1ec2641fcd6185474818db8533257ed5c0e11ac84850ce15451964f73ff09a68

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
16/03/2024, 05:10 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd30a07e001c4990db4770204d1f8f6c.exe
Size

2.1MB
MD5

cd30a07e001c4990db4770204d1f8f6c
SHA1

70122e8422cf478455e75183b2db70a354f18df7
SHA256

1ec2641fcd6185474818db8533257ed5c0e11ac84850ce15451964f73ff09a68
SHA512

fdfc4867dc346160d2ccfacb054976e01e985cce297cafc0fd584c812cc12690be1c90105562d9fcec7a78cad22fd04c844b24d2c3620f788e49851471b42102
SSDEEP

49152:gIQCy6q68qXAfRnSLyN2IkwBiJOKXaKqcV64xvEpg:lQCy6qtS82IrQJOoqQv

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	cd30a07e001c4990db4770204d1f8f6c.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	cd30a07e001c4990db4770204d1f8f6c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	cd30a07e001c4990db4770204d1f8f6c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	cd30a07e001c4990db4770204d1f8f6c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	cd30a07e001c4990db4770204d1f8f6c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	cd30a07e001c4990db4770204d1f8f6c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	cd30a07e001c4990db4770204d1f8f6c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	cd30a07e001c4990db4770204d1f8f6c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	cd30a07e001c4990db4770204d1f8f6c.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2820	cd30a07e001c4990db4770204d1f8f6c.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2820	cd30a07e001c4990db4770204d1f8f6c.exe
2820	cd30a07e001c4990db4770204d1f8f6c.exe

C:\Users\Admin\AppData\Local\Temp\cd30a07e001c4990db4770204d1f8f6c.exe
"C:\Users\Admin\AppData\Local\Temp\cd30a07e001c4990db4770204d1f8f6c.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2820

Network

DNS

www.itau.com.br

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

8.8.8.8:53

Request

www.itau.com.br

IN A

Response

www.itau.com.br

IN CNAME

itauv4.edgekey.net

itauv4.edgekey.net

IN CNAME

e120279.a.akamaiedge.net

e120279.a.akamaiedge.net

IN A

23.48.165.138

e120279.a.akamaiedge.net

IN A

23.48.165.160
GET

http://www.itau.com.br/

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

23.48.165.138:80

Request

GET / HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.itau.com.br
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: AkamaiGHost
Content-Length: 0
Location: https://www.itau.com.br/
Cache-Control: max-age=0
Expires: Sat, 16 Mar 2024 05:10:30 GMT
Date: Sat, 16 Mar 2024 05:10:30 GMT
Connection: keep-alive
Set-Cookie: abtest_stickness=3c3106c99d500000360def5b500200003d0a0000; expires=Mon, 31-Dec-2038 23:59:59 GMT; path=/
cupcake: property
Access-Control-Allow-Origin: internet.itau.com.br
Vary: Origin
Access-Control-Allow-Methods: GET, POST
GET

https://www.itau.com.br/

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

23.48.165.138:443

Request

GET / HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.itau.com.br
Connection: Keep-Alive
Cookie: abtest_stickness=3c3106c99d500000360def5b500200003d0a0000

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
X-DNS-Prefetch-Control: off
Expect-CT: max-age=0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000
X-Download-Options: noopen
X-Content-Type-Options: nosniff
Origin-Agent-Cluster: ?1
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
ETag: W/"44176-TKG05qxGYjLjCInwifz6Piak/m0"
X-Amz-Cf-Pop: FOR50-P2
X-Amz-Cf-Id: -vQfhD6T7ozfjIMMsqgYzJhhxIQj4c66nVhl_2LEOXpPah3JTDCu0Q==
X-Akamai-Transformed: 9 - 0 pmb=mTOE,2
Content-Encoding: gzip
Cache-Control: max-age=85821
Expires: Sun, 17 Mar 2024 05:00:52 GMT
Date: Sat, 16 Mar 2024 05:10:31 GMT
Content-Length: 28465
Connection: keep-alive
cupcake: property
Access-Control-Allow-Origin: internet.itau.com.br
Vary: Origin
Access-Control-Allow-Methods: GET, POST
Set-Cookie: ak_bmsc=2BD04CA059A22CE2F5CC24ABF9016018~000000000000000000000000000000~YAAQirEXAq6ZqTiOAQAAqTSrRRdyeDUM4CvKX/UY9AUpTxrGAmrYuxOVGI/ats5YeRwgQR87qx6CjOCD/PTyWGOULvVD9eNEgzgbfibAfGcv/HMOq6ESpsiett0B94libBYvCO/R8CwHrQV0RWehPbLqMj8p3TisSagm8g3MV9DFZj3nB3hXLiCb7UMiax9gkPv8ltLz8nJ9TU+XHD3o3lEGWl24gZ1rzB0NiHayjZRQfc4Stqs7aseTK9PL5vLEwvr6n1CIQPTV4r3eAnWOzahHJLOey1Z2wJwytTNNbqDPONksVmxxD5YVq6zRiWyLzbhPvr/wOX7xwdLaRwF8Jb96DZeWXOUZA2AuxtbbagVT1+dG3OWFlDzU/A==; Domain=.itau.com.br; Path=/; Expires=Sat, 16 Mar 2024 07:10:31 GMT; Max-Age=7200; HttpOnly
Set-Cookie: bm_mi=27B901AF042808BD086966FE05E32B9D~YAAQirEXAq+ZqTiOAQAAqTSrRRcBwXf24JKHYY1mf49sZl8d4dYDqZGa1M5EWyFjcCAdyBgO1Dgaewjq+NEANkA/ZspREbFPQo+PimUtGrAGWUnVMp2Bswc8PotPJpF/MqF1YSKEpGGPN7hixh5mFsQUnASriGYxwErNQR9CozrCovT0mau17ELBqT1HDqOMwIltZvy9qXbHflDU500vt4E8rWGlIeLUWNUIpimmC1LIV/UdmEuW3saeS9fN7UM5U5oUC/mlUwio3wO0B5lEDEGV+d5ArZ4v2cZKowloPNCddE+7zuQgngqJNXwR~1; Domain=.itau.com.br; Path=/; Expires=Sat, 16 Mar 2024 05:10:31 GMT; Max-Age=0; Secure
GET

https://www.itau.com.br/modules/header/header.css

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

23.48.165.138:443

Request

GET /modules/header/header.css HTTP/1.1
Accept: */*
Referer: https://www.itau.com.br/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.itau.com.br
Connection: Keep-Alive
Cookie: abtest_stickness=3c3106c99d500000360def5b500200003d0a0000; ak_bmsc=2BD04CA059A22CE2F5CC24ABF9016018~000000000000000000000000000000~YAAQirEXAq6ZqTiOAQAAqTSrRRdyeDUM4CvKX/UY9AUpTxrGAmrYuxOVGI/ats5YeRwgQR87qx6CjOCD/PTyWGOULvVD9eNEgzgbfibAfGcv/HMOq6ESpsiett0B94libBYvCO/R8CwHrQV0RWehPbLqMj8p3TisSagm8g3MV9DFZj3nB3hXLiCb7UMiax9gkPv8ltLz8nJ9TU+XHD3o3lEGWl24gZ1rzB0NiHayjZRQfc4Stqs7aseTK9PL5vLEwvr6n1CIQPTV4r3eAnWOzahHJLOey1Z2wJwytTNNbqDPONksVmxxD5YVq6zRiWyLzbhPvr/wOX7xwdLaRwF8Jb96DZeWXOUZA2AuxtbbagVT1+dG3OWFlDzU/A==

