procMemory | ZeroBOX

Process memory dump for chrome.exe (PID 1068, dump 1)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 2)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 3)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 4)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 5)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 6)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 7)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 8)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 9)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 10)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 11)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 12)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 13)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 14)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 15)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 16)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 17)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 18)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 19)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 20)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 21)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 22)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 23)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 24)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 25)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 26)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 27)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 28)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 29)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 30)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 31)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 32)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico
    
                                                

Process memory dump for chrome.exe (PID 1068, dump 33)

Extracted/injected images (may contain unpacked executables)
Download #1


Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: BitCoin

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)
  • b3BlbmdsMzIuZGxs (opengl32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWR2QVBJMzIuZGxs (AdvAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Virtual_currency_Zero

  • Qml0Y29pbg== (Bitcoin)
  • Yml0Y29pbg== (bitcoin)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZABiAGcAaABlAGwAcAAuAGQAbABsAA== (dbghelp.dll)
  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: vmdetect

  • Vk13YXJl (VMware)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuRExM (KERNEL32.DLL)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U3lzdGVtLmluaQ== (System.ini)
  • V2luLkluaQ== (Win.Ini)


URLs found in process memory
    https://clients4.google.com/invalidation/android/request/
    http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    http://services.ukrposhta.com/postindex_new/
    http://dts.search-results.com/sr?lng=
    http://inposdom.gob.do/codigo-postal/
    http://creativecommons.org/ns
    http://www.postur.fo/
    https://qc.search.yahoo.com/search?ei=
    https://cacert.omniroot.com/baltimoreroot.crt09
    https://codereview.chromium.org/25305002).
    https://search.yahoo.com/search?ei=
    http://t1.symcb.com/ThawtePCA.crl0/
    http://crbug.com/31395.
    https://support.google.com/chrome/answer/165139
    https://ct.googleapis.com/aviator/
    https://datasaver.googleapis.com/v1/clientConfigs
    http://crl.starfieldtech.com/sfroot-g2.crl0L
    https://ct.startssl.com/
    https://suggest.yandex.com.tr/suggest-ff.cgi?part=
    https://de.search.yahoo.com/favicon.ico
    https://github.com/GoogleChrome/Lighthouse/issues
    http://www.searchnu.com/favicon.ico
    https://support.google.com/installer/?product=
    http://msdn.microsoft.com/en-us/library/ms792901.aspx
    https://www.najdi.si/search.jsp?q=
    http://x.ss2.us/x.cer0
    http://crl.geotrust.com/crls/gtglobal.crl04
    https://accounts.google.com/ServiceLogin
    https://accounts.google.com/OAuthLogin
    https://c.android.clients.google.com/
    https://www.google.com/tools/feedback/chrome/__submit
    https://chrome.google.com/webstore/category/collection/dark_themes
    http://check.googlezip.net/generate_204
    http://ocsp.starfieldtech.com/08
    http://www.guernseypost.com/postcode_finder/
    http://crl.certum.pl/ca.crl0h
    http://ator
    https://suggest.yandex.by/suggest-ff.cgi?part=
    http://feed.snap.do/?q=
    https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
    http://www.language
    https://support.google.com/chrome/
    http://developer.chrome.com/apps/declare_permissions.html
    https://ct.googleapis.com/rocketeer/
    https://www.globalsign.com/repository/03
    http://www.startssl.com/sfsca.crl0
    http://UA-Compatible
    https://se.search.yahoo.com/search?ei=
    http://EVSecure-ocsp.geotrust.com0
    https://developers.google.com/web/fundamentals/accessibility/accessible-styles
    https://mammoth.ct.comodo.com/
    http://hladaj.atlas.sk/fulltext/?phrase=
    http://buscador.softonic.com/?q=
    https://chrome-devtools-frontend.appspot.com/
    http://check.googlezip.net/connect
    https://hk.search.yahoo.com/sugg/chrome?output=fxjson
    https://ph.search.yahoo.com/sugg/chrome?output=fxjson
    https://clientservices.googleapis.com/chrome-variations/seed
    http://www.correoargentino.com.ar/formularios/cpa
    https://log.getdropbox.com/log/ocsp_expect_staple
    https://ro.search.yahoo.com/favicon.ico
    https://cacert.omniroot.com/baltimoreroot.der0
    http://crl.godaddy.com/gdroot-g2.crl0F
    http://crbug.com/122474.
    http://crl.geotrust.com/GeoTrustPCA-G3.crl0
    https://ve.search.yahoo.com/sugg/chrome?output=fxjson
    https://reporting.caddyserver.com/expect-staple
    http://search.conduit.com/Results.aspx?q=
    http://crl.startssl.com/sfsca.crl0f
    http://g.symcd.com0L
    https://android.clients.google.com/checkin
    https://ct.googleapis.com/logs/argon2018/
    http://www.icon
    http://www.text-decoration
    http://ocsp.digicert.com0
    https://developers.google.com/web/tools/lighthouse/
    https://www.googleapis.com/auth/safesearch.reporting
    https://support.google.com/chrome/answer/185277
    https://nz.search.yahoo.com/sugg/chrome?output=fxjson
    https://github.com/bgrins/spectrum
    http://crbug.com/642141
    http://code.google.com/p/chromium/issues/entry
    https://www.verisign.com/cps0=
    https://www.google.com/favicon.ico
    https://suggest.yandex.kz/suggest-ff.cgi?part=
    https://www.yandex.kz/chrome/newtab
    http://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager07.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager02.htmlhttp://www.macromedia.com/support/documentation/kr/flashplayer/help/settings_manager06.htmlhttps://support.google.com/chrome/answer/118142065782681https://support.google.com/chrome/?p=settings_clear_browsing_datahttps://history.google.com/history/?utm_source=chrome_cbdhttps://myactivity.google.com/myactivity/?utm_source=chrome_nhttps://myactivity.google.com/myactivity/?utm_source=chrome_hChrome
    http://dev.w3.org/csswg/css3-transitions/
    https://sites.google.com/a/chromium.org/dev/administrators/common-problems-and-solutions
    https://developers.google.com/web/updates/2017/08/devtools-release-notes
    https://www.geotrust.com/resources/cps06
    https://support.google.com/chrome/?p=help
    https://www.vinden.nl/?q=
    http://code.google.com/p/chromium/issues/detail?id=125863)
    http://crbug.com/278112).
    https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson
    https://accounts.google.com/AuthSubRevokeToken
    https://fcm.googleapis.com/fcm/send/
    https://www.zoznam.sk/hladaj.fcgi?s=
    https://www.googleapis.com/auth/cryptauth
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    https://support.google.com/chromecast/topic/3447927
    http://www.post.ch/db/owa/pv_plz_pack/pr_main
    https://www.google.
