/content/en-global/images/baseline/masthead-home/business-award-4/business-award-4.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: content.kaspersky-labs.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /se/ca/content/en-ca/images/baseline/homepage/merch-cards/kts-card/kts-card.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: content.kaspersky-labs.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/css/bfdf68743177ecbb5a22.css HTTP/1.1Accept: text/css, */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/css/2b763e44c355fc014556.css HTTP/1.1Accept: text/css, */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/css/2de41e69d7c1a5e11097.css HTTP/1.1Accept: text/css, */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/css/730c637540e857733f76.css HTTP/1.1Accept: text/css, */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /gtm.js?id=GTM-WZ7LJ3 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.googletagmanager.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/css/c5412e1b22c148871c80.css HTTP/1.1Accept: text/css, */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/css/dc64fc9dfc4c6e33bad5.css HTTP/1.1Accept: text/css, */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/css/fe5b2601695152ff1fad.css HTTP/1.1Accept: text/css, */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /content/en-global/images/baseline/masthead-home/home-mobile.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /content/en-global/images/baseline/masthead-home/home.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /content/en-global/images/baseline/masthead-home/av-2020.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /content/en-global/images/baseline/masthead-home/MRG_Effitas.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /content/en-global/images/baseline/masthead-home/home-award-4.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /content/en-global/images/baseline/masthead-home/home-award-5.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /content/en-global/images/baseline/masthead-home/business-award-3.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /content/en-global/images/baseline/masthead-home/home-award-3.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /content/en-global/images/baseline/merch-cards/kis-card.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /content/en-global/images/baseline/masthead-home/business-award-2.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /content/en-global/images/baseline/masthead-home/business-award-1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /content/en-global/images/baseline/body-image/kaspersky-ransomware-test-dark.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /content/en-global/images/baseline/merch-cards/optimum-security-card.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /content/en-global/images/baseline/merch-cards/ksos-card.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/images/assets/map.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=7090d509a01883900b145f8168e6ad09; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/runtime/polyfills-4cd59183e7ac72a5e1c7.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=ee9b9608074f39da6e54644c3b42316e; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/eI2qEMPWp5Vb-YNsYp7i9/pages/_app.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=ee9b9608074f39da6e54644c3b42316e; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/chunks/61.bc1dd900b92bc9d80767.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=ee9b9608074f39da6e54644c3b42316e; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/eI2qEMPWp5Vb-YNsYp7i9/pages/index.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=ee9b9608074f39da6e54644c3b42316e; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/chunks/161.7bb93c182f3aee250b4e.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=ee9b9608074f39da6e54644c3b42316e; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/chunks/112.72680c3d02b12dbcfc70.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=ee9b9608074f39da6e54644c3b42316e; country=CH
Source: global traffic HTTP traffic detected: GET /tracking/omniture/s_code_single_suite.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: media.kaspersky.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/chunks/74.aff6e43f31266e4ba1e4.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=ee9b9608074f39da6e54644c3b42316e; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/chunks/80.2da60d8f88d5016b2bb7.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=ee9b9608074f39da6e54644c3b42316e; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/chunks/470.11485af6ac94049be322.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=ee9b9608074f39da6e54644c3b42316e; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/chunks/107.adad7052b448169ab6ff.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=ee9b9608074f39da6e54644c3b42316e; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/chunks/c78d26b1.ce9e1553326496a1c9e2.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=ee9b9608074f39da6e54644c3b42316e; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/chunks/322.f151cd6a7db61edfbb02.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=ee9b9608074f39da6e54644c3b42316e; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/chunks/137.b867e461b87783f36945.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=ee9b9608074f39da6e54644c3b42316e; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/chunks/109.3cf8601568ee32d2037f.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=ee9b9608074f39da6e54644c3b42316e; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/runtime/webpack-9d64c724fee92863bf94.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=ee9b9608074f39da6e54644c3b42316e; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/chunks/framework.09fd0d83a8f910ba0251.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=ee9b9608074f39da6e54644c3b42316e; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/runtime/main-52c9dd25e850a6bbe3d1.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=ee9b9608074f39da6e54644c3b42316e; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/chunks/commons.e62962d42a6055f15f9a.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=ee9b9608074f39da6e54644c3b42316e; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/chunks/316695c6.209da53eb2f66e625fe4.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=ee9b9608074f39da6e54644c3b42316e; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/eI2qEMPWp5Vb-YNsYp7i9/_buildManifest.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=ee9b9608074f39da6e54644c3b42316e; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/eI2qEMPWp5Vb-YNsYp7i9/_ssgManifest.