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=UTF-8
X-Powered-By: Express
Last-Modified: Fri, 08 Mar 2024 20:45:57 GMT
ETag: W/"2b84-18e1fd0bb88"
Content-Encoding: gzip
X-Amz-Cf-Pop: FOR50-P2
X-Amz-Cf-Id: RVtjN-_PGwqI5G10gFvFh4FHZFvZoexBOF1_fC5qcY1qHW4EUC0YqA==
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Length: 1565
Expires: Tue, 19 Mar 2024 17:05:49 GMT
Date: Sat, 16 Mar 2024 05:10:32 GMT
Connection: keep-alive
cupcake: true
Access-Control-Allow-Origin: internet.itau.com.br
Vary: Origin
Access-Control-Allow-Methods: GET, POST
GET

https://www.itau.com.br/components/marco_civil/marco_civil.css

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

23.48.165.138:443

Request

GET /components/marco_civil/marco_civil.css HTTP/1.1
Accept: */*
Referer: https://www.itau.com.br/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.itau.com.br
Connection: Keep-Alive
Cookie: abtest_stickness=3c3106c99d500000360def5b500200003d0a0000; ak_bmsc=2BD04CA059A22CE2F5CC24ABF9016018~000000000000000000000000000000~YAAQirEXAq6ZqTiOAQAAqTSrRRdyeDUM4CvKX/UY9AUpTxrGAmrYuxOVGI/ats5YeRwgQR87qx6CjOCD/PTyWGOULvVD9eNEgzgbfibAfGcv/HMOq6ESpsiett0B94libBYvCO/R8CwHrQV0RWehPbLqMj8p3TisSagm8g3MV9DFZj3nB3hXLiCb7UMiax9gkPv8ltLz8nJ9TU+XHD3o3lEGWl24gZ1rzB0NiHayjZRQfc4Stqs7aseTK9PL5vLEwvr6n1CIQPTV4r3eAnWOzahHJLOey1Z2wJwytTNNbqDPONksVmxxD5YVq6zRiWyLzbhPvr/wOX7xwdLaRwF8Jb96DZeWXOUZA2AuxtbbagVT1+dG3OWFlDzU/A==

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=UTF-8
X-Powered-By: Express
Last-Modified: Fri, 08 Mar 2024 20:45:55 GMT
ETag: W/"d55-18e1fd0b3b8"
Content-Encoding: gzip
X-Amz-Cf-Pop: FOR50-P2
X-Amz-Cf-Id: KNGM6uZRpFW9bUYrmRNV4pPdn8uuk7-6OFKY2aPxuQAaftYwfwuJxw==
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Length: 794
Expires: Tue, 19 Mar 2024 17:06:13 GMT
Date: Sat, 16 Mar 2024 05:10:32 GMT
Connection: keep-alive
cupcake: true
Access-Control-Allow-Origin: internet.itau.com.br
Vary: Origin
Access-Control-Allow-Methods: GET, POST
GET

https://www.itau.com.br/components/navigation_menu/navigation_menu.css

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

23.48.165.138:443

Request

GET /components/navigation_menu/navigation_menu.css HTTP/1.1
Accept: */*
Referer: https://www.itau.com.br/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.itau.com.br
Connection: Keep-Alive
Cookie: abtest_stickness=3c3106c99d500000360def5b500200003d0a0000; ak_bmsc=2BD04CA059A22CE2F5CC24ABF9016018~000000000000000000000000000000~YAAQirEXAq6ZqTiOAQAAqTSrRRdyeDUM4CvKX/UY9AUpTxrGAmrYuxOVGI/ats5YeRwgQR87qx6CjOCD/PTyWGOULvVD9eNEgzgbfibAfGcv/HMOq6ESpsiett0B94libBYvCO/R8CwHrQV0RWehPbLqMj8p3TisSagm8g3MV9DFZj3nB3hXLiCb7UMiax9gkPv8ltLz8nJ9TU+XHD3o3lEGWl24gZ1rzB0NiHayjZRQfc4Stqs7aseTK9PL5vLEwvr6n1CIQPTV4r3eAnWOzahHJLOey1Z2wJwytTNNbqDPONksVmxxD5YVq6zRiWyLzbhPvr/wOX7xwdLaRwF8Jb96DZeWXOUZA2AuxtbbagVT1+dG3OWFlDzU/A==

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=UTF-8
X-Powered-By: Express
Last-Modified: Fri, 08 Mar 2024 20:45:55 GMT
ETag: W/"4776-18e1fd0b3b8"
Content-Encoding: gzip
X-Amz-Cf-Pop: FOR50-P2
X-Amz-Cf-Id: tPbqxZRfYYD1pxaQlk75UKwy0GkloiLFh6NxQanULaOguLYZxjQFdA==
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Length: 2971
Expires: Tue, 19 Mar 2024 17:06:11 GMT
Date: Sat, 16 Mar 2024 05:10:32 GMT
Connection: keep-alive
cupcake: true
Access-Control-Allow-Origin: internet.itau.com.br
Vary: Origin
Access-Control-Allow-Methods: GET, POST
GET

https://www.itau.com.br/components/navigation_menu/loading-busca.css

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

23.48.165.138:443

Request

GET /components/navigation_menu/loading-busca.css HTTP/1.1
Accept: */*
Referer: https://www.itau.com.br/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.itau.com.br
Connection: Keep-Alive
Cookie: abtest_stickness=3c3106c99d500000360def5b500200003d0a0000; ak_bmsc=2BD04CA059A22CE2F5CC24ABF9016018~000000000000000000000000000000~YAAQirEXAq6ZqTiOAQAAqTSrRRdyeDUM4CvKX/UY9AUpTxrGAmrYuxOVGI/ats5YeRwgQR87qx6CjOCD/PTyWGOULvVD9eNEgzgbfibAfGcv/HMOq6ESpsiett0B94libBYvCO/R8CwHrQV0RWehPbLqMj8p3TisSagm8g3MV9DFZj3nB3hXLiCb7UMiax9gkPv8ltLz8nJ9TU+XHD3o3lEGWl24gZ1rzB0NiHayjZRQfc4Stqs7aseTK9PL5vLEwvr6n1CIQPTV4r3eAnWOzahHJLOey1Z2wJwytTNNbqDPONksVmxxD5YVq6zRiWyLzbhPvr/wOX7xwdLaRwF8Jb96DZeWXOUZA2AuxtbbagVT1+dG3OWFlDzU/A==