    http://isrg.trustid.ocsp.identrust.com0
    http://szukaj.wp.pl/szukaj.html?q=
    http://www.certum.pl/CPS0
    https://support.google.com/chrome/?p=ib_nacl
    https://www.sogou.com/images/logo/old/favicon.ico
    http://www.walla.co.il/favicon.ico
    http://www.google.com/chrome/intl/ko/welcome.html
    http://buscar.terra.com.ar/favicon.ico
    http://search.incredibar.com/search.php?q=
    https://suggests.go.mail.ru/chrome?q=
    http://nova.rambler.ru/search?query=
    http://nigma.ru/?s=
    https://gvt6.com/
    http://ocsp.godaddy.com/05
    https://search.naver.com/search.naver?ie=
    http://www.buscacep.correios.com.br/
    http://www.youtube.com/embed/
    https://go.imgsmail.ru/favicon.ico
    http://xt/css
    http://crl.thawte.com/ThawtePCA-G3.crl0
    https://support.google.com/chrome/?p=settings_sync_error
    https://support.google.com/chrome/?p=e_awsnap
    https://developers.google.com/cloud-print/docs/cdd
    https://br.search.yahoo.com/search?ei=
    http://site
    http://www.unicode.org/copyright.html
    http://ocsp.entrust.net02
    http://www.symauth.com/rpa00
    https://www.googleapis.com/oauth2/v4/token
    http://crbug.com/473845
    https://crashpad.chromium.org/
    https://captive.portal/login
    https://safebrowsing.google.com/safebrowsing
    http://applicationslink
    https://www.googleapis.com/auth/drive.apps
    https://www.google.com/
    http://crbug.com/86955
    http://crbug.com/378067
    http://search.incredibar.com/?q=
    http://certificates.godaddy.com/repository100.
    http://sQUIC
    http://www.symauth.com/rpa0)
    https://de.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chromecast/answer/%d
    http://i.wp.pl/a/i/stg/500/favicon.ico
    https://www.neti.ee/cgi-bin/otsing?query=
    https://search.goo.ne.jp/cdn/common/img/favicon.ico
    http://addEventListenerresponsible
    https://ct.ws.symantec.com/
    https://nl.search.yahoo.com/search?ei=
    http://etherx.jabber.org/streams
    http://crl.verisign.com/pca3.crl0
    http://clientservices.googleapis.com/uma/v2
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop2.json
    http://www.postdirekt.de/plzserver/
    https://support.microsoft.com/kb/3056819
    https://support.google.com/chrome/?p=settings_sign_in
    http://aia1.wosign.com/ca1-class3-server.cer0
    https://log.certly.io/
    https://www.neti.ee/api/suggestOS?suggestVersion=1
    https://th.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.googleapis.com/
    http://www.chromium.org/developers/how-tos/api-keys
    https://fonts.googleapis.com/css?family=Roboto
    http://www.philpost.gov.ph/
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson
    https://de.search.yahoo.com/search?ei=
    http://aia1.wosign.com/ca1g2-server3.cer0
    http://www.correos.cl/SitePages/home.aspx
    https://www.google.com/cloudprint
    http://ak.apnstatic.com/media/images/favicon_search-results.ico
    http://www.google.com/
    http://search.avg.com/favicon.ico
    https://developers.google.com/web/updates/2017/05/devtools-release-notes
    https://support.google.com/chrome/?p=unauthenticated
    http://t2.symcb.com0
    https://gr.search.yahoo.com/search?ei=
    https://buscador.terra.com.ar/Default.aspx?source=Search
    https://search.yahoo.co.jp/favicon.ico
    http://localhost
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop3.json
    http://api.sugg.sogou.com/su?type=addrbar
    http://crl.usertrust.com/AddTrustExternalCARoot.crl0
    http://www.postnl.nl/voorthuis/
    http://autocomplete.nigma.ru/complete/query_help.php?suggest=true
    https://www.so.com/s?ie=
    https://crbug.com/5448190).
    https://search.softonic.com/?q=
    http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    http://postcode.vnpost.vn/services/search.aspx
    https://br.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=superfish
    https://cl.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=plugin_divx
    https://www.canadapost.ca/cpo/mc/personal/postalcode/fpc.jsf
    https://www.baidu.com/favicon.ico
    http://crbug.com/235689.
    http://www.epost.go.kr/search/zipcode/search5.jsp
    http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
    https://es.search.yahoo.com/search?ei=
    http://crbug.com
    http://support.apple.com/kb/HT203092
    http://An
    https://cortisconsultingch.report-uri.com/r/d/staple/reportOnly
    http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    https://ctlog-gen2.api.venafi.com/
    https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
    https://www.yandex.by/chrome/newtab
    https://accounts.google.com/OAuthWrapBridge
    https://developers.google.com/web/updates/2016/12/devtools-javascript-cpu-profile-migration
    https://support.google.com/chrome/?p=datasaver
    http://according
    https://yandex.ru/
    http://s1.symcb.com/pca3-g5.crl0
    http://www.google.com/earth/explore/products/plugin.html
    https://www.verisign.com/cps0
    https://www.gstatic.com/securitykey/a/google.com/origins.json
    http://www.post.gov.bn/SitePages/postcodes.aspx
    https://developers.google.com/web/updates/2017/11/devtools-release-notes
    http://crbug.com/510270
    https://secure.omniroot.com/repository0
    http://www.bgpost.bg/?cid=5
    http://www.google.com/talk/protocol/auth
    http://postcodes.maltapost.com/
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop4.json
    http://search.sweetim.com/favicon.ico
    http://buscador.terra.es/favicon.ico
    https://dl.google.com/dl/softwareremovaltool/win/c/chrome_cleanup_tool.exe
    https://id.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.google.com/settings/security/lesssecureapps
    http://cript
    http://crbug.com/497301
    http://localhost:8000/inspector-sources/
    http://search.goo.ne.jp/web.jsp?MT=
    http://clientservices.googleapis.com/chrome-variations/seed
    https://support.google.com/chrome/?p=settings_manage_exceptions
    https://log.ncsccs.com/report/expectstaple
    http://crl.entrust.net/g2ca.crl0
    https://www.google.com/chrome/devices/chromecast/
    http://www.symauth.com/cps0(
    http://www.google.com
    https://sp.ask.com/sh/i/a16/favicon/favicon.ico
    https://www.recent
    http://search.sweetim.com/search.asp?q=
    https://in.search.yahoo.com/search?ei=
    http://www.slpost.gov.lk/
    https://support.google.com/chrome/?p=plugin_pdf
    http://schema.org/GovernmentOrganization
    https://www.chromestatus.com/feature/5709390967472128
    http://cybertrust.omniroot.com/repository.cfm0
    https://support.google.com/chrome/?p=ui_settings_api_extension
    http://t2.symcb.com0A
    https://chrome.google.com/webstore/detail/%s
    http://search.babylon.com/favicon.ico
    http://www.gpo.gov.np/postalcode.aspx
    https://gvt1.com/
    https://ssl.gstatic.com/
    https://www.google.com/cloudprint/learn/
    http://crt.rootca1.amazontrust.com/rootca1.cer0?