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=ee9b9608074f39da6e54644c3b42316e; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/fonts/museo-sans/museosans-700-webfont.woff HTTP/1.1Accept: */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: https://www.kaspersky.comAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=69b1738baee448d94513bdc1a648928d; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/fonts/KasperskySans/KasperskySans-Light.woff HTTP/1.1Accept: */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: https://www.kaspersky.comAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=69b1738baee448d94513bdc1a648928d; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/fonts/museo-sans/museosans-900-webfont.woff HTTP/1.1Accept: */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: https://www.kaspersky.comAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=69b1738baee448d94513bdc1a648928d; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/fonts/KasperskySans/KasperskySans-Regular.woff HTTP/1.1Accept: */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: https://www.kaspersky.comAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=69b1738baee448d94513bdc1a648928d; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/fonts/KasperskySans/KasperskySans-Bold.woff HTTP/1.1Accept: */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: https://www.kaspersky.comAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=69b1738baee448d94513bdc1a648928d; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/fonts/museo-sans/museosans-500-webfont.woff HTTP/1.1Accept: */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: https://www.kaspersky.comAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=69b1738baee448d94513bdc1a648928d; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/fonts/museo-sans/museosans-500italic-webfont.woff HTTP/1.1Accept: */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: https://www.kaspersky.comAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=69b1738baee448d94513bdc1a648928d; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/fonts/museo-sans/museosans-300-webfont.woff HTTP/1.1Accept: */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: https://www.kaspersky.comAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=69b1738baee448d94513bdc1a648928d; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/fonts/museo-sans/museosans-300italic-webfont.woff HTTP/1.1Accept: */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: https://www.kaspersky.comAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=69b1738baee448d94513bdc1a648928d; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/fonts/museo-sans/museosans-100italic-webfont.woff HTTP/1.1Accept: */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: https://www.kaspersky.comAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=69b1738baee448d94513bdc1a648928d; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/fonts/museo-sans/museosans-100-webfont.woff HTTP/1.1Accept: */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: https://www.kaspersky.comAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=69b1738baee448d94513bdc1a648928d; country=CH
Source: global traffic HTTP traffic detected: GET /gtm.js?id=GTM-T45JW6B&l=dataLayer HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.googletagmanager.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/media/white.e75902539fce0c72d67a5f0cc24440dc.svg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=69b1738baee448d94513bdc1a648928d; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/media/kaspersky-logo.e79ac6c57fcaf0a58fbb62a8a5d56786.svg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=69b1738baee448d94513bdc1a648928d; country=CH
Source: global traffic HTTP traffic detected: GET /content/en-global/images/modernization/about-kaspersky/eugene_bg.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=69b1738baee448d94513bdc1a648928d; country=CH
Source: global traffic HTTP traffic detected: GET /content/en-global/images/baseline/media-cards/ent-1.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=69b1738baee448d94513bdc1a648928d; country=CH
Source: global traffic HTTP traffic detected: GET /content/en-global/images/baseline/media-cards/daily-dark.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=69b1738baee448d94513bdc1a648928d; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/media/quote-top.3c6c597940fefe5371e9522767e0ebae.svg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=69b1738baee448d94513bdc1a648928d; country=CH
Source: global traffic HTTP traffic detected: GET /content/en-global/images/baseline/media-cards/ent-2.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=69b1738baee448d94513bdc1a648928d; country=CH
Source: global traffic HTTP traffic detected: GET /siterenderer/_next/static/media/quote-bottom.e2312833966dba730cd5a06f774284f2.svg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=69b1738baee448d94513bdc1a648928d; country=CH
Source: global traffic HTTP traffic detected: GET /id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=983502BE532960BE0A490D4C%40AdobeOrg&d_nsid=0&ts=1642010216469 HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedReferer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USOrigin: https://www.kaspersky.comAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: dpm.demdex.netConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&mid=19200230165318792082030216481562829755&ts=1642010216707 HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedReferer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USOrigin: https://www.kaspersky.comAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: kaspersky.d3.sc.omtrdc.netConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /dest5.html?d_nsid=0 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: kaspersky.demdex.netConnection: Keep-AliveCookie: demdex=15131208808630383221330288726543666657
Source: global traffic HTTP traffic detected: GET /ibs:dpid=411&dpuuid=Yd6X2QAAAId72gPy HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: dpm.demdex.netCookie: demdex=15131208808630383221330288726543666657
Source: global traffic HTTP traffic detected: GET /analytics.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.google-analytics.comIf-Modified-Since: Wed, 09 Sep 2020 01:50:37 GMTConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /offer/global/en/usd/purchase?store_args=%3F%3Fom-site-id%3Den-global&product=Kaspersky%20Total%20Security HTTP/1.1Accept: application/json, text/plain, */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USOrigin: https://www.kaspersky.comAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: api-router.kaspersky-labs.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /offer/global/en/usd/purchase?store_args=%3F%3Fom-site-id%3Den-global&product=Kaspersky%20Internet%20Security HTTP/1.1Accept: application/json, text/plain, */*Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USOrigin: https://www.kaspersky.comAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: api-router.kaspersky-labs.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.kaspersky.comConnection: Keep-AliveCookie: webserver_id=69b1738baee448d94513bdc1a648928d; country=CH; AMCV_983502BE532960BE0A490D4C%40AdobeOrg=1585540135%7CMCIDTS%7C19005%7CMCMID%7C19200230165318792082030216481562829755%7CMCAAMLH-1642615016%7C6%7CMCAAMB-1642615016%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1642017416s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19012%7CvVersion%7C4.4.0; _cs_mk=0.20715377491142883_1642010216469; AMCVS_983502BE532960BE0A490D4C%40AdobeOrg=1; _ga=GA1.2.388491555.1642010231; _gid=GA1.2.1932271643.1642010231; _gat_UA-63997723-2=1
Source: global traffic HTTP traffic detected: GET /web-vitals HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: unpkg.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /uxa/2c47087421d0b.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: t.contentsquare.netConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /activity_pixel?pt=i&et=a&ago=212&ao=537&px=235&ord=1032722821&u1=Global|ALL|Traffic&r=2090721056 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: t.myvisualiq.netConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /activity_pixel?pt=i&et=a&ago=212&ao=537&px=235&ord=1323383063&u1=Global|ALL|Traffic&r=1921246306 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: t.myvisualiq.netConnection: Keep-AliveCookie: tuuid=d252e8e2-e083-431c-b578-d4556e589041; c=1641977831; tuuid_lu=1641977831
Source: global traffic HTTP traffic detected: GET /gtag/js?id=DC-9582686 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.googletagmanager.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /ul_cb/activity_pixel?pt=i&et=a&ago=212&ao=537&px=235&ord=1032722821&u1=Global|ALL|Traffic&r=2090721056 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: t.myvisualiq.netConnection: Keep-AliveCookie: tuuid=d252e8e2-e083-431c-b578-d4556e589041; c=1641977831; tuuid_lu=1641977831