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=UTF-8
X-Powered-By: Express
Last-Modified: Fri, 08 Mar 2024 20:45:55 GMT
ETag: W/"42a-18e1fd0b3b8"
Content-Encoding: gzip
X-Amz-Cf-Pop: FOR50-P2
X-Amz-Cf-Id: 0KOevg7_-yL_o1jETbUZ738uVs_nIsUqbMrNtRs2dRWVJR8aBbfa_Q==
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Length: 428
Expires: Tue, 19 Mar 2024 17:07:34 GMT
Date: Sat, 16 Mar 2024 05:10:32 GMT
Connection: keep-alive
cupcake: true
Access-Control-Allow-Origin: internet.itau.com.br
Vary: Origin
Access-Control-Allow-Methods: GET, POST
GET

https://www.itau.com.br/components/logo/logo.css

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

23.48.165.138:443

Request

GET /components/logo/logo.css HTTP/1.1
Accept: */*
Referer: https://www.itau.com.br/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.itau.com.br
Connection: Keep-Alive
Cookie: abtest_stickness=3c3106c99d500000360def5b500200003d0a0000; ak_bmsc=2BD04CA059A22CE2F5CC24ABF9016018~000000000000000000000000000000~YAAQirEXAq6ZqTiOAQAAqTSrRRdyeDUM4CvKX/UY9AUpTxrGAmrYuxOVGI/ats5YeRwgQR87qx6CjOCD/PTyWGOULvVD9eNEgzgbfibAfGcv/HMOq6ESpsiett0B94libBYvCO/R8CwHrQV0RWehPbLqMj8p3TisSagm8g3MV9DFZj3nB3hXLiCb7UMiax9gkPv8ltLz8nJ9TU+XHD3o3lEGWl24gZ1rzB0NiHayjZRQfc4Stqs7aseTK9PL5vLEwvr6n1CIQPTV4r3eAnWOzahHJLOey1Z2wJwytTNNbqDPONksVmxxD5YVq6zRiWyLzbhPvr/wOX7xwdLaRwF8Jb96DZeWXOUZA2AuxtbbagVT1+dG3OWFlDzU/A==

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=UTF-8
X-Powered-By: Express
Accept-Ranges: bytes
Last-Modified: Fri, 08 Mar 2024 20:45:55 GMT
ETag: W/"96-18e1fd0b3b8"
X-Amz-Cf-Pop: FOR50-P2
X-Amz-Cf-Id: Beg1FQ84GjwPjlOKYNp-aQBRo0xXHebDFCTTgQs7R06ZK0teBWa3tQ==
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Content-Length: 142
Expires: Tue, 19 Mar 2024 17:06:02 GMT
Date: Sat, 16 Mar 2024 05:10:32 GMT
Connection: keep-alive
cupcake: true
Access-Control-Allow-Origin: internet.itau.com.br
Vary: Origin
Access-Control-Allow-Methods: GET, POST
GET

https://www.itau.com.br/components/common-link/common-link.css

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

23.48.165.138:443

Request

GET /components/common-link/common-link.css HTTP/1.1
Accept: */*
Referer: https://www.itau.com.br/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.itau.com.br
Connection: Keep-Alive
Cookie: abtest_stickness=3c3106c99d500000360def5b500200003d0a0000; ak_bmsc=2BD04CA059A22CE2F5CC24ABF9016018~000000000000000000000000000000~YAAQirEXAq6ZqTiOAQAAqTSrRRdyeDUM4CvKX/UY9AUpTxrGAmrYuxOVGI/ats5YeRwgQR87qx6CjOCD/PTyWGOULvVD9eNEgzgbfibAfGcv/HMOq6ESpsiett0B94libBYvCO/R8CwHrQV0RWehPbLqMj8p3TisSagm8g3MV9DFZj3nB3hXLiCb7UMiax9gkPv8ltLz8nJ9TU+XHD3o3lEGWl24gZ1rzB0NiHayjZRQfc4Stqs7aseTK9PL5vLEwvr6n1CIQPTV4r3eAnWOzahHJLOey1Z2wJwytTNNbqDPONksVmxxD5YVq6zRiWyLzbhPvr/wOX7xwdLaRwF8Jb96DZeWXOUZA2AuxtbbagVT1+dG3OWFlDzU/A==

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=UTF-8
X-Powered-By: Express
Last-Modified: Fri, 08 Mar 2024 20:45:54 GMT
ETag: W/"77f-18e1fd0afd0"
Content-Encoding: gzip
X-Amz-Cf-Pop: FOR50-P2
X-Amz-Cf-Id: utieWlQZraX_ZaqPmdCRWdqURIJqhydE4UJim0C1P2KSeh-L-s-w8g==
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Length: 518
Expires: Tue, 19 Mar 2024 17:05:41 GMT
Date: Sat, 16 Mar 2024 05:10:32 GMT
Connection: keep-alive
cupcake: true
Access-Control-Allow-Origin: internet.itau.com.br
Vary: Origin
Access-Control-Allow-Methods: GET, POST
GET

https://www.itau.com.br/components/navigation_menu/navigation_menu.js

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

23.48.165.138:443

Request

GET /components/navigation_menu/navigation_menu.js HTTP/1.1
Accept: */*
Referer: https://www.itau.com.br/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.itau.com.br
Connection: Keep-Alive
Cookie: abtest_stickness=3c3106c99d500000360def5b500200003d0a0000; ak_bmsc=2BD04CA059A22CE2F5CC24ABF9016018~000000000000000000000000000000~YAAQirEXAq6ZqTiOAQAAqTSrRRdyeDUM4CvKX/UY9AUpTxrGAmrYuxOVGI/ats5YeRwgQR87qx6CjOCD/PTyWGOULvVD9eNEgzgbfibAfGcv/HMOq6ESpsiett0B94libBYvCO/R8CwHrQV0RWehPbLqMj8p3TisSagm8g3MV9DFZj3nB3hXLiCb7UMiax9gkPv8ltLz8nJ9TU+XHD3o3lEGWl24gZ1rzB0NiHayjZRQfc4Stqs7aseTK9PL5vLEwvr6n1CIQPTV4r3eAnWOzahHJLOey1Z2wJwytTNNbqDPONksVmxxD5YVq6zRiWyLzbhPvr/wOX7xwdLaRwF8Jb96DZeWXOUZA2AuxtbbagVT1+dG3OWFlDzU/A==