    https://id.search.yahoo.com/favicon.ico
    http://o.ss2.us/0
    https://tools.google.com/service/update2
    https://accounts.google.com/OAuthGetAccessToken
    https://developers.google.com/web/updates/2017/03/devtools-release-notes
    http://ns.adobe.com/xap/1.0/
    https://www.chromestatus.com/feature/5637107137642496
    http://crt.rootg2.amazontrust.com/rootg2.cer0=
    https://in.search.yahoo.com/sugg/chrome?output=fxjson
    http://flashmobile.adobe.com/
    https://www.gstatic.com/chrome/extensions/blacklist
    http://purl.org/dc/dcmitype/StillImage
    https://safebrowsing.google.com/safebrowsing/uploads/chrome
    https://chrome-sync.sandbox.google.com/chrome-sync/alpha
    https://nl.search.yahoo.com/favicon.ico
    http://crl.certum.pl/ctnca.crl0k
    https://developers.google.com/web/updates/2018/01/devtools
    http://ocsp.starfieldtech.com/0
    http://www.google.com/chrome/intl/ko/eula_text.html
    https://qc.search.yahoo.com/favicon.ico
    https://search.yahoo.com/favicon.ico
    https://uk.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.landvaluation.bm/
    http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassReference/TouchEvent/TouchEvent.html.
    https://ctlog.wosign.com/
    https://fr.search.yahoo.com/search?ei=
    https://clients2.googleusercontent.com/crx/blobs/
    https://www.verisign.com/rpa
    http://ok.hu/gfx/favicon.ico
    http://www.delta-search.com/favicon.ico
    https://yandex.com.tr/gorsel/search?rpt=imageview
    http://schema.org/Person
    https://hladaj.atlas.sk/fulltext/?phrase=
    https://searchatlas.centrum.cz/?q=
    http://crbug.com/750901
    https://accounts.google.com/o/oauth2/programmatic_auth
    http://www.interoperabilitybridges.com/wmp-extension-for-chrome
    http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
    http://www.google.com/update2/response
    https://www.googleapis.com/auth/supportcontent
    https://support.google.com/chrome/?p=plugin_flash
    http://www.search.delta-search.com/?q=
    https://ct.cloudflare.com/logs/nimbus2020/
    https://accounts.google.com/o/oauth2/auth
    http://www.json.com/json-schema-proposal/
    http://ocsp.godaddy.com/02
    https://www.sogou.com/web?ie=
    https://minecraft.report-uri.com/r/d/staple/reportOnly
    http://ocsp.verisign.com0
    https://ve.search.yahoo.com/search?ei=
    https://support.google.com/accounts/answer/6197437
    https://sb-ssl.google.com/safebrowsing/clientreport/login
    http://service.real.com/realplayer/security/02062012_player/en/
    http://ocsp.digicert.com0K
    https://sg.search.yahoo.com/sugg/chrome?output=fxjson
    http://arianna.libero.it/search/abin/integrata.cgi?query=
    http://buscador.terra.es/Default.aspx?source=Search
    http://subca.ocsp-certum.com0.
    http://searchatlas.centrum.cz/?q=
    https://accounts.google.com/embedded/setup/v2/chromeos
    https://docs.google.com/feeds/
    https://report-uri.cloudflare.com/expect-ct
    http://www.nzpost.co.nz/Cultures/en-NZ/OnlineTools/PostCodeFinder/
    https://kvasir.no/grafikk/favicon.ico
    https://nova.rambler.ru/suggest?v=3
    http://aia.startssl.com/certs/ca.crt02
    http://certs.starfieldtech.com/repository/1402
    https://accounts.google.com/o/oauth2/revoke
    https://search.seznam.cz/?q=
    http://search.snapdo.com/?q=
    https://www.google.TLD
    https://report.badssl.com/expect-staple
    http://www.maldivespost.com/?lid=10
    https://bugs.chromium.org/p/chromium/issues/detail?id=559258
    https://nova.rambler.ru/search?query=
    http://www.serpost.com.pe/cpostal/codigo
    https://support.google.com/chrome/?p=settings_cloud_print
    http://ocsp.godaddy.com/0J
    http://search.avg.com/search?q=
    https://www.singpost.com/find-postal-code
    https://search.goo.ne.jp/web.jsp?MT=
    https://www.googleapis.com/rpc
    https://www.thawte.com/cps0
    http://www.yhs.delta-search.com/?q=
    https://chromium.googlesource.com/chromium/src/
    https://history.report-uri.com/r/d/staple/reportOnly
    http://crbug.com/415315
    https://www.yandex.com.tr/
    https://developer.chrome.com/devtools/docs/remote-debugging
    http://certs.godaddy.com/repository/1301
    https://crbug.com/368855.)
    http://radce.centrum.cz/?q=
    http://www.foo.com/bar
    https://search.walla.co.il/?q=
    http://zip4.usps.com/zip4/welcome.jsp
    https://developers.google.com/web/updates/2017/04/devtools-release-notes
    http://www.style
    https://buscador.terra.es/Default.aspx?source=Search
    http://www.keynectis.com/PC08
    https://www.softonic.com/s/
    https://translate.googleapis.com/
    http://foo.com/bar
    http://search.snap.do/?q=
    https://accounts.google.com/ListAccounts?json=standard
    https://alt1-safebrowsing.google.com/safebrowsing
    http://www.google.co.kr/dmca.html
    http://www.gov.im/post/postal/fr_main.asp
    http://www.gstatic.com/chrome/extensions/blacklist
    https://crbug.com/480935.
    https://beacons4.gvt2.com/domainreliability/upload
    http://www.correos.gob.ni/index.php/codigo-postal-2
    http://schema.org/Organization
    https://www.googleapis.com/auth/chromewebstore.readonly
    http://www.poste.it/online/cercacap/
    https://cuscochromeextension-pa.googleapis.com/v1/omniboxsuggestions
    https://support.google.com/chrome/?p=e_awsnap_rl
    https://search.daum.net/search?ie=
    https://log.getdropbox.com/hpkp
    https://tw.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.hortcut
    https://es.search.yahoo.com/sugg/chrome?output=fxjson
    http://adressesok.posten.no/nb/postal_codes/search
    https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
    https://maktoob.search.yahoo.com/favicon.ico
    http://www.google.co.kr/tm_complaint.html
    https://sg.search.yahoo.com/favicon.ico
    https://sb-ssl.google.com/safebrowsing/clientreport/phishing
    https://accounts.google.com/GetCheckConnectionInfo
    http://crl.godaddy.com/gds1-20
    https://sp.br.ask.com/sh/i/a14/favicon/favicon.ico
    http://crbug.com/133457.
    http://www.startssl.com/intermediate.pdf0
    https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
    http://www.pasts.lv/lv/uzzinas/nodalas/
    http://EVIntl-ccrt.gwww.gicert.com/1ocsp.verisign.com09rapidssl.cos.godaddy.com/repository/0
    https://www.softonic.com.br/s/
    http://crbug.com/258526.