Source: global traffic HTTP traffic detected: GET /122870.ct.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: tag.rmp.rakuten.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /2/7hrBnrmZAM5n6cl1WjyOsg%3D%3D/vt-132.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: vt.myvisualiq.netConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /gtag/js?id=G-NSVBRC7S52&l=dataLayer&cx=c HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.googletagmanager.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /A2336411-46c8-4f83-96b6-294966496d651.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: d.impactradius-event.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /i.cid?c=705083&ev=0&page=Global HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: s.tribalfusion.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /js/v2/ktag.js?tid=KT-N3AA7-3EE HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: resources.xg4ken.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /en_US/fbevents.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: connect.facebook.netConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /web-vitals@2.1.3 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: unpkg.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /z/i.cid?c=705083&ev=0&page=Global HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: s.tribalfusion.comConnection: Keep-AliveCookie: ANON_ID=agnoeUSkTsvAutoska4ZcomUTpK3USHBqCLb5cAZcP; ANON_ID_old=agnoeUSkTsvAutoska4ZcomUTpK3USHBqCLb5cAZcP
Source: global traffic HTTP traffic detected: GET /b/ss/kaspersky-single-suite/1/JS-2.22.3/s78572170044420?AQB=1&ndh=1&pf=1&t=12%2F0%2F2022%209%3A57%3A11%203%20480&mid=19200230165318792082030216481562829755&aamlh=6&ce=UTF-8&ns=kaspersky&cdp=2&pageName=Home&g=https%3A%2F%2Fwww.kaspersky.com%2F%3Fdomain%3Dupdate.kaspersky.com&cc=USD&ch=Home&server=www.kaspersky.com&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=other&c3=b2c&v3=Home&v9=https%3A%2F%2Fwww.kaspersky.com%2F%3Fdomain%3Dupdate.kaspersky.com&c20=dataLayer&c29=v1%3As_code_single_suite.js%3AtrackPageView%20%3E%20sng.t%3Ap&c30=v1%3A20211215%3A284%3ANextGen%3Acorp-static&c31=https%3A%2F%2Fwww.kaspersky.com%2F&v44=D%3Dv3&c47=Default&v47=D%3Dc47&c51=Websites&c57=en-global&v57=D%3Dc57&c58=Kaspersky%20Cyber%20Security%20Solutions%20for%20Home%20%26%20Business%20%7C%20Kaspersky&v71=v1%3APage%20View%3A%5BNULL%5D&v113=19200230165318792082030216481562829755&v116=388491555.1642010231&v125=0.20715377491142883_1642010216469&s=1280x1024&c=24&j=1.6&v=Y&k=Y&bw=784&bh=554&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&AQE=1 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: kaspersky.d3.sc.omtrdc.netConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /1649d5fbb67c.js?lv=1 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: w.usabilla.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-28&cid=388491555.1642010231&jid=1545619336&_u=aEDAAEQAAAAAAC~&z=1372287311 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.google.chConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-28&cid=388491555.1642010231&jid=1545619336&_u=aEDAAEQAAAAAAC~&z=1372287311 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.google.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=388491555.1642010231&jid=27385254&_u=YEBAAEAAAAAAAC~&z=170978936 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.google.chConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=388491555.1642010231&jid=27385254&_u=YEBAAEAAAAAAAC~&z=170978936 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.kaspersky.com/?domain=update.kaspersky.comAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.google.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /wc_landing.dhtml?domain=blancs.ws HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: http://blancs.ws/drew/SVohbxNR_2FyCYmenSW7CXy/mnUNl0_2BA/r7aNUwhQrLgjTBURN/to2yS6Hh74Jd/I8HRX9nlHVK/1I3_2FTAEorUfN/2_2Btipq1mS7lUHwCdoLs/EHwOsR5grgIT2PPK/CfgRC9R9nNlpQaP/wUIv0h52AJmuF3T3rh/bPW_2B2zR/fb565QWmywq7dYxHq4Ka/0mgJrXa2l5YZGrSaqGP/WmWZfdysmt7d_2FsLTUyFP/WCf9txUMV/UabCzbS4C/6i.jlkAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newnav/css/layout.css HTTP/1.1Accept: text/css, */*Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newnav/js/cufon-yui.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /js/jquery-migrate-3.0.0.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /wc_landing.dhtml?domain=blancs.ws HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: http://blancs.ws/drew/SVohbxNR_2FyCYmenSW7CXy/mnUNl0_2BA/r7aNUwhQrLgjTBURN/to2yS6Hh74Jd/I8HRX9nlHVK/1I3_2FTAEorUfN/2_2Btipq1mS7lUHwCdoLs/EHwOsR5grgIT2PPK/CfgRC9R9nNlpQaP/wUIv0h52AJmuF3T3rh/bPW_2B2zR/fb565QWmywq7dYxHq4Ka/0mgJrXa2l5YZGrSaqGP/WmWZfdysmt7d_2FsLTUyFP/WCf9txUMV/UabCzbS4C/6i.jlkAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newnav/js/Rockwell_400.font.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newnav/js/iepngfix_tilebg.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newnav/js/thickbox.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /css/emoji.css HTTP/1.1Accept: text/css, */*Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newnav/js/roboto.cufonfonts.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /js/emoji.min.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /idn-orderflow/css/jquery.emojipicker.css HTTP/1.1Accept: text/css, */*Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /idn-orderflow/css/jquery.emojipicker.a.css HTTP/1.1Accept: text/css, */*Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /js/emoji.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newnav/js/jquery.md5.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /js/jquery-3.5.0.min.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/menu.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /js/js-loader.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /js/jquery-migrate-3.0.0.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /js/jquery.emojipicker.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /js/jquery.emojis.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /js/cookie-alert.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /js/js-loader.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newnav/js/cufon-yui.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newnav/images/main-logo.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /recaptcha/api.js?render=6LfNKaUUAAAAAIZF-V7eiNWFduuDR-obhXbXPNQs&onload=reCaptchaReady HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.google.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/body-bg.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/btn-q-search.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/inline-win-bg.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/form-q-bg.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/content-bg.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LfNKaUUAAAAAIZF-V7eiNWFduuDR-obhXbXPNQs&co=aHR0cHM6Ly93d3cud2Vic2l0ZS53czo0NDM.&hl=en&v=-FJgYf1d3dZ_QPcZP7bd85hc&size=invisible&cb=51o8m9r5jdv4 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.google.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /gtag/js?id=UA-2716805-14 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.googletagmanager.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/form-field-l.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/btn-login.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /analytics.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.google-analytics.comIf-Modified-Since: Tue, 02 Nov 2021 17:39:06 GMTConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/header-bg.