Response

HTTP/1.1 200 OK

Content-Type: application/javascript; charset=UTF-8
X-Powered-By: Express
Last-Modified: Fri, 08 Mar 2024 20:28:26 GMT
ETag: W/"24e8-18e1fc0b210"
Content-Encoding: gzip
X-Amz-Cf-Pop: FOR50-P2
X-Amz-Cf-Id: 517ywZSBptGJT2W4jDNwf1mRkJJLSX1kzMHgsSYY8MDCVx3x3YKVng==
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Length: 2396
Expires: Tue, 19 Mar 2024 17:07:04 GMT
Date: Sat, 16 Mar 2024 05:10:32 GMT
Connection: keep-alive
cupcake: true
Access-Control-Allow-Origin: internet.itau.com.br
Vary: Origin
Access-Control-Allow-Methods: GET, POST
GET

https://www.itau.com.br/libs/vendors/vanilla/vanilla-masker.min.js

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

23.48.165.138:443

Request

GET /libs/vendors/vanilla/vanilla-masker.min.js HTTP/1.1
Accept: */*
Referer: https://www.itau.com.br/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.itau.com.br
Connection: Keep-Alive
Cookie: abtest_stickness=3c3106c99d500000360def5b500200003d0a0000; ak_bmsc=2BD04CA059A22CE2F5CC24ABF9016018~000000000000000000000000000000~YAAQirEXAq6ZqTiOAQAAqTSrRRdyeDUM4CvKX/UY9AUpTxrGAmrYuxOVGI/ats5YeRwgQR87qx6CjOCD/PTyWGOULvVD9eNEgzgbfibAfGcv/HMOq6ESpsiett0B94libBYvCO/R8CwHrQV0RWehPbLqMj8p3TisSagm8g3MV9DFZj3nB3hXLiCb7UMiax9gkPv8ltLz8nJ9TU+XHD3o3lEGWl24gZ1rzB0NiHayjZRQfc4Stqs7aseTK9PL5vLEwvr6n1CIQPTV4r3eAnWOzahHJLOey1Z2wJwytTNNbqDPONksVmxxD5YVq6zRiWyLzbhPvr/wOX7xwdLaRwF8Jb96DZeWXOUZA2AuxtbbagVT1+dG3OWFlDzU/A==

Response

HTTP/1.1 200 OK

Content-Type: application/javascript; charset=UTF-8
X-Powered-By: Express
Last-Modified: Fri, 08 Mar 2024 20:28:26 GMT
ETag: W/"cc1-18e1fc0b210"
Content-Encoding: gzip
X-Amz-Cf-Pop: FOR50-P2
X-Amz-Cf-Id: DKddBfGspXAx_QsR5Ip7xnJRUvBPTvOurByspJttta5JoDFyakZrwA==
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Length: 1305
Expires: Tue, 19 Mar 2024 17:05:33 GMT
Date: Sat, 16 Mar 2024 05:10:32 GMT
Connection: keep-alive
cupcake: true
Access-Control-Allow-Origin: internet.itau.com.br
Vary: Origin
Access-Control-Allow-Methods: GET, POST
GET

https://www.itau.com.br/media/dam/m/538533fcf33fd411/original/itau-logo-branco-48x48.png

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

23.48.165.138:443

Request

GET /media/dam/m/538533fcf33fd411/original/itau-logo-branco-48x48.png HTTP/1.1
Accept: */*
Referer: https://www.itau.com.br/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.itau.com.br
Connection: Keep-Alive
Cookie: abtest_stickness=3c3106c99d500000360def5b500200003d0a0000; ak_bmsc=2BD04CA059A22CE2F5CC24ABF9016018~000000000000000000000000000000~YAAQirEXAq6ZqTiOAQAAqTSrRRdyeDUM4CvKX/UY9AUpTxrGAmrYuxOVGI/ats5YeRwgQR87qx6CjOCD/PTyWGOULvVD9eNEgzgbfibAfGcv/HMOq6ESpsiett0B94libBYvCO/R8CwHrQV0RWehPbLqMj8p3TisSagm8g3MV9DFZj3nB3hXLiCb7UMiax9gkPv8ltLz8nJ9TU+XHD3o3lEGWl24gZ1rzB0NiHayjZRQfc4Stqs7aseTK9PL5vLEwvr6n1CIQPTV4r3eAnWOzahHJLOey1Z2wJwytTNNbqDPONksVmxxD5YVq6zRiWyLzbhPvr/wOX7xwdLaRwF8Jb96DZeWXOUZA2AuxtbbagVT1+dG3OWFlDzU/A==

Response

HTTP/1.1 200 OK

Access-Control-Allow-Methods: GET, POST
Last-Modified: Fri, 19 Jan 2024 13:48:24 GMT
Server: Akamai Image Manager
X-Serial: 1058
X-Check-Cacheable: YES
Content-Length: 892
Content-Type: image/png
Cache-Control: private, no-transform, max-age=2363899
Expires: Fri, 12 Apr 2024 13:48:51 GMT
Date: Sat, 16 Mar 2024 05:10:32 GMT
Connection: keep-alive
Access-Control-Allow-Origin: internet.itau.com.br
Vary: Origin
Access-Control-Allow-Methods: GET, POST
DNS

www.microsoft.com

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

92.123.241.137
DNS

bucketfileshiio-prd.cloud.itau.com.br

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

8.8.8.8:53

Request

bucketfileshiio-prd.cloud.itau.com.br

IN A

Response

bucketfileshiio-prd.cloud.itau.com.br

IN A

18.245.162.54

bucketfileshiio-prd.cloud.itau.com.br

IN A

18.245.162.6

bucketfileshiio-prd.cloud.itau.com.br

IN A

18.245.162.31

bucketfileshiio-prd.cloud.itau.com.br

IN A

18.245.162.44
DNS

libs-digitalanalytics.cloud.itau.com.br

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

8.8.8.8:53

Request

libs-digitalanalytics.cloud.itau.com.br

IN A

Response

libs-digitalanalytics.cloud.itau.com.br

IN A

18.154.84.96

libs-digitalanalytics.cloud.itau.com.br

IN A

18.154.84.3

libs-digitalanalytics.cloud.itau.com.br

IN A

18.154.84.66

libs-digitalanalytics.cloud.itau.com.br

IN A

18.154.84.117
DNS

cdnjs.cloudflare.com

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

8.8.8.8:53

Request

cdnjs.cloudflare.com

IN A

Response

cdnjs.cloudflare.com

IN A

104.17.25.14

cdnjs.cloudflare.com

IN A

104.17.24.14
GET

https://www.itau.com.br/akam/13/fcd6cd6

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

23.48.165.138:443

Request

GET /akam/13/fcd6cd6 HTTP/1.1
Accept: */*
Referer: https://www.itau.com.br/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.itau.com.br
Connection: Keep-Alive
Cookie: abtest_stickness=3c3106c99d500000360def5b500200003d0a0000; ak_bmsc=2BD04CA059A22CE2F5CC24ABF9016018~000000000000000000000000000000~YAAQirEXAq6ZqTiOAQAAqTSrRRdyeDUM4CvKX/UY9AUpTxrGAmrYuxOVGI/ats5YeRwgQR87qx6CjOCD/PTyWGOULvVD9eNEgzgbfibAfGcv/HMOq6ESpsiett0B94libBYvCO/R8CwHrQV0RWehPbLqMj8p3TisSagm8g3MV9DFZj3nB3hXLiCb7UMiax9gkPv8ltLz8nJ9TU+XHD3o3lEGWl24gZ1rzB0NiHayjZRQfc4Stqs7aseTK9PL5vLEwvr6n1CIQPTV4r3eAnWOzahHJLOey1Z2wJwytTNNbqDPONksVmxxD5YVq6zRiWyLzbhPvr/wOX7xwdLaRwF8Jb96DZeWXOUZA2AuxtbbagVT1+dG3OWFlDzU/A==

