05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf

Analysis

max time kernel
60s
max time network
149s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 18:50 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SKlauncher-3.2.exe
Size

1.6MB
MD5

b63468dd118dfbca5ef7967ba344e0e3
SHA1

2ba4f0df5f3bd284bf2a89aba320e4440d8b8355
SHA256

05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
SHA512

007ecb7445dc0c01a802b5a2c91313aae59f9dc96e27455dd85e7a92a4e649d683fbc2ada5f48925d9ab3b4fdaea20aa89eeb442fde079902aecb5ca3454a548
SSDEEP

49152:HIBc3n9dRvwVlzhFAQ/ggUTPQjYEiim7V:oBaO/FAqMQjYEXm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2308	chrome.exe
2308	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 2164	2308	chrome.exe	29
PID 2308 wrote to memory of 2164	2308	chrome.exe	29
PID 2308 wrote to memory of 2164	2308	chrome.exe	29
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2628	2308	chrome.exe	31
PID 2308 wrote to memory of 2804	2308	chrome.exe	32
PID 2308 wrote to memory of 2804	2308	chrome.exe	32
PID 2308 wrote to memory of 2804	2308	chrome.exe	32
PID 2308 wrote to memory of 2968	2308	chrome.exe	33
PID 2308 wrote to memory of 2968	2308	chrome.exe	33
PID 2308 wrote to memory of 2968	2308	chrome.exe	33
PID 2308 wrote to memory of 2968	2308	chrome.exe	33
PID 2308 wrote to memory of 2968	2308	chrome.exe	33
PID 2308 wrote to memory of 2968	2308	chrome.exe	33
PID 2308 wrote to memory of 2968	2308	chrome.exe	33
PID 2308 wrote to memory of 2968	2308	chrome.exe	33
PID 2308 wrote to memory of 2968	2308	chrome.exe	33
PID 2308 wrote to memory of 2968	2308	chrome.exe	33
PID 2308 wrote to memory of 2968	2308	chrome.exe	33
PID 2308 wrote to memory of 2968	2308	chrome.exe	33
PID 2308 wrote to memory of 2968	2308	chrome.exe	33
PID 2308 wrote to memory of 2968	2308	chrome.exe	33
PID 2308 wrote to memory of 2968	2308	chrome.exe	33
PID 2308 wrote to memory of 2968	2308	chrome.exe	33
PID 2308 wrote to memory of 2968	2308	chrome.exe	33
PID 2308 wrote to memory of 2968	2308	chrome.exe	33
PID 2308 wrote to memory of 2968	2308	chrome.exe	33

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"
1⤵
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7039758,0x7fef7039768,0x7fef7039778
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:2
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2324 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1112 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:2
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1284 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3460 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3552 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3764 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3504 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3472 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4012 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2420 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3896 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1352 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1040 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3504 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2464 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:8
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2440 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3904 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2356 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3416 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=692 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4048 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4176 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4100 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4132 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=1096 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=2348 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1044 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4348 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=1860 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=1028 --field-trial-handle=1356,i,18023282908202317907,14736123993726250163,131072 /prefetch:1
  2⤵
  PID:2724

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2904

Network

DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
GET

https://www.google.com/async/ddljson?async=ntp:2

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/ddljson?async=ntp:2 HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
host: www.google.com
x-client-data: CLCVywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_promos

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/newtab_promos HTTP/2.0
host: www.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/ddljson?async=ntp:2

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/ddljson?async=ntp:2 HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
host: www.google.com
x-client-data: CLCVywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_promos

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/newtab_promos HTTP/2.0
host: www.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

pki.goog

chrome.exe

Remote address:

8.8.8.8:53

Request

pki.goog

IN A

Response

pki.goog

IN A

216.239.32.29
GET

http://pki.goog/gsr1/gsr1.crt

chrome.exe

Remote address:

216.239.32.29:80

Request

GET /gsr1/gsr1.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 889
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 21 Apr 2024 18:50:12 GMT
Expires: Sun, 21 Apr 2024 19:40:12 GMT
Cache-Control: public, max-age=3000
Age: 92
Last-Modified: Wed, 20 May 2020 16:45:00 GMT
Content-Type: application/pkix-cert
Vary: Accept-Encoding
DNS

www.microsoft.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194
DNS

apis.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.200.14
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.dCBC8e6ENbg.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo8oB7UmguRctpg6togRivSNxNKjzQ/cb=gapi.loaded_0

chrome.exe

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.dCBC8e6ENbg.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo8oB7UmguRctpg6togRivSNxNKjzQ/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

aduption.net

chrome.exe

Remote address:

8.8.8.8:53

Request

aduption.net

IN A

Response
DNS

google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.178.14
DNS

google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.178.14
DNS

youareanidiot.com

Remote address:

8.8.8.8:53

Request

youareanidiot.com

IN A

Response

youareanidiot.com

IN A

45.33.30.197

youareanidiot.com

IN A

45.79.19.196

youareanidiot.com

IN A

96.126.123.244

youareanidiot.com

IN A

72.14.178.174

youareanidiot.com

IN A

45.56.79.23

youareanidiot.com

IN A

45.33.20.235

youareanidiot.com

IN A

45.33.18.44

youareanidiot.com

IN A

45.33.2.79

youareanidiot.com

IN A

45.33.23.183

youareanidiot.com

IN A

198.58.118.167

youareanidiot.com

IN A

173.255.194.134

youareanidiot.com

IN A

72.14.185.43
DNS

www1.youareanidiot.com

Remote address:

8.8.8.8:53

Request

www1.youareanidiot.com

IN A

Response

www1.youareanidiot.com

IN CNAME

590458.parkingcrew.net

590458.parkingcrew.net

IN A

75.2.73.197

590458.parkingcrew.net

IN A

99.83.136.84
GET

http://www1.youareanidiot.com/?tm=1&subid4=1713725556.0197280000&KW1=Video%20Productions&KW2=Website%20Hosting&KW3=PSD%20HTML&searchbox=0&domainname=0&backfill=0

Remote address:

75.2.73.197:80

Request

GET /?tm=1&subid4=1713725556.0197280000&KW1=Video%20Productions&KW2=Website%20Hosting&KW3=PSD%20HTML&searchbox=0&domainname=0&backfill=0 HTTP/1.1
Host: www1.youareanidiot.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Sun, 21 Apr 2024 18:52:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket003
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_PERBRYop81zgwhPCeE69MlMtR9orzKJuOfvnpk16dIv+ICB1npbw6Y+hnPKtDBvvgv0BUJGYxv9EwpRwanIaWQ==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: english
Accept-CH: viewport-width
Accept-CH: dpr
Accept-CH: device-memory
Accept-CH: rtt
Accept-CH: downlink
Accept-CH: ect
Accept-CH: ua
Accept-CH: ua-full-version
Accept-CH: ua-platform
Accept-CH: ua-platform-version
Accept-CH: ua-arch
Accept-CH: ua-model
Accept-CH: ua-mobile
Accept-CH-Lifetime: 30
X-Domain: youareanidiot.com
X-Subdomain: www1
Content-Encoding: gzip
GET

http://www1.youareanidiot.com/track.php?domain=youareanidiot.com&toggle=browserjs&uid=MTcxMzcyNTU1Ni42OTY5OjgxODFkYzE4ZTA1ODI4MDRlODVjOGZiMmQ2MzlkMTg2MjhkMzNlMGM1ZmI4YjlkMDFhOWIwMDA0MWVkMWY4ZTU6NjYyNTYwNzRhYTIyMw%3D%3D

Remote address:

75.2.73.197:80

Request

GET /track.php?domain=youareanidiot.com&toggle=browserjs&uid=MTcxMzcyNTU1Ni42OTY5OjgxODFkYzE4ZTA1ODI4MDRlODVjOGZiMmQ2MzlkMTg2MjhkMzNlMGM1ZmI4YjlkMDFhOWIwMDA0MWVkMWY4ZTU6NjYyNTYwNzRhYTIyMw%3D%3D HTTP/1.1
Host: www1.youareanidiot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: */*
Referer: http://www1.youareanidiot.com/?tm=1&subid4=1713725556.0197280000&KW1=Video%20Productions&KW2=Website%20Hosting&KW3=PSD%20HTML&searchbox=0&domainname=0&backfill=0
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Sun, 21 Apr 2024 18:52:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width
Accept-CH: dpr
Accept-CH: device-memory
Accept-CH: rtt
Accept-CH: downlink
Accept-CH: ect
Accept-CH: ua
Accept-CH: ua-full-version
Accept-CH: ua-platform
Accept-CH: ua-platform-version
Accept-CH: ua-arch
Accept-CH: ua-model
Accept-CH: ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
GET

http://www1.youareanidiot.com/ls.php?t=66256074&token=af2f7cd140bac1ed73d87bd79003c49be4708ccf