    http://www.poste.tn/codes.php
    http://goo.gl/Y1OdAq
    http://crbug.com/31037
    http://info.russianpost.ru/servlet/department
    https://goo.gl/ZcZixP
    https://www.chromium.org/
    https://ct.googleapis.com/logs/argon2019/
    http://www.neti.ee/cgi-bin/otsing?query=
    http://ocsp.entrust.net03
    http://ocsp.entrust.net00
    https://ct.googleapis.com/logs/argon2021/
    https://docs.google.com
    https://search.seznam.cz/r/img/favicon.ico
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://tw.search.yahoo.com/favicon.ico
    http://example.com
    https://code.google.com/p/chromium/issues/detail?id=162042
    https://code.google.com/p/chromium/issues/detail?id=162044
    http://mock.linkdoctor.url/for?testing
    https://css-tricks.com/hash-tag-links-padding/
    https://www.googleapis.com/auth/wallet.chrome
    https://support.google.com/chrome/?p=settings_omnibox
    http://search.imesh.net/favicon.ico
    https://android.googleapis.com/gcm/send/
    https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin
    http://www.jerseypost.com/tools/postcode-address-finder/
    http://buscar.terra.com.ar/Default.aspx?source=Search
    https://accounts.google.com/AccountChooser?Email=%s
    https://www.googleapis.com/auth/chromesync_playpen
    https://nz.search.yahoo.com/favicon.ico
    https://goo.gl/zmWq3m.
    https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
    http://www./div
    https://www.chromestatus.com/feature/5669008342777856
    http://option
    https://sirius.ws.symantec.com/
    https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
    http://crl.thawte.com/ThawtePremiumServerCA.crl0
    https://tr.search.yahoo.com/search?ei=
    https://www.yandex.ua/chrome/newtab
    http://www.wosign.com/policy/0
    https://nz.search.yahoo.com/search?ei=
    https://log.ncsccs.com/report/hpkp
    https://support.google.com/chrome/?p=chrome_cleanup_tool
    https://ssl.gstatic.com/safebrowsing/csd/
    http://subca.ocsp-certum.com01
    https://www.google.com/chrome/browser/privacy/whitepaper.html
    https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtools
    https://beacons2.gvt2.com/domainreliability/upload
    https://id.search.yahoo.com/search?ei=
    http://www.search-results.com/web?q=
    http://mystart.incredibar.com/?search=
    https://pe.search.yahoo.com/sugg/chrome?output=fxjson
    https://www.geotrust.com/resources/repository0
    https://hk.search.yahoo.com/search?ei=
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    https://nl.softonic.com/s/
    http://www.conduit.com/favicon.ico
    https://support.google.com/chrome/?p=ib_pepper_broker
    https://se.search.yahoo.com/favicon.ico
    http://search.iminent.com/Shared/Images/favicon_gl.ico
    https://search.daum.net/favicon.ico
    http://schema.org/BlogPosting
    http://g.symcd.com0
    https://pe.search.yahoo.com/favicon.ico
    https://myactivity.google.com/myactivity/?utm_source=chrome_cbd
    http://i
    https://www.chromestatus.com/feature/5243055179300864
    http://g.symcb.com/crls/gtglobal.crl0.
    https://goo.gl/EuHzyv
    https://support.google.com/chrome/?p=ui_voice_search
    https://www.yandex.com.tr/chrome/newtab
    http://cdp1.public-trust.com/CRL/Omniroot2025.crl0
    https://support.google.com/chrome/?p=ui_download_errors
    https://safebrowsing.googleusercontent.com/safebrowsing/clientreport/notification-image
    https://aIn
    http://www.google.com:80
    http://www.post.at/post_subsite_postleitzahlfinder.php
    http://schema.org/ScholarlyArticle
    http://link
    http://staticsuggested
    https://crbug.com/794942.
    https://ca.search.yahoo.com/search?ei=
    https://kvasir.no/alle?q=
    http://ocsp.thawte.com0
    http://pca-g3-ocsp.geotrust.com0
    https://www.facebook.com/chat/video/videocalldownload.php
    http://www.geotrust.com/resources/cps0
    http://ss.uk.ask.com/query?q=
    https://www.post.lu/fr/grandes-entreprises/solutions-postales/rechercher-un-code-postal
    http://www.verkkoposti.com/e3/postinumeroluettelo
    http://crbug.com/312900.
    https://certs.starfieldtech.com/repository/0
    http://www.laposte.fr/Particulier/Utiliser-nos-outils-pratiques/Outils-et-documents/Trouvez-un-code-postal
    http://search.iminent.com/?q=
    https://support.google.com/chrome/?p=beta_forum
    http://www.postdanmark.dk/da/Privat/Kundeservice/postnummerkort/Sider/Find-postnummer.aspx
    http://ocsp.startssl.com00
    https://yandex.ua/
    http://www.post.lt/lt/?id=316
    https://www.google.com/safebrowsing/report_error/
    http://search.babylon.com/?q=
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/language
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://support.google.com/chromecast/answer/2998338
    http://style
    http://crbug.com/360567
    http://www.yhs.delta-search.com/home?q=
    https://sb-ssl.google.com/safebrowsing/clientreport/malware-check
    http://www.google.com/privacy.html
    https://devices.adobe.com/partnerportal/
    https://gvt2.com/
    https://www.google.com
    http://www2.delta-search.com/?q=
    https://szukaj.onet.pl/favicon.ico
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    http://crbug.com/437891.
    http://clients3.google.com/cert_upload_json
    http://ok.hu/katalogus?q=
    http://crbug.com/319444.
    https://ct.cloudflare.com/logs/nimbus2018/
    https://fr.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_outdated_plugin
    https://google-analytics.com/
    https://clientservices.googleapis.com/uma/v2
    https://developers.google.com/web/tools/chrome-devtools/
    http://www.years
    https://yandex.by/images/search/?rpt=imageview
    http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%
    http://schema.org/TechArticle
    https://sb-ssl.google.com/safebrowsing/clientreport/chrome-reset
    http://ocsp.globalsign.com/rootr10
    https://photistic.report-uri.com/r/d/staple/reportOnly
    https://crashpad.chromium.org/bug/new
    https://lh3.googleusercontent.com
    https://ch.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/?p=ib_download_blocked
    http://www.georgianpost.ge/index.php?page=10
    http://crbug.com/26312
    http://www.inkscape.org/namespaces/inkscape
    http://mathematicsmargin-top
    http://www.correos.es/contenido/13-MenuRec2/04-MenuRec24/1010_s-CodPostal.asp
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson
    http://www.search.delta-search.com/home?q=
    https://chrome.google.com/webstore?hl=ko
    https://history.google.com/history/api/lookup?client=chrome
    http://suggestion.baidu.com/su?wd=
    https://www.googleapis.com/auth/proximity_auth
    http://crbug.com/99373
    https://safebrowsing.googleapis.com/v4
    https://chrome.google.com/webstore?hl=koChrome
    https://accounts.google.com/Logout
    http://crbug.com/371562
    https://nodejs.org/en/docs/inspector/
    http://g1.delphi.lv/favicon.ico
    https://www.postoffice.co.za/contactus/postalcode.html
    http://ocsp1.wosign.com/ca108
    http://find.in.gr/?q=
    https://developer.mozilla.org/en/DOM/document.