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/metal-bg.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=-FJgYf1d3dZ_QPcZP7bd85hc HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfNKaUUAAAAAIZF-V7eiNWFduuDR-obhXbXPNQs&co=aHR0cHM6Ly93d3cud2Vic2l0ZS53czo0NDM.&hl=en&v=-FJgYf1d3dZ_QPcZP7bd85hc&size=invisible&cb=51o8m9r5jdv4Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.google.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/nav-login.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/nav-whois.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/nav-bg.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/h-motto.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/content-t.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/h-register-own.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/h-bg.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/content-inn-xl-t.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/btn-sec-bg.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/form-field-s.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/btn-create-acc-sm.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/content-inn-xl-b.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/content-b-emp.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newdesign/newnav/images/bottom-logo.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /newnav/images/blank.gif HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.website.ws/wc_landing.dhtml?domain=blancs.wsAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.website.wsConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /drew/o9iMLWhjHGfOt4AoE/t6dDHJMG7ILf/DCkgbHUs6ND/_2BGwpwoBlWqlj/DWNK2gNN8z_2Fltbv76Ol/eB4v0gZkmkN6zQ4a/UZ76k_2BeahqjaH/CqnAlybk9yCrhplmbW/yaUPO_2B5/eqJH04N9LgOif1riIWER/H4mpVsn068Q6UJT3NIN/U8WLggyYpDJrv3cmt3FjGm/1oaTzucWg42g_/2FcFJ9DJ/ZMjVLBQcHRmhXHvGYU6QQeo/NVqh7zW.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: update.kaspersky.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /?domain=update.kaspersky.com HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.kaspersky.com
Source: global traffic HTTP traffic detected: GET /drew/SVohbxNR_2FyCYmenSW7CXy/mnUNl0_2BA/r7aNUwhQrLgjTBURN/to2yS6Hh74Jd/I8HRX9nlHVK/1I3_2FTAEorUfN/2_2Btipq1mS7lUHwCdoLs/EHwOsR5grgIT2PPK/CfgRC9R9nNlpQaP/wUIv0h52AJmuF3T3rh/bPW_2B2zR/fb565QWmywq7dYxHq4Ka/0mgJrXa2l5YZGrSaqGP/WmWZfdysmt7d_2FsLTUyFP/WCf9txUMV/UabCzbS4C/6i.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: blancs.wsConnection: Keep-Alive
Source: unknown HTTPS traffic detected: 77.74.178.40:443 -> 192.168.2.5:49760 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.85.15.47:443 -> 192.168.2.5:49769 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.85.15.47:443 -> 192.168.2.5:49768 version: TLS 1.2
Source: unknown HTTPS traffic detected: 216.58.212.136:443 -> 192.168.2.5:49776 version: TLS 1.2
Source: unknown HTTPS traffic detected: 216.58.212.136:443 -> 192.168.2.5:49777 version: TLS 1.2
Source: unknown HTTPS traffic detected: 93.159.228.11:443 -> 192.168.2.5:49800 version: TLS 1.2
Source: unknown HTTPS traffic detected: 93.159.228.11:443 -> 192.168.2.5:49801 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.211.244.253:443 -> 192.168.2.5:49837 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.211.244.253:443 -> 192.168.2.5:49836 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.36.218.177:443 -> 192.168.2.5:49843 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.36.218.177:443 -> 192.168.2.5:49842 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.16.52.14:443 -> 192.168.2.5:49839 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.16.52.14:443 -> 192.168.2.5:49838 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.142:443 -> 192.168.2.5:49844 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.142:443 -> 192.168.2.5:49845 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.85.15.46:443 -> 192.168.2.5:49847 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.85.15.46:443 -> 192.168.2.5:49846 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.126.175:443 -> 192.168.2.5:49855 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.126.175:443 -> 192.168.2.5:49854 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.226.159.97:443 -> 192.168.2.5:49856 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.226.159.97:443 -> 192.168.2.5:49857 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.192.164.101:443 -> 192.168.2.5:49852 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.192.164.101:443 -> 192.168.2.5:49853 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.102.147.248:443 -> 192.168.2.5:49869 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.102.147.248:443 -> 192.168.2.5:49868 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.226.159.34:443 -> 192.168.2.5:49866 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.226.159.34:443 -> 192.168.2.5:49870 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.186.249.72:443 -> 192.168.2.5:49873 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.186.249.72:443 -> 192.168.2.5:49874 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.228.170.24:443 -> 192.168.2.5:49872 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.228.170.24:443 -> 192.168.2.5:49871 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.12.5:443 -> 192.168.2.5:49876 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.12.5:443 -> 192.168.2.5:49875 version: TLS 1.2
Source: unknown HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.5:49878 version: TLS 1.2
Source: unknown HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.5:49877 version: TLS 1.2
Source: unknown HTTPS traffic detected: 108.177.15.157:443 -> 192.168.2.5:49879 version: TLS 1.2
Source: unknown HTTPS traffic detected: 108.177.15.157:443 -> 192.168.2.5:49880 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.195.126.67:443 -> 192.168.2.5:49882 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.195.126.67:443 -> 192.168.2.5:49883 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.185.195:443 -> 192.168.2.5:49887 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.36:443 -> 192.168.2.5:49889 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.185.195:443 -> 192.168.2.5:49886 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.36:443 -> 192.168.2.5:49888 version: TLS 1.2
Source: unknown HTTPS traffic detected: 64.70.19.170:443 -> 192.168.2.5:49936 version: TLS 1.2
Source: unknown HTTPS traffic detected: 64.70.19.170:443 -> 192.168.2.5:49937 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.36:443 -> 192.168.2.5:49966 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.36:443 -> 192.168.2.5:49967 version: TLS 1.2
Source: unknown HTTPS traffic detected: 216.58.212.136:443 -> 192.168.2.5:49975 version: TLS 1.2
Source: unknown HTTPS traffic detected: 216.58.212.136:443 -> 192.168.2.5:49976 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.142:443 -> 192.168.2.5:49979 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.142:443 -> 192.168.2.5:49978 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Yara detected Ursnif
Source: Yara match File source: 00000000.00000003.343095764.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.511051320.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343140819.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343072067.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343156209.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343175705.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343037472.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343166745.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343117302.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: eLVzfyydCC.exe PID: 5504, type: MEMORYSTR