Response

HTTP/1.1 200 OK

Stored-Attribute-Sha-Checksum: 28f250abde8028ecedeb7ca9cf2cb7921707c48b65e8f7e674772328956b9698
Last-Modified: Thu, 22 Feb 2024 19:42:44 GMT
ETag: "fd5d333e6b924dec511965652b700be1534d2f5b987bf97041e8da6dcffa6ca1"
Content-Type: application/javascript
Content-Encoding: gzip
Content-Length: 8766
Expires: Sat, 16 Mar 2024 05:10:32 GMT
Date: Sat, 16 Mar 2024 05:10:32 GMT
Connection: keep-alive
Cache-Control: max-age=21600
cupcake: true
Access-Control-Allow-Origin: internet.itau.com.br
Vary: Origin
Access-Control-Allow-Methods: GET, POST
Set-Cookie: ak_bmsc=0C6AA4D67059609F5A7A93B5689A6D4B~000000000000000000000000000000~YAAQirEXAryZqTiOAQAAgzarRRdn0yt8/7Lci6VLv3ypZJv2g8dOGzGGpIwW0rkmxex8K7duL5mRLcXvYSyBx1FGHfAIccvJUkr3+QdIXyPtv5CaV7R69bYLuJlNYGXiXJgzACJL5Fw85mcybwMRXHD06S84MATYYvO0cRiRZtUlsATVfuw+jY/jjf5tBsSGB549WYevRbSweGigyi7ql+tFtCfSRmGtJp8gHHPSyvGFt0lOERLQxeIN5Z26fCjBdtxuSj/rqLoHYMJlCSXiUj1qomewzuUfmUt/UJT6T/kQ+WZzqj48Z1NUrumTkMLbQPMrARgPgFCOwa/3594KHawZcGIa1QScdL8yBGFRV2bb+oGluWsiLMHZ/LxE+Fi3VxXZOewCWiA1fJs1/0FQkcyQ+9hDxgk=; Domain=.itau.com.br; Path=/; Expires=Sat, 16 Mar 2024 07:10:31 GMT; Max-Age=7199; HttpOnly
GET

https://www.itau.com.br/components/open_account/open_account.css

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

23.48.165.138:443

Request

GET /components/open_account/open_account.css HTTP/1.1
Accept: */*
Referer: https://www.itau.com.br/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.itau.com.br
Connection: Keep-Alive
Cookie: abtest_stickness=3c3106c99d500000360def5b500200003d0a0000; ak_bmsc=2BD04CA059A22CE2F5CC24ABF9016018~000000000000000000000000000000~YAAQirEXAq6ZqTiOAQAAqTSrRRdyeDUM4CvKX/UY9AUpTxrGAmrYuxOVGI/ats5YeRwgQR87qx6CjOCD/PTyWGOULvVD9eNEgzgbfibAfGcv/HMOq6ESpsiett0B94libBYvCO/R8CwHrQV0RWehPbLqMj8p3TisSagm8g3MV9DFZj3nB3hXLiCb7UMiax9gkPv8ltLz8nJ9TU+XHD3o3lEGWl24gZ1rzB0NiHayjZRQfc4Stqs7aseTK9PL5vLEwvr6n1CIQPTV4r3eAnWOzahHJLOey1Z2wJwytTNNbqDPONksVmxxD5YVq6zRiWyLzbhPvr/wOX7xwdLaRwF8Jb96DZeWXOUZA2AuxtbbagVT1+dG3OWFlDzU/A==

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=UTF-8
X-Powered-By: Express
Accept-Ranges: bytes
Last-Modified: Fri, 08 Mar 2024 20:45:55 GMT
ETag: W/"2e1-18e1fd0b3b8"
X-Amz-Cf-Pop: FOR50-P2
X-Amz-Cf-Id: ILagUXNFuCCeD1eRWTaeEvKK9VCyPBY9uaqFs4EMqj5Nw8cUL3EvBQ==
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Content-Length: 345
Expires: Tue, 19 Mar 2024 17:05:50 GMT
Date: Sat, 16 Mar 2024 05:10:32 GMT
Connection: keep-alive
cupcake: true
Access-Control-Allow-Origin: internet.itau.com.br
Vary: Origin
Access-Control-Allow-Methods: GET, POST
GET

https://www.itau.com.br/components/marco_civil/marco_civil.js

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

23.48.165.138:443

Request

GET /components/marco_civil/marco_civil.js HTTP/1.1
Accept: */*
Referer: https://www.itau.com.br/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.itau.com.br
Connection: Keep-Alive
Cookie: abtest_stickness=3c3106c99d500000360def5b500200003d0a0000; ak_bmsc=2BD04CA059A22CE2F5CC24ABF9016018~000000000000000000000000000000~YAAQirEXAq6ZqTiOAQAAqTSrRRdyeDUM4CvKX/UY9AUpTxrGAmrYuxOVGI/ats5YeRwgQR87qx6CjOCD/PTyWGOULvVD9eNEgzgbfibAfGcv/HMOq6ESpsiett0B94libBYvCO/R8CwHrQV0RWehPbLqMj8p3TisSagm8g3MV9DFZj3nB3hXLiCb7UMiax9gkPv8ltLz8nJ9TU+XHD3o3lEGWl24gZ1rzB0NiHayjZRQfc4Stqs7aseTK9PL5vLEwvr6n1CIQPTV4r3eAnWOzahHJLOey1Z2wJwytTNNbqDPONksVmxxD5YVq6zRiWyLzbhPvr/wOX7xwdLaRwF8Jb96DZeWXOUZA2AuxtbbagVT1+dG3OWFlDzU/A==