    https://support.google.com/chrome/?p=settings_encryption
    http://crl.globalsign.com/root.crl0V
    https://accounts.google.com/MergeSession
    https://asac.casa/expectstaple.jsp
    https://dk.search.yahoo.com/search?ei=
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx
    https://at.search.yahoo.com/favicon.ico
    http://ricerca.virgilio.it/common/favicon.ico
    https://sug.search.daum.net/search_nsuggest?mod=fxjson
    https://yandex.ru/images/search/?rpt=imageview
    https://beacons.gvt2.com/domainreliability/upload
    https://www.googleapis.com/auth/userinfo.email
    https://www.google.com/speech-api/full-duplex/v1
    https://ar.search.yahoo.com/search?ei=
    https://uk.search.yahoo.com/search?ei=
    https://alt3-safebrowsing.google.com/safebrowsing
    http://google.com/
    https://www.thawte.com/cps0)
    https://support.google.com/chrome/?p=ui_reset_settings
    http://crbug.com/717501
    https://suggest.yandex.ua/suggest-ff.cgi?part=
    http://crbug.com/275944
    http://www.delfi.lv/search_all/?ie=
    https://www.verisign.com/rpa04
    http://pesquisa.sapo.pt/livesapo?q=
    http://www.searchnu.com/web?hl=
    https://www.google.com/settings/chrome/sync/
    http://g2.symcb.com0L
    http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
    http://crbug.com/319444
    https://www.thawte.com/cps07
    http://g2.symcb.com0G
    http://wpad/wpad.dat
    https://www.thawte.com/cps02
    https://www.googleapis.com/auth/drive
    http://www.correosdemexico.gob.mx/ServiciosLinea/Paginas/ccpostales.aspx
    http://developer.chrome.com/extensions/external_extensions.html)
    https://www.verisign.com/rpa0
    https://safesearch.googleapis.com/v1:report
    https://www.google.com/accounts/OAuthLogin
    http://nova.rambler.ru/suggest?v=3
    https://google.com/cast
    https://hk.search.yahoo.com/favicon.ico
    http://crl.ws.symantec.com/universal-root.crl0
    https://github.com/GoogleChrome/lighthouse/issues/new?
    http://ns.adobe.com/xap/1.0/mm/
    https://br.ask.com/web?q=
    http://cybertrust.omniroot.com/repository.cfm0B
    https://www.vinden.nl/favicon.ico
    https://cl.search.yahoo.com/favicon.ico
    https://ct.googleapis.com/skydiver/
    https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
    https://www.chrome.com/manage
    https://weeblr.report-uri.com/r/d/staple/reportOnly
    https://suggest.yandex.ru/suggest-ff.cgi?part=
    https://www.googleapis.com/auth/any-api
    http://www.
    http://www.ctt.pt/feapl_2/app/open/tools.jspx?tool=1
    http://www.entrust.net/CPS0
    http://schema.org/NGO
    https://bugs.webkit.org/show_bug.cgi?id=28885
    http://px
    https://www.alphassl.com/repository/03
    https://www.google.com/chrome/?
    https://www.googleapis.com/auth/chromeosdevicemanagement
    https://sb-ssl.google.com/safebrowsing/clientreport/incident
    https://translate.googleapis.com/translate_a/element.js
    https://ct.googleapis.com/icarus/
    https://myaccount.google.com/
    http://whether
    http://searchfunmoods.com/results.php?q=
    https://www.google.com/searchdomaincheck?format=domain
    http://certificates.godaddy.com/repository/gd_intermediate.crt0
    https://bugs.webkit.org/show_bug.cgi?id=29235
    http://g.symcb.com/crls/gtglobal.crl0
    https://www.googleapis.com/oauth2/v2/IssueToken
    http://schema.org/ImageObject
    https://www.google.com/chrome/cleanup-tool/
    https://www.googleapis.com/oauth2/v2/tokeninfo
    http://ex.belpost.by/addressbook/
    http://EVSecure-crl.verisign.com/pca3-g5.crl0
    https://www.gstatic.com/chrome/profile_avatars/
    http://host/
    https://support.google.com/chrome/go/feedback_confirmation
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    https://yandex.ua/images/search/?rpt=imageview
    https://accounts.google.com/AddSession
    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-permissions
    https://search.aol.com/aol/search?q=
    http://crbug.com/456214
    https://finder.eircode.ie
    https://c.googlesyndication.com/
    https://sg.search.yahoo.com/search?ei=
    http://s0907
    http://www.symauth.com/rpa0
    http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
    http://www.C//DTD
    https://support.google.com/chrome/?p=ui_supervised_users
    http://crt.usertrust.com/AddTrustExternalCARoot.p7c09
    https://beacons5.gvt3.com/domainreliability/upload
    http://repository.certum.pl/ca.cer09
    http://crbug.com/672186).