E-Banking Fraud:

barindex
Yara detected Ursnif
Source: Yara match File source: 00000000.00000003.343095764.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.511051320.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343140819.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343072067.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343156209.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343175705.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343037472.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343166745.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343117302.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: eLVzfyydCC.exe PID: 5504, type: MEMORYSTR
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Code function: 0_2_00574872 CryptAcquireContextW,memcpy,CryptImportKey,CryptSetKeyParam,memcpy,CryptEncrypt,CryptDecrypt,GetLastError,GetLastError,CryptDestroyKey,GetLastError,CryptReleaseContext,GetLastError, 0_2_00574872

System Summary:

barindex
Writes or reads registry keys via WMI
Source: C:\Users\user\Desktop\eLVzfyydCC.exe WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Users\user\Desktop\eLVzfyydCC.exe WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
Source: C:\Users\user\Desktop\eLVzfyydCC.exe WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
Source: C:\Users\user\Desktop\eLVzfyydCC.exe WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
Writes registry values via WMI
Source: C:\Users\user\Desktop\eLVzfyydCC.exe WMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
Source: C:\Users\user\Desktop\eLVzfyydCC.exe WMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
Source: C:\Users\user\Desktop\eLVzfyydCC.exe WMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
Uses 32bit PE files
Source: eLVzfyydCC.exe Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Detected potential crypto function
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Code function: 0_2_00576C62 0_2_00576C62
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Code function: 0_2_00574EF3 0_2_00574EF3
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Code function: 0_2_005781DC 0_2_005781DC
Contains functionality to call native functions
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Code function: 0_2_0040198B GetProcAddress,NtCreateSection,memset, 0_2_0040198B
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Code function: 0_2_00401C11 NtMapViewOfSection, 0_2_00401C11
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Code function: 0_2_004011A3 NtQuerySystemInformation,Sleep,GetLongPathNameW,GetLongPathNameW,GetLongPathNameW,CreateThread,GetLastError,QueueUserAPC,CloseHandle,GetLastError,TerminateThread,CloseHandle,SetLastError,WaitForSingleObject,GetExitCodeThread,CloseHandle,GetLastError,GetLastError, 0_2_004011A3
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Code function: 0_2_005777BB NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose, 0_2_005777BB
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Code function: 0_2_00578401 NtQueryVirtualMemory, 0_2_00578401
Source: eLVzfyydCC.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: eLVzfyydCC.exe ReversingLabs: Detection: 46%
Source: eLVzfyydCC.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\eLVzfyydCC.exe "C:\Users\user\Desktop\eLVzfyydCC.exe"
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6240 CREDAT:17410 /prefetch:2
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3456 CREDAT:17410 /prefetch:2
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4988 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6240 CREDAT:17410 /prefetch:2 Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3456 CREDAT:17410 /prefetch:2 Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4988 CREDAT:17410 /prefetch:2 Jump to behavior
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32 Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FBB47D07-73D0-11EC-90E5-ECF4BB570DC9}.dat Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Temp\~DF8645F9AFEFCE1AF6.TMP Jump to behavior
Source: classification engine Classification label: mal92.troj.winEXE@10/122@30/25
Source: C:\Program Files\internet explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Code function: 0_2_00572AB4 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle, 0_2_00572AB4
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior

Data Obfuscation:

barindex
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Code function: 0_2_005781CB push ecx; ret 0_2_005781DB
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Code function: 0_2_00577DE0 push ecx; ret 0_2_00577DE9
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Code function: 0_2_00401A33 LoadLibraryA,GetProcAddress, 0_2_00401A33

Hooking and other Techniques for Hiding and Protection:

barindex
Yara detected Ursnif
Source: Yara match File source: 00000000.00000003.343095764.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.511051320.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343140819.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343072067.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343156209.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343175705.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343037472.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343166745.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343117302.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: eLVzfyydCC.exe PID: 5504, type: MEMORYSTR
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Registry key monitored for changes: HKEY_CURRENT_USER_Classes Jump to behavior
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\eLVzfyydCC.exe TID: 4696 Thread sleep count: 44 > 30 Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Last function: Thread delayed
Found evasive API chain checking for process token information
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\Desktop\eLVzfyydCC.exe API call chain: ExitProcess graph end node