Response

HTTP/1.1 200 OK

Content-Type: application/javascript; charset=UTF-8
X-Powered-By: Express
Last-Modified: Fri, 08 Mar 2024 20:28:26 GMT
ETag: W/"86a-18e1fc0b210"
Content-Encoding: gzip
X-Amz-Cf-Pop: FOR50-P2
X-Amz-Cf-Id: WpaElOvZhTgo8BqUVHQTIx2f3hMBpxv7oYo0XiIFp077-X-IqA547g==
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Length: 808
Expires: Tue, 19 Mar 2024 17:05:51 GMT
Date: Sat, 16 Mar 2024 05:10:32 GMT
Connection: keep-alive
cupcake: true
Access-Control-Allow-Origin: internet.itau.com.br
Vary: Origin
Access-Control-Allow-Methods: GET, POST
GET

https://www.itau.com.br/components/navigation_menu/modal_login.js

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

23.48.165.138:443

Request

GET /components/navigation_menu/modal_login.js HTTP/1.1
Accept: */*
Referer: https://www.itau.com.br/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.itau.com.br
Connection: Keep-Alive
Cookie: abtest_stickness=3c3106c99d500000360def5b500200003d0a0000; ak_bmsc=2BD04CA059A22CE2F5CC24ABF9016018~000000000000000000000000000000~YAAQirEXAq6ZqTiOAQAAqTSrRRdyeDUM4CvKX/UY9AUpTxrGAmrYuxOVGI/ats5YeRwgQR87qx6CjOCD/PTyWGOULvVD9eNEgzgbfibAfGcv/HMOq6ESpsiett0B94libBYvCO/R8CwHrQV0RWehPbLqMj8p3TisSagm8g3MV9DFZj3nB3hXLiCb7UMiax9gkPv8ltLz8nJ9TU+XHD3o3lEGWl24gZ1rzB0NiHayjZRQfc4Stqs7aseTK9PL5vLEwvr6n1CIQPTV4r3eAnWOzahHJLOey1Z2wJwytTNNbqDPONksVmxxD5YVq6zRiWyLzbhPvr/wOX7xwdLaRwF8Jb96DZeWXOUZA2AuxtbbagVT1+dG3OWFlDzU/A==

Response

HTTP/1.1 200 OK

Content-Type: application/javascript; charset=UTF-8
X-Powered-By: Express
Last-Modified: Fri, 08 Mar 2024 20:28:26 GMT
ETag: W/"4142-18e1fc0b210"
Content-Encoding: gzip
X-Amz-Cf-Pop: FOR50-P2
X-Amz-Cf-Id: 52ZiyZ6eSResEsMbquGdLVeXNTy22wq_jGoFLG-Z1e4bdUa3IE6cqw==
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Length: 2453
Expires: Tue, 19 Mar 2024 17:07:27 GMT
Date: Sat, 16 Mar 2024 05:10:32 GMT
Connection: keep-alive
cupcake: true
Access-Control-Allow-Origin: internet.itau.com.br
Vary: Origin
Access-Control-Allow-Methods: GET, POST
GET

https://www.itau.com.br/components/common-link/common-link.js

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

23.48.165.138:443

Request

GET /components/common-link/common-link.js HTTP/1.1
Accept: */*
Referer: https://www.itau.com.br/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.itau.com.br
Connection: Keep-Alive
Cookie: abtest_stickness=3c3106c99d500000360def5b500200003d0a0000; ak_bmsc=2BD04CA059A22CE2F5CC24ABF9016018~000000000000000000000000000000~YAAQirEXAq6ZqTiOAQAAqTSrRRdyeDUM4CvKX/UY9AUpTxrGAmrYuxOVGI/ats5YeRwgQR87qx6CjOCD/PTyWGOULvVD9eNEgzgbfibAfGcv/HMOq6ESpsiett0B94libBYvCO/R8CwHrQV0RWehPbLqMj8p3TisSagm8g3MV9DFZj3nB3hXLiCb7UMiax9gkPv8ltLz8nJ9TU+XHD3o3lEGWl24gZ1rzB0NiHayjZRQfc4Stqs7aseTK9PL5vLEwvr6n1CIQPTV4r3eAnWOzahHJLOey1Z2wJwytTNNbqDPONksVmxxD5YVq6zRiWyLzbhPvr/wOX7xwdLaRwF8Jb96DZeWXOUZA2AuxtbbagVT1+dG3OWFlDzU/A==

Response

HTTP/1.1 200 OK

Content-Type: application/javascript; charset=UTF-8
X-Powered-By: Express
Accept-Ranges: bytes
Last-Modified: Fri, 08 Mar 2024 20:28:26 GMT
ETag: W/"1c5-18e1fc0b210"
X-Amz-Cf-Pop: FOR50-P2
X-Amz-Cf-Id: GvPgBk-TK3i4QZ2_Ys4jBWL8HMyP5L8Wi3gj0YHdZdLJrPzKpuk2uw==
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Content-Length: 236
Expires: Tue, 19 Mar 2024 17:05:57 GMT
Date: Sat, 16 Mar 2024 05:10:32 GMT
Connection: keep-alive
cupcake: true
Access-Control-Allow-Origin: internet.itau.com.br
Vary: Origin
Access-Control-Allow-Methods: GET, POST
GET

https://bucketfileshiio-prd.cloud.itau.com.br/itau-sdk-interaction-studio/assets/sdk-interaction-studio-web-universal.min.js

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

18.245.162.54:443

Request

GET /itau-sdk-interaction-studio/assets/sdk-interaction-studio-web-universal.min.js HTTP/1.1
Accept: */*
Referer: https://www.itau.com.br/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: bucketfileshiio-prd.cloud.itau.com.br
Connection: Keep-Alive
Cookie: ak_bmsc=2BD04CA059A22CE2F5CC24ABF9016018~000000000000000000000000000000~YAAQirEXAq6ZqTiOAQAAqTSrRRdyeDUM4CvKX/UY9AUpTxrGAmrYuxOVGI/ats5YeRwgQR87qx6CjOCD/PTyWGOULvVD9eNEgzgbfibAfGcv/HMOq6ESpsiett0B94libBYvCO/R8CwHrQV0RWehPbLqMj8p3TisSagm8g3MV9DFZj3nB3hXLiCb7UMiax9gkPv8ltLz8nJ9TU+XHD3o3lEGWl24gZ1rzB0NiHayjZRQfc4Stqs7aseTK9PL5vLEwvr6n1CIQPTV4r3eAnWOzahHJLOey1Z2wJwytTNNbqDPONksVmxxD5YVq6zRiWyLzbhPvr/wOX7xwdLaRwF8Jb96DZeWXOUZA2AuxtbbagVT1+dG3OWFlDzU/A==

Response

HTTP/1.1 200 OK

Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sat, 16 Mar 2024 05:10:35 GMT
Last-Modified: Thu, 29 Feb 2024 02:01:58 GMT
ETag: W/"1309d27c1cce16c64fde217068a1fc7b"
x-amz-server-side-encryption: AES256
x-amz-meta-run_id: 8085841278
x-amz-version-id: null
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 fe81b7a56101ab7f8f60c8ec19986806.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR5-P2
X-Amz-Cf-Id: MtBQoeKD0F8e594v20_s8-uYo-QjbVgcBQqqMOiJnS4pEcxcsunD8A==
GET

https://cdnjs.cloudflare.com/ajax/libs/zone.js/0.11.4/zone.min.js

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

104.17.25.14:443

Request

GET /ajax/libs/zone.js/0.11.4/zone.min.js HTTP/1.1
Accept: */*
Referer: https://www.itau.com.br/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: cdnjs.cloudflare.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 16 Mar 2024 05:10:32 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 15018
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=30672000
Content-Encoding: gzip
ETag: "602c26f0-c131"
Last-Modified: Tue, 16 Feb 2021 20:11:28 GMT
cf-cdnjs-via: cfworker/kv
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 146962
Expires: Thu, 06 Mar 2025 05:10:32 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4upxVWMF13fkB%2Bpcl8iRw3TWI%2B4%2BLA4cVOSqrDUygcbHJnNEQ%2FeX8UBMY5W8F777HzT3yvoYUNIoVNeeax8ZQI%2BmnDahvPIkg1wjrpiH%2Bi7zvlHWdzwDKmZD7p74cQ%2Fn1IffpWXQ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=15780000
Server: cloudflare
CF-RAY: 86523cc45f233697-LHR
alt-svc: h3=":443"; ma=86400
GET

https://libs-digitalanalytics.cloud.itau.com.br/assets/framework-analytics-web.min.js