    https://www.correos.go.cr/nosotros/codigopostal/busqueda.html
    https://matteomarescotti.report-uri.com/r/d/staple/reportOnly
    http://www.google.com/bot.html)
    http://crbug.com/478929
    https://www.googleapis.com/auth/chromesync
    http://crbug.com/470411
    https://malaysia.search.yahoo.com/favicon.ico
    https://support.google.com/chrome/answer/96817
    http://EVSecure-ocsp.verisign.com04
    http://www.codigopostal.gob.ec/
    http://crbug.com/312900
    http://interpreted
    https://ct1.digicert-ct.com/log/
    https://gcp.gvt6.com/
    https://www.baidu.com/
    http://iparticipation
    https://support.google.com/chrome/?p=ui_usagestat
    https://user
    https://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.ico
    https://co.search.yahoo.com/search?ei=
    http://www1.delta-search.com/home?q=
    https://c.bigcache.googleapis.com/
    https://gr.search.yahoo.com/favicon.ico
    https://search.goo.ne.jp/sgt.jsp?MT=
    https://myaccount.google.com/activitycontrols/search
    https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html
    http://www.adobe.com/mobile/licensees
    https://developers.google.com/chrome-developer-tools/docs/remote-debugging
    http://www.ietf.org/rfc/bcp/bcp47.txt
    https://clients4.google.com/rappor
    https://accounts.google.com/signin/chrome/sync?ssp=1
    http://www.microsoft.com/networking/WLAN/profile/v1
    https://developers.google.com/web/fundamentals/performance/rendering/
    https://support.google.com/chrome/?p=plugin_wmp
    https://ctserver.cnnic.cn/
    https://scotthelme.report-uri.com/r/d/staple/reportOnly
    http://imEnglish
    http://logo.verisign.com/vslogo.gif0)
    http://logo.verisign.com/vslogo.gif0(
    https://report-uri.cloudflare.com/expect-staple
    http://logo.verisign.com/vslogo.gif04
    https://support.google.com/chrome/answer/6258784
    http://posta.hu/ugyfelszolgalat/iranyitoszam_kereso
    https://www.geotrust.com/resources/cps04
    https://uk.search.yahoo.com/favicon.ico
    http://s
    http://www.posten.se/sv/Kundservice/Sidor/Sok-postnummer-resultat.aspx
    https://goo.gl/yqv4Q4
    https://accounts.google.com/embedded/setup/chrome/usermenu
    https://developer.mozilla.org/en/docs/Web/API/NavigatorLanguage/languages
    https://performance-insights.appspot.com/upload?tags=flags
    http://google.com
    https://accounts.google.com/
    http://www.neti.ee/api/suggestOS?suggestQuery=
    http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
    http://www.pos.com.my
    http://crl.thawte.com/ThawtePCA.crl0
    https://c.doc-0-0-sj.sj.googleusercontent.com/
    https://ct.googleapis.com/logs/argon2020/
    http://www.royalmail.com/postcode-finder
    https://developers.google.com/web/updates/2017/07/devtools-release-notes
    http://www.pakpost.gov.pk/postcode/postcode.html
    http://apps.identrust.com/roots/dstrootcax3.p7c0
    https://maktoob.search.yahoo.com/search?ei=
    http://imgs.sapo.pt/images/sapo.ico
    https://bugs.webkit.org/show_bug.cgi?id=20127
    https://support.google.com/chrome/?p=plugin_shockwave
    https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
    http://www.startssl.com/policy0
    http://www1.auspost.com.au/postcodes/
    https://www.googleapis.com/auth/kid.family.readonly
    http://www.a
    https://gcp.gvt2.com/
    http://crl.geotrust.com/crls/secureca.crl0N
    https://en.softonic.com/s/
    https://support.google.com/chrome/?p=ui_security_indicator
    https://es.search.yahoo.com/favicon.ico
    https://yandex.kz/
    http://search.imesh.net/music?hl=
    http://www.post.be/site/nl/residential/customerservice/search/postal_codes.html
    https://crbug.com/787427.
    https://www.googleapis.com/chromewebstore/v1.1/items/verify
    https://goo.gl/y8SRRv.
    https://search.yahoo.com/sugg/chrome?output=fxjson
    http://www.correo.com.uy/index.asp?codPag=codPost
    https://www.googleapis.com/affiliation/v1/affiliation:lookup
    http://.jpg
    http://searchfunmoods.com/favicon.ico
    https://qc.search.yahoo.com/sugg/chrome?output=fxjson
    https://support.google.com/chrome/?p=settings_do_not_track
    http://t.symcb.com/ThawtePCA.crl0)
    http://crl.entrust.net/2048ca.crl0
    http://search.babylon.com/home?q=
    https://co.search.yahoo.com/favicon.ico
    http://t.symcd.com01
    http://ocsp.usertrust.com0
    https://developers.google.com/web/updates/2017/10/devtools-release-notes
    https://br.search.yahoo.com/favicon.ico
    https://fonts.googleapis.com
    http://schema.org/EducationalOrganization
    https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
    http://schema.org/NewsArticle
    https://at.search.yahoo.com/search?ei=
    http://ocsp.geotrust.com0L
    https://chrome-devtools-frontend.appspot.com/serve_file/
    http://www2.delta-search.com/home?q=
    https://github.com/google/closure-compiler/issues/544
    https://google.com
    http://www.gstatic.com/generate_204
    http://crbug.com/541769
    https://www.googleapis.com/auth/android_checkin
    https://search.yahoo.co.jp/search?ei=
    https://googlevideo.com/
    http://ocsp.ws.symantec.com0k
    https://t0.gstatic.com/faviconV2?client=chrome
    https://beacons.gcp.gvt2.com/domainreliability/upload
    https://support.google.com/chrome/?p=settings_password
    http://www.nigeriapostcodes.com/
    https://www.digicert.com/CPS0
    http://www.iec.ch
    https://play.google.com/store/apps/details?id=
    http://www.startssl.com/policy.pdf04
    http://html4/loose.dtd
    https://support.google.com/chrome/?p=plugin_java
    http://familiar
    http://psc.ceskaposta.cz/CleanForm.action
    https://autosuggest.search.aol.com/autocomplete/get?output=json
    https://google.com/pay
    https://ct2.digicert-ct.com/log/
    https://log.getdropbox.com/log/expectct
    http://ocsp.geotrust.com0
    https://www.googleapis.com/auth/cusco-chrome-extension
    https://www.delfi.lt/favicon.ico
    https://ct.izenpe.com/
    https://support.google.com/chrome/?p=incognito
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://sug.so.360.cn/suggest?encodein=
    https://vn.search.yahoo.com/sugg/chrome?output=fxjson
    https://isearch.avg.com/search?q=
    https://certs.godaddy.com/repository/0
    https://www.googleapis.com/auth/cloudprint
    http://www.css
    https://support.google.com/chrome/?p=ui_guest
    https://ph.search.yahoo.com/search?ei=
    https://support.google.com/websearch/answer/510
    https://bugs.chromium.org/p/chromium/issues/entry?template=Defect%20report%20from%20user
    https://accounts.google.com
    https://www.gstatic.com/chrome/config/plugins_3/
    http://search.walla.co.il/?q=
    https://m.google.com/devicemanagement/data/api
    https://chromium-i18n.appspot.com/ssl-aggregate-address/
    http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx
    https://www.gstatic.com/securitykey/origins.json
    https://kidsmanagement-pa.googleapis.com/kidsmanagement/v1/
    https://accounts.google.com/ClientLogin
    http://www.startssl.com/sfsca.crt0
    http://www.conduit.com/search?q=
    http://www.israelpost.co.il/zipcode.nsf/demozip?openform
    https://support.google.com/chrome/?p=plugin_real
    https://support.google.com/chrome?p=webusb
    https://accounts.google.com/embedded/setup/chromeos
    https://support.google.com/chrome/?p=ui_automatic_settings_reset
    http://127.0.0.1
    http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    https://history.google.com/history/api/change
    http://www.keynectis.com/PC07
    https://payments.sandbox.google.com/
    http://www.delta-search.com/home?q=
    http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
    http://www.sptc.co.sz/swazipost/codes/index.php
    https://search.aol.com/favicon.ico
    http://encoding
    https://in.search.yahoo.com/favicon.ico
    https://clients3.google.com/ct_upload
    https://pe.search.yahoo.com/search?ei=
    https://ct.cloudflare.com/logs/nimbus2019/
    http://schema.org/Corporation
    http://In
    https://th.search.yahoo.com/search?ei=
    http://www.wencodeURIComponent
    http://www.post.japanpost.jp/zipcode/
    https://crbug.com/557445).
