ae6434d516885984b2fbfb64c0523f790ea0cb3d2dd6f3afd63b0796917e956c

Analysis

max time kernel
99s
max time network
125s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
14/11/2023, 06:50 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ByGay/CED3D10Hook.dll
Size

128KB
MD5

43dac1f3ca6b48263029b348111e3255
SHA1

9e399fddc2a256292a07b5c3a16b1c8bdd8da5c1
SHA256

148f12445f11a50efbd23509139bf06a47d453e8514733b5a15868d10cc6e066
SHA512

6e77a429923b503fc08895995eb8817e36145169c2937dacc2da92b846f45101846e98191aeb4f0f2f13fff05d0836aa658f505a04208188278718166c5e3032
SSDEEP

1536:jRXPVJPMo10+PfXl/IRTlsfQstLh66crJWeWyPCUpfrCWV13P1+CUOEvCvOEMI7:BdJPMlMb1g6e0dU9rf3P7UObvOja

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe

Suspicious use of AdjustPrivilegeToken 28 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2272	2196	rundll32.exe	28
PID 2196 wrote to memory of 2272	2196	rundll32.exe	28
PID 2196 wrote to memory of 2272	2196	rundll32.exe	28
PID 2196 wrote to memory of 2272	2196	rundll32.exe	28
PID 2196 wrote to memory of 2272	2196	rundll32.exe	28
PID 2196 wrote to memory of 2272	2196	rundll32.exe	28
PID 2196 wrote to memory of 2272	2196	rundll32.exe	28
PID 2800 wrote to memory of 576	2800	chrome.exe	38
PID 2800 wrote to memory of 576	2800	chrome.exe	38
PID 2800 wrote to memory of 576	2800	chrome.exe	38
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2024	2800	chrome.exe	41
PID 2800 wrote to memory of 2024	2800	chrome.exe	41
PID 2800 wrote to memory of 2024	2800	chrome.exe	41
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ByGay\CED3D10Hook.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ByGay\CED3D10Hook.dll,#1
  2⤵
  PID:2272

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1232

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\NewSend.rar
1⤵
- Modifies registry class
PID:276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef47c9758,0x7fef47c9768,0x7fef47c9778
  2⤵
  PID:576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:2
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2104 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1496 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:2
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2216 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3480 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3604 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3676 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3596 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3792 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3832 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3936 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3952 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4036 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4048 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4136 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4152 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4300 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4316 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4380 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3744 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4396 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3980 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4280 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3488 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3548 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3432 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=2516 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3516 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3736 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=3276 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2020

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1636

Network

DNS

youtube.com

chrome.exe

Remote address:

8.8.8.8:53

Request

youtube.com

IN A

Response

youtube.com

IN A

216.58.214.14
GET

https://youtube.com/

chrome.exe

Remote address:

216.58.214.14:443

Request

GET / HTTP/2.0
host: youtube.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "0.1.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
x-client-data: CLuQywE=
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

i.ytimg.com

chrome.exe

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

142.250.179.182

i.ytimg.com

IN A

142.250.179.214

i.ytimg.com

IN A

142.251.36.22

i.ytimg.com

IN A

142.251.39.118

i.ytimg.com

IN A

172.217.168.214

i.ytimg.com

IN A

172.217.23.214

i.ytimg.com

IN A

216.58.208.118

i.ytimg.com

IN A

142.250.179.150

i.ytimg.com

IN A

142.251.36.54

i.ytimg.com

IN A

172.217.168.246
GET

https://i.ytimg.com/generate_204

chrome.exe

Remote address:

142.250.179.182:443

Request

GET /generate_204 HTTP/2.0
host: i.ytimg.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "0.1.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CLuQywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://i.ytimg.com/vi/PbnCUPatRJs/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLBSJxyChv3qQ2enh8RztI8rzqdoHA

chrome.exe

Remote address:

142.250.179.182:443

Request

GET /vi/PbnCUPatRJs/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLBSJxyChv3qQ2enh8RztI8rzqdoHA HTTP/2.0
host: i.ytimg.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "0.1.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLuQywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://i.ytimg.com/vi/88CVD5a9OpQ/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLDkcgHt8vD4RJR7dGbUHrnXDOAlrA

chrome.exe

Remote address:

142.250.179.182:443

Request

GET /vi/88CVD5a9OpQ/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLDkcgHt8vD4RJR7dGbUHrnXDOAlrA HTTP/2.0
host: i.ytimg.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "0.1.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLuQywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

accounts.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.250.179.141
DNS

googleads.g.doubleclick.net

chrome.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.251.36.2
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