Remote address:

75.2.73.197:80

Request

GET /ls.php?t=66256074&token=af2f7cd140bac1ed73d87bd79003c49be4708ccf HTTP/1.1
Host: www1.youareanidiot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: */*
Referer: http://www1.youareanidiot.com/?tm=1&subid4=1713725556.0197280000&KW1=Video%20Productions&KW2=Website%20Hosting&KW3=PSD%20HTML&searchbox=0&domainname=0&backfill=0
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 201 Created

Date: Sun, 21 Apr 2024 18:52:38 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width
Accept-CH: dpr
Accept-CH: device-memory
Accept-CH: rtt
Accept-CH: downlink
Accept-CH: ect
Accept-CH: ua
Accept-CH: ua-full-version
Accept-CH: ua-platform
Accept-CH: ua-platform-version
Accept-CH: ua-arch
Accept-CH: ua-model
Accept-CH: ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 66256075a21801d7a203cba3
Charset: utf-8
Access-Control-Allow-Origin:
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_ICN19JoLz+je7gX0MlvXlT/AB1f8569hpWwHtX3NE1hM+sWd+P0ZNgVA6VLcVEAq2Rm4c4RBEshKlZ3u06gWgw==
GET

http://www1.youareanidiot.com/track.php?domain=youareanidiot.com&caf=1&toggle=answercheck&answer=yes&uid=MTcxMzcyNTU1Ni42OTY5OjgxODFkYzE4ZTA1ODI4MDRlODVjOGZiMmQ2MzlkMTg2MjhkMzNlMGM1ZmI4YjlkMDFhOWIwMDA0MWVkMWY4ZTU6NjYyNTYwNzRhYTIyMw%3D%3D

Remote address:

75.2.73.197:80

Request

GET /track.php?domain=youareanidiot.com&caf=1&toggle=answercheck&answer=yes&uid=MTcxMzcyNTU1Ni42OTY5OjgxODFkYzE4ZTA1ODI4MDRlODVjOGZiMmQ2MzlkMTg2MjhkMzNlMGM1ZmI4YjlkMDFhOWIwMDA0MWVkMWY4ZTU6NjYyNTYwNzRhYTIyMw%3D%3D HTTP/1.1
Host: www1.youareanidiot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: */*
Referer: http://www1.youareanidiot.com/?tm=1&subid4=1713725556.0197280000&KW1=Video%20Productions&KW2=Website%20Hosting&KW3=PSD%20HTML&searchbox=0&domainname=0&backfill=0
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __gsas=ID=5eb35b15ea75f7f2:T=1713725559:RT=1713725559:S=ALNI_MaHMNtfQCrj11gLLleX4c2K_uuFgQ

Response

HTTP/1.1 200 OK

Date: Sun, 21 Apr 2024 18:52:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: answercheck
Accept-CH: viewport-width
Accept-CH: dpr
Accept-CH: device-memory
Accept-CH: rtt
Accept-CH: downlink
Accept-CH: ect
Accept-CH: ua
Accept-CH: ua-full-version
Accept-CH: ua-platform
Accept-CH: ua-platform-version
Accept-CH: ua-arch
Accept-CH: ua-model
Accept-CH: ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
GET

http://www1.youareanidiot.com/favicon.ico

Remote address:

75.2.73.197:80

Request

GET /favicon.ico HTTP/1.1
Host: www1.youareanidiot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www1.youareanidiot.com/?tm=1&subid4=1713725556.0197280000&KW1=Video%20Productions&KW2=Website%20Hosting&KW3=PSD%20HTML&searchbox=0&domainname=0&backfill=0
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __gsas=ID=5eb35b15ea75f7f2:T=1713725559:RT=1713725559:S=ALNI_MaHMNtfQCrj11gLLleX4c2K_uuFgQ