    https://www.zoznam.sk/favicon.ico
    https://www.googleapis.com/auth/mobile_user_preferences
    http://search.tut.by/?ru=1
    http://crbug.com/231664.
    https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
    https://www.World
    https://clients4.google.com/chrome-sync
    http://ocsp1.wosign.com/ca104
    http://www.zipcode.mn/
    http://.css
    https://www.googleapis.com/auth/kid.permission
    http://www.html5rocks.com/en/tutorials/canvas/hidpi/
    http://www.google.co.kr/permissions/guidelines.html
    https://cl.search.yahoo.com/sugg/chrome?output=fxjson
    https://ve.search.yahoo.com/favicon.ico
    http://epab.posten.no/
    http://nl.softonic.com/s/
    https://crbug.com/740629)
    http://crl.verisign.com/pca3-g5.crl0(
    http://search.softonic.com/?q=
    http://www.delfi.lt/paieska/?q=
    http://ocsp.rootg2.amazontrust.com08
    http://www.posta-romana.ro/zip_codes
    https://www.google.com/chrome/devices/chromecast/learn.html
    https://history.google.com/history/api/lookup?client=audio
    https://tw.search.yahoo.com/search?ei=
    https://tr.search.yahoo.com/favicon.ico
    http://dictionaryperceptionrevolutionfoundationpx
    http://www.ems.com.cn/serviceguide/you_bian_cha_xun.html
    https://vega.ws.symantec.com/
    http://www.pochta.uz/ru/uslugi/indexsearch.html
    https://www.yandex.ru/chrome/newtab
    http://www.foo.com
    https://at.search.yahoo.com/sugg/chrome?output=fxjson
    https://c.docs.google.com/
    https://support.google.com/chrome/?p=ib_blocked_plugin
    https://docs.google.com/
    http://l.twimg.com/i/hpkp_report
    http://www.post.gov.tw/post/internet/f_searchzone/index.jsp?ID=190102
    https://chrome.google.com/
    http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    http://www.ipostel.gob.ve/index.php/oficinas-postales
    http://www.geotrust.com/resources/cps0A
    https://ca.search.yahoo.com/favicon.ico
    http://www.caymanpost.gov.ky/
    http://wiki.greasespot.net/Greasemonkey_Manual:APIs
    https://c.pack.google.com/
    http://www.geotrust.com/resources/cps06
    https://get.adobe.com/reader/
    https://log.ncsccs.com/report/expectct
    https://s2.googleusercontent.com/s2/favicons?domain_url=%s
    http://www
    http://web-subframes.invalid
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop0.json
    http://www.correos.es/comun/CodigosPostales/1010_s-CodPostal.asp?Provincia=
    http://crbug.com/775961
    https://ac.search.naver.com/nx/ac?of=os
    https://vn.search.yahoo.com/favicon.ico
    http://www.zoznam.sk/hladaj.fcgi?s=
    https://crbug.com/444752.
    https://www.google.com/chrome/browser/privacy/
    https://was
    http://start.iminent.com/StartWeb/1033/homepage/
    http://www.geotrust.com/resources/cps0)
    https://mx.search.yahoo.com/search?ei=
    http://Descriptionrelatively
    https://localhost/
    https://support.google.com/chrome/?p=plugin_quicktime
    http://www.posta.rs/struktura/lat/aplikacije/pronadji/nadji-postu.asp
    https://android.clients.google.com/c2dm/register3
    https://ctlog.api.venafi.com/
    http://crl.verisign.com/pca3-g5.crl0
    https://support.google.com/chrome?p=bluetooth
    http://pesquisa.sapo.pt/?q=
    http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
    https://sabre.ct.comodo.com/
    https://history.report-uri.com/r/d/ct/reportOnly
    http://www.interpretation
    https://history.google.com/history/api/lookup?client=web_app
    http://crl.entrust.net/rootca1.crl0
    https://tobiassachs.report-uri.com/r/d/staple/reportOnly
    https://www.so.com/favicon.ico
    https://co.search.yahoo.com/sugg/chrome?output=fxjson
    https://clients4.google.com/chrome-sync/dev
    http://www1.delta-search.com/?q=
    https://www.google.com/speech-api/v2/synthesize?
    https://growth-pa.googleapis.com/v1/send_sms
    http://en.softonic.com/s/
    https://c.drive.google.com/
    https://support.google.com/chrome/?p=settings_privacy
    http://i.rl0.ru/2011/icons/rambler.ico
    http://crls1.wosign.com/ca1.crl0q
    http://accounts.google.com/
    https://www.googleapis.com/auth/userinfo.profile
    https://chrome.google.com/webstore/category/extensions
    https://www.verisign.com/cps04000000Z
    https://au.search.yahoo.com/favicon.ico
    https://growth-pa.googleapis.com/v1/get_verified_phone_numbers
    https://crbug.com/593166
    https://c.play.google.com/
    https://www.googleapis.com/auth/chrome-content-suggestions
    https://accounts.google.com/GetUserInfo
    http://crbug.com/320723
    https://chrome.google.com/webstore
    http://cybertrust.omniroot.com/repository0
    http://ocsp.verisign.com04
    https://accounts.google.com/TokenAuth
    https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
    https://www.gstatic.com/chrome/ntp/doodle_test/ddljson_desktop1.json
    https://ar.search.yahoo.com/sugg/chrome?output=fxjson
    https://cspreports.srvcs.tumblr.com/hpkp
    http://crl.godaddy.com/gdroot.crl0F
    http://s.ss2.us/r.crl0
    https://www.googleapis.com/oauth2/v1/userinfo
    https://myaccount.google.com/signinoptions/password?utm_source=Google
    https://au.search.yahoo.com/search?ei=
    http://localhost:8000/url
    http://www.softonic.com.br/s/
    http://www.svgpost.gov.vc/?option=com_content
    https://alt2-safebrowsing.google.com/safebrowsing
    https://ch.search.yahoo.com/search?ei=
    http://suggest.yandex.ru/suggest-ff.cgi?part=
    https://azreport.report-uri.com/r/d/staple/reportOnly
    https://drive.google.com
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    https://support.google.com/chrome/?p=settings_autofill
    http://www.neti.ee/favicon.ico
    http://www.elta.gr/findapostcode.aspx
    http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
    https://www.googleapis.com
    http://crbug.com/263077).
    https://beacons3.gvt2.com/domainreliability/upload
    https://suggest.fulltext.seznam.cz/fulltext_ff?phrase=
    http://search.incredibar.com/favicon.ico
    http://crl.rootg2.amazontrust.com/rootg2.crl0
    http://crbug.com/371562.