216.58.214.10

content-autofill.googleapis.com

IN A

142.250.179.138

content-autofill.googleapis.com

IN A

142.251.36.42

content-autofill.googleapis.com

IN A

172.217.168.234

content-autofill.googleapis.com

IN A

142.250.179.170

content-autofill.googleapis.com

IN A

142.250.179.202

content-autofill.googleapis.com

IN A

142.251.36.10

content-autofill.googleapis.com

IN A

142.251.39.106

content-autofill.googleapis.com

IN A

172.217.23.202
DNS

rr4---sn-q4fl6nsy.googlevideo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

rr4---sn-q4fl6nsy.googlevideo.com

IN A

Response

rr4---sn-q4fl6nsy.googlevideo.com

IN CNAME

rr4.sn-q4fl6nsy.googlevideo.com

rr4.sn-q4fl6nsy.googlevideo.com

IN A

172.217.131.233
DNS

yt3.ggpht.com

Remote address:

8.8.8.8:53

Request

yt3.ggpht.com

IN A

Response

yt3.ggpht.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

74.125.128.132
DNS

rr2---sn-5hne6nsz.googlevideo.com

Remote address:

8.8.8.8:53

Request

rr2---sn-5hne6nsz.googlevideo.com

IN A

Response

rr2---sn-5hne6nsz.googlevideo.com

IN CNAME

rr2.sn-5hne6nsz.googlevideo.com

rr2.sn-5hne6nsz.googlevideo.com

IN A

74.125.100.71
DNS

static.doubleclick.net

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

142.251.36.6
DNS

jnn-pa.googleapis.com

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

142.251.39.106

jnn-pa.googleapis.com

IN A

172.217.23.202

jnn-pa.googleapis.com

IN A

216.58.208.106

jnn-pa.googleapis.com

IN A

142.250.179.138

jnn-pa.googleapis.com

IN A

142.251.36.42

jnn-pa.googleapis.com

IN A

142.250.179.170

jnn-pa.googleapis.com

IN A

142.250.179.202

jnn-pa.googleapis.com

IN A

142.251.36.10
DNS

rr1---sn-5hneknek.googlevideo.com

Remote address:

8.8.8.8:53

Request

rr1---sn-5hneknek.googlevideo.com

IN A

Response

rr1---sn-5hneknek.googlevideo.com

IN CNAME

rr1.sn-5hneknek.googlevideo.com

rr1.sn-5hneknek.googlevideo.com

IN A

74.125.8.134
DNS

rr4---sn-5hneknek.googlevideo.com

Remote address:

8.8.8.8:53

Request

rr4---sn-5hneknek.googlevideo.com

IN A

Response

rr4---sn-5hneknek.googlevideo.com

IN CNAME

rr4.sn-5hneknek.googlevideo.com

rr4.sn-5hneknek.googlevideo.com

IN A

74.125.8.137
DNS

tpc.googlesyndication.com

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

142.251.36.1
DNS

rr5---sn-5hne6nz6.googlevideo.com

Remote address:

8.8.8.8:53

Request

rr5---sn-5hne6nz6.googlevideo.com

IN A

Response

rr5---sn-5hne6nz6.googlevideo.com

IN CNAME

rr5.sn-5hne6nz6.googlevideo.com

rr5.sn-5hne6nz6.googlevideo.com

IN A

74.125.100.202
DNS

lh4.googleusercontent.com

Remote address:

8.8.8.8:53

Request

lh4.googleusercontent.com

IN A

Response

lh4.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.251.36.1
DNS

encrypted-tbn2.gstatic.com

Remote address:

8.8.8.8:53

Request

encrypted-tbn2.gstatic.com

IN A

Response

encrypted-tbn2.gstatic.com

IN A

142.251.39.110
DNS

encrypted-tbn3.gstatic.com

Remote address:

8.8.8.8:53

Request

encrypted-tbn3.gstatic.com

IN A

Response

encrypted-tbn3.gstatic.com

IN A

142.251.36.46
DNS

encrypted-tbn1.gstatic.com

Remote address:

8.8.8.8:53

Request

encrypted-tbn1.gstatic.com

IN A

Response

encrypted-tbn1.gstatic.com

IN A

142.251.36.46
DNS

lh3.googleusercontent.com

Remote address:

8.8.8.8:53

Request

lh3.googleusercontent.com

IN A

Response

lh3.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

108.177.127.132
DNS

play.google.com

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.251.36.14

216.58.214.14:443

https://youtube.com/

tls, http2

chrome.exe

2.1kB
9.8kB
15
17

HTTP Request

GET https://youtube.com/
216.58.214.14:443

youtube.com

tls, http2

chrome.exe

1.0kB
8.3kB
10
10
142.250.179.182:443

https://i.ytimg.com/vi/88CVD5a9OpQ/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLDkcgHt8vD4RJR7dGbUHrnXDOAlrA

tls, http2

chrome.exe

5.1kB
155.0kB
72
123

HTTP Request

GET https://i.ytimg.com/generate_204

HTTP Request

GET https://i.ytimg.com/vi/PbnCUPatRJs/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLBSJxyChv3qQ2enh8RztI8rzqdoHA

HTTP Request

GET https://i.ytimg.com/vi/88CVD5a9OpQ/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLDkcgHt8vD4RJR7dGbUHrnXDOAlrA
142.251.36.2:443

googleads.g.doubleclick.net

tls

2.3kB
7.6kB
18
18
216.58.214.10:443

content-autofill.googleapis.com

tls

1.8kB
6.9kB
14
15
216.58.214.10:443

content-autofill.googleapis.com

tls

1.1kB
7.2kB
10
9
172.217.131.233:443

rr4---sn-q4fl6nsy.googlevideo.com

tls

4.8kB
6.5kB
12
11
172.217.131.233:443

rr4---sn-q4fl6nsy.googlevideo.com

tls

2.8kB
6.4kB
10
9
74.125.128.132:443

yt3.ggpht.com

tls

2.4kB
26.7kB
21
27
172.217.131.233:443

rr4---sn-q4fl6nsy.googlevideo.com

tls

2.8kB
6.4kB
10
10
172.217.131.233:443

rr4---sn-q4fl6nsy.googlevideo.com

tls

2.8kB
6.4kB
10
10
172.217.131.233:443

rr4---sn-q4fl6nsy.googlevideo.com

tls

2.8kB
6.5kB
10
11
172.217.131.233:443

rr4---sn-q4fl6nsy.googlevideo.com

tls

2.8kB
6.4kB
10
10
74.125.100.71:443

rr2---sn-5hne6nsz.googlevideo.com

tls

6.5kB
168.0kB
40
129
74.125.100.71:443

rr2---sn-5hne6nsz.googlevideo.com

tls

3.7kB
76.3kB
24
59
142.251.36.6:443

static.doubleclick.net

tls

1.9kB
6.8kB
13
13
142.251.39.106:443

jnn-pa.googleapis.com

tls

1.7kB
6.8kB
13
13
142.251.36.1:443

tpc.googlesyndication.com

tls

2.2kB
22.5kB
18
23
142.251.39.110:443

encrypted-tbn2.gstatic.com

tls

953 B
5.8kB
8
8
142.251.39.110:443

encrypted-tbn2.gstatic.com

tls

2.4kB
14.0kB
15
22
142.251.39.110:443

encrypted-tbn2.gstatic.com

tls

907 B
5.8kB
7
7
142.251.36.46:443

encrypted-tbn3.gstatic.com

tls

2.1kB
9.0kB
13
15
142.251.36.46:443

encrypted-tbn1.gstatic.com

tls

907 B
5.8kB
7
8
142.251.36.46:443

encrypted-tbn1.gstatic.com

tls

2.2kB
11.4kB
13
17
216.58.214.14:443

youtube.com

tls

959 B
9.3kB
8
11
142.251.36.14:443

play.google.com

tls

1.6kB
8.4kB
12
15
127.0.0.1:9229

chrome.exe
127.0.0.1:9229

chrome.exe
127.0.0.1:9229

chrome.exe

224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

youtube.com

dns

chrome.exe

57 B
73 B
1
1

DNS Request

youtube.com

DNS Response

216.58.214.14
8.8.8.8:53

i.ytimg.com

dns

chrome.exe

57 B
217 B
1
1

DNS Request

i.ytimg.com

DNS Response

142.250.179.182

142.250.179.214

142.251.36.22

142.251.39.118

172.217.168.214

172.217.23.214

216.58.208.118

142.250.179.150

142.251.36.54

172.217.168.246
8.8.8.8:53

accounts.google.com

dns

chrome.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.250.179.141
142.250.179.141:443

accounts.google.com

https

chrome.exe

5.4kB
12.2kB
23
23
8.8.8.8:53

googleads.g.doubleclick.net

dns

chrome.exe

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.251.36.2
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