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

18.154.84.96:443

Request

GET /assets/framework-analytics-web.min.js HTTP/1.1
Accept: */*
Referer: https://www.itau.com.br/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: libs-digitalanalytics.cloud.itau.com.br
Connection: Keep-Alive
Cookie: ak_bmsc=2BD04CA059A22CE2F5CC24ABF9016018~000000000000000000000000000000~YAAQirEXAq6ZqTiOAQAAqTSrRRdyeDUM4CvKX/UY9AUpTxrGAmrYuxOVGI/ats5YeRwgQR87qx6CjOCD/PTyWGOULvVD9eNEgzgbfibAfGcv/HMOq6ESpsiett0B94libBYvCO/R8CwHrQV0RWehPbLqMj8p3TisSagm8g3MV9DFZj3nB3hXLiCb7UMiax9gkPv8ltLz8nJ9TU+XHD3o3lEGWl24gZ1rzB0NiHayjZRQfc4Stqs7aseTK9PL5vLEwvr6n1CIQPTV4r3eAnWOzahHJLOey1Z2wJwytTNNbqDPONksVmxxD5YVq6zRiWyLzbhPvr/wOX7xwdLaRwF8Jb96DZeWXOUZA2AuxtbbagVT1+dG3OWFlDzU/A==

Response

HTTP/1.1 200 OK

Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 11 Dec 2023 10:07:10 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: null
Server: AmazonS3
Content-Encoding: gzip
Date: Sat, 16 Mar 2024 04:47:42 GMT
ETag: W/"4301f79bb3d58417754e2c088e627b53"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 4e88bdedf56f69ddc71d5c8cda21705a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR5-P7
X-Amz-Cf-Id: 2Q1VbgaOK_D22EZX9XXyWREc8qd-t3JlCtHAZJ3jIvXoa7bBnmDK-w==
Age: 2351
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Vary: Origin
DNS

ocsp.r2m02.amazontrust.com

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

8.8.8.8:53

Request

ocsp.r2m02.amazontrust.com

IN A

Response

ocsp.r2m02.amazontrust.com

IN A

143.204.67.183
GET

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEA%2BNo0OLlNeuBl974c%2BUcdM%3D

cd30a07e001c4990db4770204d1f8f6c.exe

Remote address:

143.204.67.183:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEA%2BNo0OLlNeuBl974c%2BUcdM%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.r2m02.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 16 Mar 2024 05:05:02 GMT
Last-Modified: Sat, 16 Mar 2024 05:04:54 GMT
Server: ECAcc (lhd/35BE)
X-Cache: Hit from cloudfront
Via: 1.1 16f38d6df135d34d67fe44df60d91ab4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-P1
X-Amz-Cf-Id: ah_wQ64SaxZcbD0cVHICZXHcTWJ0PG1ouo4S5FpUvgpp6mPqtQuaXQ==
Age: 339

23.48.165.138:80

http://www.itau.com.br/

http

cd30a07e001c4990db4770204d1f8f6c.exe

666 B
1.2kB
7
5

HTTP Request

GET http://www.itau.com.br/

HTTP Response

301
23.48.165.138:443

https://www.itau.com.br/media/dam/m/538533fcf33fd411/original/itau-logo-branco-48x48.png

tls, http

cd30a07e001c4990db4770204d1f8f6c.exe

10.9kB
53.6kB
34
48

HTTP Request

GET https://www.itau.com.br/

HTTP Response

200

HTTP Request

GET https://www.itau.com.br/modules/header/header.css

HTTP Response

200

HTTP Request

GET https://www.itau.com.br/components/marco_civil/marco_civil.css

HTTP Response

200

HTTP Request

GET https://www.itau.com.br/components/navigation_menu/navigation_menu.css

HTTP Response

200

HTTP Request

GET https://www.itau.com.br/components/navigation_menu/loading-busca.css

HTTP Response

200

HTTP Request

GET https://www.itau.com.br/components/logo/logo.css

HTTP Response

200

HTTP Request

GET https://www.itau.com.br/components/common-link/common-link.css

HTTP Response

200

HTTP Request

GET https://www.itau.com.br/components/navigation_menu/navigation_menu.js

HTTP Response

200

HTTP Request

GET https://www.itau.com.br/libs/vendors/vanilla/vanilla-masker.min.js

HTTP Response

200

HTTP Request

GET https://www.itau.com.br/media/dam/m/538533fcf33fd411/original/itau-logo-branco-48x48.png

HTTP Response

200
23.48.165.138:443

https://www.itau.com.br/components/common-link/common-link.js

tls, http

cd30a07e001c4990db4770204d1f8f6c.exe

5.8kB
18.8kB
17
20

HTTP Request

GET https://www.itau.com.br/akam/13/fcd6cd6

HTTP Response

200

HTTP Request

GET https://www.itau.com.br/components/open_account/open_account.css

HTTP Response

200

HTTP Request

GET https://www.itau.com.br/components/marco_civil/marco_civil.js

HTTP Response

200

HTTP Request

GET https://www.itau.com.br/components/navigation_menu/modal_login.js

HTTP Response

200

HTTP Request

GET https://www.itau.com.br/components/common-link/common-link.js

HTTP Response

200
18.245.162.54:443

https://bucketfileshiio-prd.cloud.itau.com.br/itau-sdk-interaction-studio/assets/sdk-interaction-studio-web-universal.min.js

tls, http

cd30a07e001c4990db4770204d1f8f6c.exe

2.2kB
22.0kB
18
26

HTTP Request

GET https://bucketfileshiio-prd.cloud.itau.com.br/itau-sdk-interaction-studio/assets/sdk-interaction-studio-web-universal.min.js

HTTP Response

200
104.17.25.14:443

https://cdnjs.cloudflare.com/ajax/libs/zone.js/0.11.4/zone.min.js

tls, http

cd30a07e001c4990db4770204d1f8f6c.exe

1.6kB
20.3kB
18
22

HTTP Request

GET https://cdnjs.cloudflare.com/ajax/libs/zone.js/0.11.4/zone.min.js

HTTP Response

200
18.154.84.96:443

https://libs-digitalanalytics.cloud.itau.com.br/assets/framework-analytics-web.min.js

tls, http

cd30a07e001c4990db4770204d1f8f6c.exe

3.0kB
71.4kB
36
59

HTTP Request

GET https://libs-digitalanalytics.cloud.itau.com.br/assets/framework-analytics-web.min.js