Anti Debugging:

barindex
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Code function: 0_2_00401A33 LoadLibraryA,GetProcAddress, 0_2_00401A33
Source: eLVzfyydCC.exe, 00000000.00000002.511111728.0000000001870000.00000002.00020000.sdmp Binary or memory string: Shell_TrayWnd
Source: eLVzfyydCC.exe, 00000000.00000002.511111728.0000000001870000.00000002.00020000.sdmp Binary or memory string: Progman
Source: eLVzfyydCC.exe, 00000000.00000002.511111728.0000000001870000.00000002.00020000.sdmp Binary or memory string: SProgram Managerl
Source: eLVzfyydCC.exe, 00000000.00000002.511111728.0000000001870000.00000002.00020000.sdmp Binary or memory string: Shell_TrayWnd,
Source: eLVzfyydCC.exe, 00000000.00000002.511111728.0000000001870000.00000002.00020000.sdmp Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Code function: 0_2_005721BC cpuid 0_2_005721BC
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Code function: 0_2_00401470 GetSystemTimeAsFileTime,_aulldiv,_snwprintf,CreateFileMappingW,GetLastError,GetLastError,MapViewOfFile,GetLastError,CloseHandle,GetLastError, 0_2_00401470
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Code function: 0_2_00401B44 CreateEventA,GetVersion,GetCurrentProcessId,OpenProcess,GetLastError, 0_2_00401B44
Source: C:\Users\user\Desktop\eLVzfyydCC.exe Code function: 0_2_005721BC RtlAllocateHeap,GetUserNameW,RtlAllocateHeap,GetUserNameW,HeapFree,GetComputerNameW,GetComputerNameW,RtlAllocateHeap,GetComputerNameW,HeapFree, 0_2_005721BC

Stealing of Sensitive Information:

barindex
Yara detected Ursnif
Source: Yara match File source: 00000000.00000003.343095764.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.511051320.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343140819.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343072067.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343156209.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343175705.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343037472.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343166745.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343117302.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: eLVzfyydCC.exe PID: 5504, type: MEMORYSTR

Remote Access Functionality:

barindex
Yara detected Ursnif
Source: Yara match File source: 00000000.00000003.343095764.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.511051320.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343140819.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343072067.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343156209.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343175705.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343037472.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343166745.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.343117302.00000000014C8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: eLVzfyydCC.exe PID: 5504, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 551536 Sample: eLVzfyydCC.exe Startdate: 12/01/2022 Architecture: WINDOWS Score: 92 37 www.google.com 2->37 39 www-googletagmanager.l.google.com 2->39 41 2 other IPs or domains 2->41 43 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->43 45 Found malware configuration 2->45 47 Antivirus / Scanner detection for submitted sample 2->47 49 3 other signatures 2->49 7 eLVzfyydCC.exe 2->7         started        10 iexplore.exe 1 49 2->10         started        12 iexplore.exe 1 75 2->12         started        14 iexplore.exe 1 50 2->14         started        signatures3 process4 signatures5 51 Writes or reads registry keys via WMI 7->51 53 Writes registry values via WMI 7->53 16 iexplore.exe 27 10->16         started        19 iexplore.exe 3 126 12->19         started        21 iexplore.exe 31 14->21         started        process6 dnsIp7 23 blancs.ws 64.70.19.203, 49934, 49935, 80 CENTURYLINK-LEGACY-SAVVISUS United States 16->23 25 website.ws 64.70.19.170, 443, 49936, 49937 CENTURYLINK-LEGACY-SAVVISUS United States 16->25 27 www.website.ws 16->27 29 update.kaspersky.com 185.85.15.26, 49756, 49757, 80 KL-EXTRU Russian Federation 19->29 31 185.85.15.46, 443, 49846, 49847 KL-EXTRU Russian Federation 19->31 35 40 other IPs or domains 19->35 33 update.fortinet.com 21->33
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
108.177.15.157
 stats.l.doubleclick.net United States
15169 GOOGLEUS false
54.195.126.67
 w.usabilla.com United States
16509 AMAZON-02US false
64.70.19.170
 website.ws United States
3561 CENTURYLINK-LEGACY-SAVVISUS false
157.240.17.15
 scontent.xx.fbcdn.net United States
32934 FACEBOOKUS false
52.16.52.14
 unknown United States
16509 AMAZON-02US false
54.228.170.24
 awseb-e-g-awsebloa-nt5wfb9wmmft-1397624435.eu-west-1.elb.amazonaws.com United States
16509 AMAZON-02US false
13.226.159.34
 d360616xvwhw9g.cloudfront.net United States
16509 AMAZON-02US false
13.226.159.97
 t.contentsquare.net United States
16509 AMAZON-02US false
216.58.212.136
 www-googletagmanager.l.google.com United States
15169 GOOGLEUS false
185.85.15.47
 multisite2.geo.kaspersky.com Russian Federation
200107 KL-EXTRU false
185.85.15.26
 update.kaspersky.com Russian Federation
200107 KL-EXTRU false
142.250.186.36
 www.google.com United States
15169 GOOGLEUS false
185.85.15.46
 unknown Russian Federation
200107 KL-EXTRU false
13.36.218.177
 kaspersky.d3.sc.omtrdc.net United States
7018 ATT-INTERNET4US false
18.192.164.101
 elb-aws-fr-visualiq-1583280815.eu-central-1.elb.amazonaws.com United States
16509 AMAZON-02US false
93.159.228.11
 multisite-support.geo.kaspersky.com Russian Federation
200107 KL-EXTRU false
64.70.19.203
 blancs.ws United States
3561 CENTURYLINK-LEGACY-SAVVISUS true
34.102.147.248
 tag.rmp.rakuten.com United States
15169 GOOGLEUS false
35.186.249.72
 d.impactradius-event.com United States
15169 GOOGLEUS false
77.74.178.40
 webcn2.geo.kaspersky.com Russian Federation
200107 KL-EXTRU false
142.250.185.195
 www.google.ch United States
15169 GOOGLEUS false
142.250.186.142
 www-google-analytics.l.google.com United States
15169 GOOGLEUS false
52.211.244.253
 dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com United States
16509 AMAZON-02US false
104.16.126.175
 unpkg.com United States
13335 CLOUDFLARENETUS false
104.18.12.5
 s.tribalfusion.com United States
13335 CLOUDFLARENETUS false