77 B
221 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

216.58.214.10

142.250.179.138

142.251.36.42

172.217.168.234

142.250.179.170

142.250.179.202

142.251.36.10

142.251.39.106

172.217.23.202
8.8.8.8:53

rr4---sn-q4fl6nsy.googlevideo.com

dns

chrome.exe

79 B
125 B
1
1

DNS Request

rr4---sn-q4fl6nsy.googlevideo.com

DNS Response

172.217.131.233
8.8.8.8:53

yt3.ggpht.com

dns

59 B
120 B
1
1

DNS Request

yt3.ggpht.com

DNS Response

74.125.128.132
74.125.128.132:443

yt3.ggpht.com

https

5.4kB
43.6kB
38
52
142.250.179.182:443

i.ytimg.com

https

10.3kB
371.5kB
94
308
142.251.36.2:443

googleads.g.doubleclick.net

https

4.1kB
11.4kB
24
31
8.8.8.8:53

rr2---sn-5hne6nsz.googlevideo.com

dns

79 B
125 B
1
1

DNS Request

rr2---sn-5hne6nsz.googlevideo.com

DNS Response

74.125.100.71
8.8.8.8:53

static.doubleclick.net

dns

68 B
84 B
1
1

DNS Request

static.doubleclick.net

DNS Response

142.251.36.6
8.8.8.8:53

jnn-pa.googleapis.com

dns

67 B
195 B
1
1

DNS Request

jnn-pa.googleapis.com

DNS Response

142.251.39.106

172.217.23.202

216.58.208.106

142.250.179.138

142.251.36.42

142.250.179.170

142.250.179.202

142.251.36.10
142.251.39.106:443

jnn-pa.googleapis.com

https

11.5kB
88.1kB
64
95
8.8.8.8:53

rr1---sn-5hneknek.googlevideo.com

dns

79 B
125 B
1
1

DNS Request

rr1---sn-5hneknek.googlevideo.com

DNS Response

74.125.8.134
74.125.100.71:443

rr2---sn-5hne6nsz.googlevideo.com

https

17.4kB
862.1kB
129
693
74.125.8.134:443

rr1---sn-5hneknek.googlevideo.com

https

2.9kB
7.0kB
15
16
8.8.8.8:53

rr4---sn-5hneknek.googlevideo.com

dns

79 B
125 B
1
1

DNS Request

rr4---sn-5hneknek.googlevideo.com

DNS Response

74.125.8.137
74.125.8.137:443

rr4---sn-5hneknek.googlevideo.com

https

28.1kB
1.1MB
186
935
8.8.8.8:53

tpc.googlesyndication.com

dns

71 B
87 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

142.251.36.1
8.8.8.8:53

rr5---sn-5hne6nz6.googlevideo.com

dns

79 B
125 B
1
1

DNS Request

rr5---sn-5hne6nz6.googlevideo.com

DNS Response

74.125.100.202
74.125.100.202:443

rr5---sn-5hne6nz6.googlevideo.com

https

16.2kB
543.7kB
124
452
142.251.36.1:443

tpc.googlesyndication.com

https

4.3kB
36.0kB
32
45
8.8.8.8:53

lh4.googleusercontent.com

dns

71 B
116 B
1
1

DNS Request

lh4.googleusercontent.com

DNS Response

142.251.36.1
142.251.36.1:443

lh4.googleusercontent.com

https

6.0kB
78.4kB
42
66
8.8.8.8:53

encrypted-tbn2.gstatic.com

dns

72 B
88 B
1
1

DNS Request

encrypted-tbn2.gstatic.com

DNS Response

142.251.39.110
8.8.8.8:53

encrypted-tbn3.gstatic.com

dns

72 B
88 B
1
1

DNS Request

encrypted-tbn3.gstatic.com

DNS Response

142.251.36.46
8.8.8.8:53

encrypted-tbn1.gstatic.com

dns

72 B
88 B
1
1

DNS Request

encrypted-tbn1.gstatic.com

DNS Response

142.251.36.46
216.58.214.14:443

youtube.com

https

4.1kB
9.7kB
12
13
8.8.8.8:53

lh3.googleusercontent.com

dns

71 B
116 B
1
1

DNS Request

lh3.googleusercontent.com

DNS Response

108.177.127.132
108.177.127.132:443

lh3.googleusercontent.com

https

3.7kB
52.5kB
27
45
8.8.8.8:53

play.google.com

dns

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.251.36.14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\772aebb5-833a-4b6e-9300-b7049305deb5.tmp