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://support.google.com/chrome/answer/1181420?
    http://g1.symcb.com/crls/gtglobal.crl0/
    http://isearch.avg.com/search?q=
    https://github.com/GoogleChrome/devtools-docs/issues/53
    http://developer.chrome.com/apps/usb.html
    http://www.digicert.com/ssl-cps-repository.htm0
    https://www.omniva.ee/era/sihtnumbrite_otsing
    http://ocsp.rootca1.amazontrust.com0
    https://safesearch.googleapis.com/v1:classify
    https://www.globalsign.com/repository/0
    https://github.com/v8/v8/wiki/Stack%20Trace%20API.
    http://ocsp.globalsign.com/rootr103
    https://www.ask.com/web?q=
    http://crl.starfieldtech.com/sfroot.crl0L
    https://www.
    https://www.chromestatus.com/feature/5738264052891648
    https://uk.ask.com/web?q=
    https://crbug.com/401439).
    https://mx.search.yahoo.com/favicon.ico
    http://mixidj.delta-search.com/?q=
    http://s2.symcb.com0
    http://ocsp.startssl.com/ca00
    http://crbug.com/40902
    https://passwords.google.com
    http://www.bhutanpost.bt/searchpostcode.php
    http://www.posten.ax/department.con?iPage=123
    https://nl.search.yahoo.com/sugg/chrome?output=fxjson
    http://purl.org/dc/elements/1.1/
    http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
    http://aia.startssl.com/certs/ca.crt0
    http://feed.snapdo.com/?q=
    https://accounts.google.com/o/oauth/GetOAuthToken/
    http://www.softonic.com/s/
    http://crbug.com/514696
    https://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
    https://ar.search.yahoo.com/favicon.ico
    https://tobiassachs.report-uri.com/r/d/ct/reportOnly
    https://go.mail.ru/search?q=
    https://transparencyreport.google.com/safe-browsing/search?url=%s
    http://g.symcb.com/GeoTrustPCA-G3.crl0
    https://fi.search.yahoo.com/favicon.ico
    https://vn.search.yahoo.com/search?ei=
    http://www.entrust.net/rpa0
    http://www.adobe.com/mobile/licensees(
    http://www-//W3C//DTD
    http://crbug.com/756654
    https://dl.google.com/dl/softwareremovaltool/win/
    https://ro.search.yahoo.com/search?ei=
    https://chrome-devtools-frontend.appspot.com
    http://kody.poczta-polska.pl/
    https://android.com/pay
    http://search.avg.com/route/?q=
    http://crbug.com/112091
    http://poste.opt.nc/index.php?option=com_content
    https://www.googleapis.com/auth/gcm
    http://s2.symcb.com0k
    https://clients4.google.com/ukm
    https://www.googleapis.com/auth/drive.apps.readonly
    http://mixidj.delta-search.com/home?q=
    https://fi.search.yahoo.com/search?ei=
    https://support.google.com/chrome/?p=blocked_ads
    https://chrome.google.com/webstore/detail/djcfdncoelnlbldjfhinnjlhdjlikmph
    https://support.google.com/chrome_webstore/?p=crx_warning
    https://groups.google.com/a/googleproductforums.com/d/topic/chrome/Xrco2HsXS-8/discussion
    https://malaysia.search.yahoo.com/search?ei=
    http://c
    https://chrome.google.com/webstore/download/
    http://search.softonic.com/img/favicon.ico
    https://fr.search.yahoo.com/sugg/chrome?output=fxjson
    https://payments.google.com/
    http://www.google.com/chrome/intl/ko/privacy.html
    http://psc.posta.sk
    https://accounts.google.com/ServiceLoginAuth
    http://w
    https://c.youtube.com/
    http://interested
    https://searchatlas.centrum.cz/favicon.ico
    https://www.delfi.lt/paieska/?q=
    http://search.tut.by/favicon.ico
    https://th.search.yahoo.com/favicon.ico
    https://www.chromestatus.com/feature/5675755719622656
    https://sb-ssl.google.com/safebrowsing/clientreport/download
    http://www.delta-search.com/?q=
    http://ss.ask.com/query?q=
    http://www.apache.org/licenses/LICENSE-2.0
    http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/
    http://www.mpegla.com
    https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_model_20170329.pb.bin
    https://yandex.by/
    http://navigation
    http://crls1.wosign.com/ca1.crl0m
    https://www
    https://support.google.com/chrome/?p=settings_search_help
    https://tools.usps.com/go/ZipLookupAction
    http://t1.symcb.com/ThawtePCA.crl0)
    https://accounts.google.com/IssueAuthToken
    https://www.google.com/cloudprint/enable_chrome_connector
    https://www.googleapis.com/auth/googletalk
    http://ocsp.startssl.com/ca0-
    http://search.goo.ne.jp/sgt.jsp?MT=
    http://www.posta.hr/default.aspx?pretpum
    http://www.postur.is/einstaklingar/posthus/postnumer/
    http://crl.startssl.com/sfsca.crl0
    https://ct.googleapis.com/pilot/
    http://www.certplus.com/CRL/class2.crl0
    https://dl.google.com/dl/softwareremovaltool/win/chrome_cleanup_tool.exe
    http://www.codigopostal.gov.co/
    https://beacons5.gvt2.com/domainreliability/upload
    https://datasaver.googleapis.com/v1/metrics:recordPageloadMetrics
    https://www.chromestatus.com/features/6443143280984064
    https://crbug.com/701034
    https://www.indiapost.gov.in/vas/pages/FindPinCode.aspx
    https://buscador.softonic.com/?q=
    https://proxy.googlezip.net:443
    https://scotthelme.report-uri.com/r/d/ct/reportOnly
    http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
    http://cps.root-x1.letsencrypt.org0
    https://support.google.com/chrome/?p=ui_remove_non_cws_extensions
    http://www.bangladeshpost.gov.bd/PostCode.asp
    https://ca.search.yahoo.com/sugg/chrome?output=fxjson
    https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
    http://ocsp.digicert.com0M
    https://search.avg.com/route/?q=
    https://support.google.com/chromebook/answer/1331549
    http://crl.rootca1.amazontrust.com/rootca1.crl0
    http://crbug.com/516527
    https://clients1.google.com/tbproxy/af/
    https://dk.search.yahoo.com/favicon.ico
    http://postakodu.ptt.gov.tr/
    http://start.iminent.com/?q=
    https://au.search.yahoo.com/sugg/chrome?output=fxjson
    https://ct.cloudflare.com/logs/nimbus2021/
    http://crbug.com/469522
    http://crbug.com/415315.
    https://history.google.com/history/api/delete?client=chrome
    https://example.com
    https://szukaj.onet.pl/wyniki.html?qt=
    http://schema.org/Article
    http://ricerca.virgilio.it/ricerca?qs=
    https://yandex.kz/images/search/?rpt=imageview
    http://repository.certum.pl/ctnca.cer09
    http://crbug.com/140364).
    http://crl.globalsign.net/root.crl0=
    http://developer.chrome.com/extensions/manifest.html
    http://g1.symcb.com/GeoTrustPCA.crl0)
    https://ph.search.yahoo.com/favicon.ico
    https://www.googleapis.com/geolocation/v1/geolocate
    http://crl.geotrust.com/crls/secureca.crl0F
    http://nigma.ru/themes/nigma/img/favicon.ico