Contacted Domains

Name IP Active
gstaticadssl.l.google.com 172.217.18.99 true
kaspersky.d3.sc.omtrdc.net 13.36.218.177 true
s.tribalfusion.com 104.18.12.5 true
www-google-analytics.l.google.com 142.250.186.142 true
stats.l.doubleclick.net 108.177.15.157 true
www-googletagmanager.l.google.com 216.58.212.136 true
multisite-support.geo.kaspersky.com 93.159.228.11 true
tag.rmp.rakuten.com 34.102.147.248 true
blancs.ws 64.70.19.203 true
dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com 52.211.244.253 true
awseb-e-g-awsebloa-nt5wfb9wmmft-1397624435.eu-west-1.elb.amazonaws.com 54.228.170.24 true
elb-aws-fr-visualiq-1583280815.eu-central-1.elb.amazonaws.com 18.192.164.101 true
w.usabilla.com 54.195.126.67 true
website.ws 64.70.19.170 true
d360616xvwhw9g.cloudfront.net 13.226.159.34 true
scontent.xx.fbcdn.net 157.240.17.15 true
update.kaspersky.com 185.85.15.26 true
d.impactradius-event.com 35.186.249.72 true
www.google.com 142.250.186.36 true
webcn2.geo.kaspersky.com 77.74.178.40 true
t.contentsquare.net 13.226.159.97 true
unpkg.com 104.16.126.175 true
www.google.ch 142.250.185.195 true
multisite2.geo.kaspersky.com 185.85.15.47 true
kaspersky.demdex.net unknown unknown
cm.everesttech.net unknown unknown
stats.g.doubleclick.net unknown unknown
service.maxymiser.net unknown unknown
dpm.demdex.net unknown unknown
vt.myvisualiq.net unknown unknown
api-router.kaspersky-labs.com unknown unknown
www.website.ws unknown unknown
resources.xg4ken.com unknown unknown
www.kaspersky.com unknown unknown
connect.facebook.net unknown unknown
content.kaspersky-labs.com unknown unknown
media.kaspersky.com unknown unknown
snap.licdn.com unknown unknown
t.myvisualiq.net unknown unknown
update.fortinet.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.kaspersky.com/siterenderer/_next/static/chunks/61.bc1dd900b92bc9d80767.js false
    		high
    https://tag.rmp.rakuten.com/122870.ct.js false
      		high
      https://www.website.ws/js/jquery-3.5.0.min.js false
        		high
        https://www.website.ws/idn-orderflow/css/jquery.emojipicker.css false
          		high
          https://www.kaspersky.com/content/en-global/images/baseline/masthead-home/business-award-1.png false
            		high
            https://unpkg.com/web-vitals@2.1.3 false
              		high
              https://www.kaspersky.com/siterenderer/_next/static/media/quote-bottom.e2312833966dba730cd5a06f774284f2.svg false
                		high
                https://www.website.ws/wc_landing.dhtml?domain=blancs.ws false
                  		high
                  https://www.website.ws/newnav/images/main-logo.png false
                    		high
                    https://www.website.ws/newdesign/newnav/images/h-motto.png false
                      		high
                      https://www.kaspersky.com/content/en-global/images/baseline/masthead-home/home.png false
                        		high
                        https://www.kaspersky.com/siterenderer/_next/static/fonts/museo-sans/museosans-100italic-webfont.woff false
                          		high
                          https://www.website.ws/newdesign/newnav/images/form-q-bg.png false
                            		high
                            https://www.kaspersky.com/siterenderer/_next/static/css/bfdf68743177ecbb5a22.css false
                              		high
                              https://www.kaspersky.com/siterenderer/_next/static/chunks/109.3cf8601568ee32d2037f.js false
                                		high
                                https://www.kaspersky.com/siterenderer/_next/static/fonts/museo-sans/museosans-100-webfont.woff false
                                  		high
                                  https://www.kaspersky.com/siterenderer/_next/static/chunks/470.11485af6ac94049be322.js false
                                    		high
                                    https://www.kaspersky.com/favicon.ico false
                                      		high
                                      https://www.website.ws/newdesign/newnav/images/h-bg.png false
                                        		high
                                        https://www.website.ws/newnav/css/layout.css false
                                          		high
                                          https://www.website.ws/newdesign/newnav/images/content-b-emp.png false
                                            		high
                                            https://www.kaspersky.com/siterenderer/_next/static/images/assets/map.png false
                                              		high
                                              https://www.website.ws/newdesign/newnav/images/h-register-own.png false
                                                		high
                                                https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=983502BE532960BE0A490D4C%40AdobeOrg&d_nsid=0&ts=1642010216469 false
                                                  		high
                                                  https://www.website.ws/js/cookie-alert.js false
                                                    		high
                                                    http://www.kaspersky.com/?domain=update.kaspersky.com false
                                                      		high
                                                      https://s.tribalfusion.com/i.cid?c=705083&ev=0&page=Global false
                                                        		high
                                                        https://www.website.ws/newdesign/newnav/images/body-bg.jpg false
                                                          		high
                                                          https://www.kaspersky.com/siterenderer/_next/static/css/a9ed3a1594363c6938f8.css false
                                                            		high
                                                            https://www.website.ws/js/emoji.js false
                                                              		high
                                                              https://www.website.ws/newdesign/newnav/images/btn-create-acc-sm.png false
                                                                		high
                                                                https://www.kaspersky.com/content/en-global/images/baseline/masthead-home/home-award-5.png false
                                                                  		high
                                                                  https://www.kaspersky.com/siterenderer/_next/static/runtime/main-52c9dd25e850a6bbe3d1.js false
                                                                    		high
                                                                    https://www.website.ws/newdesign/newnav/images/nav-login.png false
                                                                      		high
                                                                      https://www.website.ws/newdesign/newnav/images/header-bg.jpg false
                                                                        		high
                                                                        https://www.kaspersky.com/siterenderer/_next/static/chunks/137.b867e461b87783f36945.js false
                                                                          		high
                                                                          https://www.kaspersky.com/content/en-global/images/baseline/masthead-home/home-award-4.png false
                                                                            		high
                                                                            https://www.kaspersky.com/content/en-global/images/baseline/media-cards/ent-1.jpg false
                                                                              		high
                                                                              https://t.myvisualiq.net/ul_cb/activity_pixel?pt=i&et=a&ago=212&ao=537&px=235&ord=1032722821&u1=Global|ALL|Traffic&r=2090721056 false