Filesize
219KB

MD5
72e628126bb50bc8a88fd98e7073f3ee

SHA1
58fc80757dbbfa565c5e8e5e9a1ea048ac788f91

SHA256
ce375bd75650d61ac17bb72dd8dbfd79d523f05b326ddb84117188930a8862f9

SHA512
68afb84b95f484af2b6f2e42528ff119ddb50cf061fecddc510c28585e452566ff7a8a60eef807d0f3ae9f45d7588f6d4f72b4d7cf90a05f7d1bc83c0bf992ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\965b43b3-2d21-4315-9d87-253883a3d19e.tmp

Filesize
7KB

MD5
ed67047d3c5c8d179725686a4954f4bd

SHA1
75bcc2e7936488434bf4770c648ee32e4e9567f9

SHA256
ec1408096b815b8c09f70e2b76b20440ab6a9e0250c34dcea7004be57ca0e6e3

SHA512
3806b3481878a83bfd94b1aee63ad0ad356d3e6dbaa6c88a286391db812c3a2225386cf678d3467f9dbe921229fa91a33517bb17d799d00202cf9fc0ae0d2045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf77cde9.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
2e33165e20393c333f7efe81429b8574

SHA1
a5d10eb902b17929241bd192a8877ee1533fc4d2

SHA256
65c68f52988d4ce2b4f0e6dbf09f47854df5e14eea750eec8a5a64092d3e3aeb

SHA512
9d43c0df8c39fa672d20f0bf138b38df3026b34883fcd4705d9fb07846ddf4baf731f78c07c1f7aed171e030a578a3bbc5f3a0919ac62ba16aad7ea7a61532a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
53b245bf5071716896524dd7f5c0d528

SHA1
cd009587faaba09966503e12f5663adc8e537c64

SHA256
ed96b3f850ad0fc9dfa100828123373598bf5c802776ada280ac89a7c1dc6d0f

SHA512
f1aedd52400921f9b52c9be103f1bc3e305fd6b2ac79207b2186109bdafb6b705c47870e1fe6415ade6c1229edfbc0c9b0e05b79ee3c233341a4c1e33e2eac1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
759c23260b8b952015adabf0d9e96e59

SHA1
50e6edfccb3e37c2798714d60b720d0c37f17066

SHA256
9795aa6b095add49f68de8bcaf4522df712b51adcfd436345c91b6f6d13f5271

SHA512
a78830056ea96086d160d75c1e734c1e0fcfd32836894bd20ef4216ea31a10fe4b802d4eac9329a67590d78c45428d2ed9c9b00590ce0a8216704530a6a6de53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
d1f28d5c2d9ae96246429b7bc7e9e77d

SHA1
92f55a28424920beefe993dd48076ab41908a1ef

SHA256
09fb4ad70760d73143137367850d688505822a60bb57be714c4bc8b84df6db7a

SHA512
b8ac5aa882a9e7b3563b2856910117d090eceb73519efc35092a6e359a05496bb338dd4c1a00a9e96dba8faaff5c1392b4a80af8b7fc2bbe19a31b81bfe193d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
e2ae8725ae5727fac93b949f56cdb41a

SHA1
a58a9a7a8e13705200d8624fc298929701ad1a80

SHA256
60e962c560fa212a1d481fdbf5ad8bc0ca5cfe41726313d4c7eebce72fa42f0d

SHA512
8b8048c9d8b97381018cac8589466e5ce850f04ee6eddd2dde6851ba2a5b621fa587805d111d902c5f90d1e3f9dc5b4d76c0b51cf9117de860891cecdfdaeafc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
d56a116d84c365cc94f058b3c210997a

SHA1
4c4acba1cf3a59ed185525a4e1eee7ca87a0817d

SHA256
b6b29612a75c44e266a616c81f6a74c14d18243b7d4d232b455c3978befa796f

SHA512
12bab8b6d920a76d17e3f6178d05eccee9afc938b5880b85514cf56eba8a3974a8fccdb549264e89c0f98a7d02ac8b446ebd2ebe2d7893b2ee4f59c0cb58109c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
219KB

MD5
31a3f986eca0d76669f28e8b54dc9b16

SHA1
155bd7f23bab2eb1e6605863aa96708df2c0b6d7

SHA256
46cc7735bf71f87a343b8eca4369ff6553a9608dbca01855e24d8ca3a1d31213

SHA512
07755109931d5da4c7abb0ef512a6745608eb50067da9b832318096f49838608a4105a85b4e009d557e4e668f248e07b90ad532cc258c913767d510fbe5e5333

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.