HTTP Response

200
143.204.67.183:80

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEA%2BNo0OLlNeuBl974c%2BUcdM%3D

http

cd30a07e001c4990db4770204d1f8f6c.exe

480 B
1.1kB
5
4

HTTP Request

GET http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEA%2BNo0OLlNeuBl974c%2BUcdM%3D

HTTP Response

200

8.8.8.8:53

www.itau.com.br

dns

cd30a07e001c4990db4770204d1f8f6c.exe

61 B
160 B
1
1

DNS Request

www.itau.com.br

DNS Response

23.48.165.138

23.48.165.160
8.8.8.8:53

www.microsoft.com

dns

cd30a07e001c4990db4770204d1f8f6c.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

92.123.241.137
8.8.8.8:53

bucketfileshiio-prd.cloud.itau.com.br

dns

cd30a07e001c4990db4770204d1f8f6c.exe

83 B
147 B
1
1

DNS Request

bucketfileshiio-prd.cloud.itau.com.br

DNS Response

18.245.162.54

18.245.162.6

18.245.162.31

18.245.162.44
8.8.8.8:53

libs-digitalanalytics.cloud.itau.com.br

dns

cd30a07e001c4990db4770204d1f8f6c.exe

85 B
149 B
1
1

DNS Request

libs-digitalanalytics.cloud.itau.com.br

DNS Response

18.154.84.96

18.154.84.3

18.154.84.66

18.154.84.117
8.8.8.8:53

cdnjs.cloudflare.com

dns

cd30a07e001c4990db4770204d1f8f6c.exe

66 B
98 B
1
1

DNS Request

cdnjs.cloudflare.com

DNS Response

104.17.25.14

104.17.24.14
8.8.8.8:53

ocsp.r2m02.amazontrust.com

dns

cd30a07e001c4990db4770204d1f8f6c.exe

72 B
88 B
1
1

DNS Request

ocsp.r2m02.amazontrust.com

DNS Response

143.204.67.183

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
a5d46bf0f3e775ccb60c10b4664683fb

SHA1
818d4cc224135081c4ee1ad2a0ce487a8951942a

SHA256
0b71ce8ffc0bb81e466eee399f747ae2f7d93710d3497075f89ebb061e4fec7b

SHA512
c6e0a5c4f8b49d63fcc4fbaaf2e4060b3b59822639285514ce9d8c451748e0ead63702776aa454bac7dc38b9e73a22dd4044104072260f4005e2be02df88c0ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
175be13a149baaf139d226da26c209ff

SHA1
3a648e9bd025d5345b45642a18edceaeafcf3652

SHA256
d2ac0dcad17de8e1db1d5f498e14be452e8635e0a249fd0a588ef791c7067e7e

SHA512
fc7d7e19d8e08f893f5f9dce26e9d61322ac97c5d1e0de1d0341afdf1ec820787e4c02d156d80ced77740737056b010140f7eb297d1defe4ac1a81d9d8bcfa36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7f21ae62fed4b04d1247eedfb2351c5

SHA1
ae6036e93561e716d3ee24f28b2bf1ff1db6e830

SHA256
31c606a8736964102664d9c3d1b3cbeb5c89eb85767b58b2ce55d8f3e91d7608

SHA512
1224870c52c5ceae681820df77f67ae4fb78ee132fa8700b3289a2dbd35c95bf1e9ca26b91d7537cdf633f2a356f5bb8012f1ce0563d7d1be4824abdf719e19a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2722fe1df9f7c6730fffc73a709dac00

SHA1
e72ee7b5e7c13636a0b887d3577492c65cb5c872

SHA256
0ceab8d19b25774f2f39affa31c34d18f63fc4a84f1fcb6331170b286ef74f4e

SHA512
2f50dfb14545b53a9f4d5e1a83db2f1e64c094c29af19cd09902bb6a5d3ae4f3456467791e3d0be065dcb81206af77f1f32faeb4d607b95c15cd0d6af41a457b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79933522eeb029207cfac1b41a9d59cf

SHA1
e13fb58416bef1a016adb58139427b2a2d70c35d

SHA256
518bc65e972e5a7d94136f55912d5408fc927ec4e19a80b0eecee5d7f0f23daf

SHA512
93abd57f9af4b8f2358f568bf76c0b6e4167ff61588569bf1632283634d749ea2441fdc8c1dd8a17530089797c32ec6015b7485932540292a5556e77f23d50eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b6dfd561114780ce33c0518c4a97884

SHA1
3ffac716a4fd0f7969eb93834d47e837928e46e8

SHA256
2f704b42bad107f19b5b031152c954e50eeb474abf57483d0502e944d7006331

SHA512
c994a755dc4f91c44f5eb400cb3d6d8e492e84c518ab22edbf6da23741cda72d250e4648be6201a66f64b07f0d4fc8d12ab5258a14d24885b25fa173ba489dc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c999ff769848a124d1b229d57405f356

SHA1
261ff77a1cc30863ee15649ab99b5c76ab5dfad3

SHA256
b335b663a5c358241eac6f230ab41126ca01bb9523656b6c6b70518eb1a1a68a

SHA512
3e33fc4fb052767cf83c8f53f0ed2e70da26b0913623986eaa75a2dc721ee9902555df33ccb5942e5d6e55d0624cca93d071dd7d05344031e7b2bd4354eaf3f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a34b21d65f9885026f7703730df4536f

SHA1
7dcbb39386a63dea3ce0b0dfb72bd7029f7aef49

SHA256
cfda8d7ef46ebae14044f517f4892addf3726215e36fd889a7b05cda56c43d73

SHA512
b4a1626504cff1d2e485c9cb3cdce5cbd4a772ef14ad9a4b7068600c03984fd0c99ed6e1fd5944ec6018ad87f399decb0e96cc95807c09afaca4fc817db8e5c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
208c4a0a40ad5928c8dce2636a32e9a4

SHA1
b07e2aee017172d3cfd329b3849a650ea7217f9c

SHA256
94af19eeee3006012cd96c1533959d6aa027464261a7b623ccbda49a5ab173e3

SHA512
a18de9a5a76ce8242a85b30d7d56c57b1acefd468ecb3c0d1d3a05fff313c0e2023f638db3dbe21df927bce7f567750c86a14970ad42ad95ad36fc6ba44ef467

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE67.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
memory/2820-1-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2820-0-0x0000000000400000-0x0000000001278000-memory.dmp

Filesize
14.5MB

Download
memory/2820-477-0x0000000000400000-0x0000000001278000-memory.dmp

Filesize
14.5MB

Download
memory/2820-478-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.