                                                                                		high
                                                                                https://www.kaspersky.com/siterenderer/_next/static/css/d4badb8db511cd24e95e.css false
                                                                                  		high
                                                                                  https://www.website.ws/newdesign/newnav/images/btn-q-search.png false
                                                                                    		high
                                                                                    https://www.kaspersky.com/siterenderer/_next/static/chunks/322.f151cd6a7db61edfbb02.js false
                                                                                      		high
                                                                                      https://www.website.ws/newnav/js/roboto.cufonfonts.js false
                                                                                        		high
                                                                                        https://www.kaspersky.com/siterenderer/_next/static/runtime/polyfills-4cd59183e7ac72a5e1c7.js false
                                                                                          		high
                                                                                          https://kaspersky.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&mid=19200230165318792082030216481562829755&ts=1642010216707 false
                                                                                          • Avira URL Cloud: safe
                                                                                          		 unknown
                                                                                          https://unpkg.com/web-vitals false
                                                                                            		high
                                                                                            https://www.website.ws/js/js-loader.js false
                                                                                              		high
                                                                                              https://www.website.ws/newdesign/newnav/images/bottom-logo.png false
                                                                                                		high
                                                                                                https://www.kaspersky.com/siterenderer/_next/static/fonts/museo-sans/museosans-500italic-webfont.woff false
                                                                                                  		high
                                                                                                  https://www.kaspersky.com/siterenderer/_next/static/chunks/107.adad7052b448169ab6ff.js false
                                                                                                    		high
                                                                                                    https://www.kaspersky.com/siterenderer/_next/static/css/c5c20187bc88132abb4a.css false
                                                                                                      		high
                                                                                                      https://www.kaspersky.com/siterenderer/_next/static/chunks/framework.09fd0d83a8f910ba0251.js false
                                                                                                        		high
                                                                                                        https://vt.myvisualiq.net/2/7hrBnrmZAM5n6cl1WjyOsg%3D%3D/vt-132.js false
                                                                                                          		high
                                                                                                          https://t.contentsquare.net/uxa/2c47087421d0b.js false
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		 unknown
                                                                                                          https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-63997723-2&cid=388491555.1642010231&jid=27385254&uid=19200230165318792082030216481562829755&gjid=1869784295&_gid=1932271643.1642010231&_u=YEBAAEAAAAAAAC~&z=1109340552 false
                                                                                                            		high
                                                                                                            https://www.kaspersky.com/siterenderer/_next/static/fonts/museo-sans/museosans-300-webfont.woff false
                                                                                                              		high
                                                                                                              https://www.website.ws/newdesign/newnav/images/btn-sec-bg.png false
                                                                                                                		high
                                                                                                                https://www.kaspersky.com/content/en-global/images/baseline/masthead-home/business-award-2.png false
                                                                                                                  		high
                                                                                                                  https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-28&cid=388491555.1642010231&jid=1545619336&_u=aEDAAEQAAAAAAC~&z=1372287311 false
                                                                                                                    		high
                                                                                                                    https://www.kaspersky.com/siterenderer/_next/static/eI2qEMPWp5Vb-YNsYp7i9/pages/index.js false
                                                                                                                      		high
                                                                                                                      https://www.kaspersky.com/siterenderer/_next/static/media/kaspersky-logo.e79ac6c57fcaf0a58fbb62a8a5d56786.svg false
                                                                                                                        		high
                                                                                                                        https://www.kaspersky.com/siterenderer/_next/static/fonts/KasperskySans/KasperskySans-Bold.woff false
                                                                                                                          		high
                                                                                                                          https://www.website.ws/newdesign/newnav/images/content-t.png false
                                                                                                                            		high
                                                                                                                            https://www.website.ws/newdesign/newnav/images/form-field-l.png false
                                                                                                                              		high
                                                                                                                              https://www.website.ws/newnav/js/iepngfix_tilebg.js false
                                                                                                                                		high