IOC Report
http://smenet.org/ViewSwitcher/SwitchView?mobile=True&returnUrl=http://xx6v1x.caobatours.com#YXRvbC5vbmxpbmVAY2FhLmNvLnVr

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1676,5534151309402295221,11728340676976103501,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe" "http://smenet.org/ViewSwitcher/SwitchView?mobile=True&returnUrl=http://xx6v1x.caobatours.com#YXRvbC5vbmxpbmVAY2FhLmNvLnVr

http://smenet.org/ViewSwitcher/SwitchView?mobile=True&returnUrl=http://xx6v1x.caobatours.com#YXRvbC5vbmxpbmVAY2FhLmNvLnVr

https://www.smenet.org/ViewSwitcher/SwitchView?mobile=True&returnUrl=http://xx6v1x.caobatours.com

40.69.190.41

http://www.smenet.org/ViewSwitcher/SwitchView?mobile=True&returnUrl=http://xx6v1x.caobatours.com

40.69.190.41

http://smenet.org/ViewSwitcher/SwitchView?mobile=True&returnUrl=http://xx6v1x.caobatours.com

40.69.190.41

https://yylinvaant.bureaurid.tech/favicon.ico

199.192.25.226

https://smenet.org/ViewSwitcher/SwitchView?mobile=True&returnUrl=http://xx6v1x.caobatours.com

40.69.190.41

http://xx6v1x.caobatours.com/

185.244.151.84

https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard

142.250.185.77

https://yylinvaant.bureaurid.tech/assets/style.css

199.192.25.226

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=94.0.4606.61&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1

216.58.212.142

accounts.google.com

142.250.185.77

xx6v1x.caobatours.com

185.244.151.84

yylinvaant.bureaurid.tech

199.192.25.226

www.google.com

142.250.186.68

clients.l.google.com

216.58.212.142

smenet.org

40.69.190.41

clients2.google.com

unknown

www.smenet.org

unknown

142.250.185.77

accounts.google.com

United States

142.250.186.68

www.google.com

United States

216.58.212.142

clients.l.google.com

United States

40.69.190.41

smenet.org

United States

185.244.151.84

xx6v1x.caobatours.com

Netherlands

192.168.11.20

unknown

unknown

199.192.25.226

yylinvaant.bureaurid.tech

United States

239.255.255.250

unknown

Reserved

EF431FE000

stack

page read and write

2E805960000

heap

page read and write

2E80579B000

heap

page read and write

2E8057CA000

heap

page read and write

EF4327F000

stack

page read and write

2E8059D0000

heap

page read and write

2E805730000

unclassified section

page readonly

2E805B00000

heap

page read and write

2E8056D0000

heap

page read and write

EF42D8C000

stack

page read and write

https://yylinvaant.bureaurid.tech/?email=YXRvbC5vbmxpbmVAY2FhLmNvLnVr

https://yylinvaant.bureaurid.tech/?email=YXRvbC5vbmxpbmVAY2FhLmNvLnVr

https://yylinvaant.bureaurid.tech/?email=YXRvbC5vbmxpbmVAY2FhLmNvLnVr

https://yylinvaant.bureaurid.tech/?email=YXRvbC5vbmxpbmVAY2FhLmNvLnVr

https://yylinvaant.bureaurid.tech/?email=YXRvbC5vbmxpbmVAY2FhLmNvLnVr

https://yylinvaant.bureaurid.tech/?email=YXRvbC5vbmxpbmVAY2FhLmNvLnVr