Response

HTTP/1.1 200 OK

Date: Sun, 21 Apr 2024 18:52:39 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 18 Apr 2024 13:47:34 GMT
ETag: "66212476-0"
Accept-Ranges: bytes
DNS

c.parkingcrew.net

Remote address:

8.8.8.8:53

Request

c.parkingcrew.net

IN A

Response

c.parkingcrew.net

IN A

185.53.178.30
GET

http://c.parkingcrew.net/scripts/sale_form.js

Remote address:

185.53.178.30:80

Request

GET /scripts/sale_form.js HTTP/1.1
Host: c.parkingcrew.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: */*
Referer: http://www1.youareanidiot.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 21 Apr 2024 18:52:37 GMT
Content-Type: application/javascript
Content-Length: 761
Connection: keep-alive
Last-Modified: Thu, 21 Mar 2024 11:48:11 GMT
ETag: "65fc1e7b-2f9"
Accept-Ranges: bytes
DNS

d38psrni17bvxu.cloudfront.net

Remote address:

8.8.8.8:53

Request

d38psrni17bvxu.cloudfront.net

IN A

Response

d38psrni17bvxu.cloudfront.net

IN A

18.165.158.46

d38psrni17bvxu.cloudfront.net

IN A

18.165.158.27

d38psrni17bvxu.cloudfront.net

IN A

18.165.158.4

d38psrni17bvxu.cloudfront.net

IN A

18.165.158.52
DNS

d38psrni17bvxu.cloudfront.net

Remote address:

8.8.8.8:53

Request

d38psrni17bvxu.cloudfront.net

IN A
DNS

www.afternic.com

Remote address:

8.8.8.8:53

Request

www.afternic.com

IN A

Response

www.afternic.com

IN CNAME

afternic.com.sni-only.edgekey.net

afternic.com.sni-only.edgekey.net

IN CNAME

e126871.dsca.akamaiedge.net

e126871.dsca.akamaiedge.net

IN A

23.41.178.88

e126871.dsca.akamaiedge.net

IN A

23.41.178.131
DNS

syndicatedsearch.goog

Remote address:

8.8.8.8:53

Request

syndicatedsearch.goog

IN A

Response

syndicatedsearch.goog

IN A

172.217.16.238
DNS

syndicatedsearch.goog

Remote address:

8.8.8.8:53

Request

syndicatedsearch.goog

IN A
DNS

partner.googleadservices.com

Remote address:

8.8.8.8:53

Request

partner.googleadservices.com

IN A

Response

partner.googleadservices.com

IN CNAME

partner46.googleadservices.com

partner46.googleadservices.com

IN A

142.250.187.226
DNS

partner.googleadservices.com

Remote address:

8.8.8.8:53

Request

partner.googleadservices.com

IN A
DNS

www.adsensecustomsearchads.com

Remote address:

8.8.8.8:53

Request

www.adsensecustomsearchads.com

IN A

Response

www.adsensecustomsearchads.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.187.238
DNS

www.adsensecustomsearchads.com

Remote address:

8.8.8.8:53

Request

www.adsensecustomsearchads.com

IN A
GET

http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png

Remote address:

18.165.158.46:80

Request

GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www1.youareanidiot.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/png
Content-Length: 11375
Connection: keep-alive
Server: nginx
Date: Sun, 21 Apr 2024 03:04:22 GMT
Last-Modified: Thu, 21 Mar 2024 11:48:11 GMT
Accept-Ranges: bytes
ETag: "65fc1e7b-2c6f"
X-Cache: Hit from cloudfront
Via: 1.1 c77ea39f799435256b0dedb7c85316ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MAN51-P2
X-Amz-Cf-Id: b6DrwGSIh2OccXW4Q7NQkA3M_4GCSbdQbpxe6PYoU6NHEBFsxC_SLQ==
Age: 56896
DNS

afs.googleusercontent.com

Remote address:

8.8.8.8:53

Request

afs.googleusercontent.com

IN A

Response

afs.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

172.217.16.225
DNS

beacons.gcp.gvt2.com

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

192.178.49.163
DNS

e2c67.gcp.gvt2.com

Remote address:

8.8.8.8:53

Request

e2c67.gcp.gvt2.com

IN A

Response

e2c67.gcp.gvt2.com

IN A

34.32.10.90
DNS

beacons.gvt2.com

Remote address:

8.8.8.8:53

Request

beacons.gvt2.com

IN A

Response

beacons.gvt2.com

IN A

192.178.48.227
DNS

youareanidiot.net

Remote address:

8.8.8.8:53

Request

youareanidiot.net

IN A

Response

youareanidiot.net

IN A

103.224.212.210
DNS

youareanidiot.net

Remote address:

8.8.8.8:53

Request

youareanidiot.net

IN A
DNS

ww25.youareanidiot.net

Remote address:

8.8.8.8:53

Request

ww25.youareanidiot.net

IN A

Response

ww25.youareanidiot.net

IN CNAME

77026.bodis.com

77026.bodis.com

IN A

199.59.243.225
DNS

Remote address:

199.59.243.225:80

Response

HTTP/1.1 408 Request Time-out

Content-length: 110
Cache-Control: no-cache
Connection: close
Content-Type: text/html
GET

http://ww25.youareanidiot.net/?subid1=20240422-0453-0559-9a3c-313bc157ac3f

Remote address:

199.59.243.225:80

Request

GET /?subid1=20240422-0453-0559-9a3c-313bc157ac3f HTTP/1.1
Host: ww25.youareanidiot.net
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

date: Sun, 21 Apr 2024 18:53:05 GMT
content-type: text/html; charset=utf-8
content-length: 1190
x-request-id: cbae2256-6f06-4f4a-bea8-0a27c99ffda1
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_veBT1Evo7dHC2XtofwExB4yOE8McR063VVgc7dLgGcePhKiljllxFFRmaKQJmX/xAbYukZ/EshW7k/Tsz85OBg==
set-cookie: parking_session=cbae2256-6f06-4f4a-bea8-0a27c99ffda1; expires=Sun, 21 Apr 2024 19:08:05 GMT; path=/
GET

http://ww25.youareanidiot.net/biTtBiGCk.js

Remote address:

199.59.243.225:80

Request

GET /biTtBiGCk.js HTTP/1.1
Host: ww25.youareanidiot.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: */*
Referer: http://ww25.youareanidiot.net/?subid1=20240422-0453-0559-9a3c-313bc157ac3f
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: parking_session=cbae2256-6f06-4f4a-bea8-0a27c99ffda1

Response

HTTP/1.1 200 OK

date: Sun, 21 Apr 2024 18:53:05 GMT
content-type: application/javascript; charset=utf-8
content-length: 33291
x-request-id: cdf0982f-43cb-4a32-a9d1-5097d84cd446
set-cookie: parking_session=cbae2256-6f06-4f4a-bea8-0a27c99ffda1; expires=Sun, 21 Apr 2024 19:08:05 GMT
POST

http://ww25.youareanidiot.net/_fd?subid1=20240422-0453-0559-9a3c-313bc157ac3f

Remote address:

199.59.243.225:80

Request

POST /_fd?subid1=20240422-0453-0559-9a3c-313bc157ac3f HTTP/1.1
Host: ww25.youareanidiot.net
Connection: keep-alive
Content-Length: 0
Accept: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Content-Type: application/json
Origin: http://ww25.youareanidiot.net
Referer: http://ww25.youareanidiot.net/?subid1=20240422-0453-0559-9a3c-313bc157ac3f
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: parking_session=cbae2256-6f06-4f4a-bea8-0a27c99ffda1

Response

HTTP/1.1 200 OK

server: openresty
date: Sun, 21 Apr 2024 18:53:05 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 2667
cache-control: no-cache
x-version: 2.117.5
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-store, must-revalidate
cache-control: post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=cbae2256-6f06-4f4a-bea8-0a27c99ffda1; expires=Sun, 21 Apr 2024 19:08:06 GMT; Max-Age=900; path=/; httponly
POST

http://ww25.youareanidiot.net/_tr

Remote address:

199.59.243.225:80

Request

POST /_tr HTTP/1.1
Host: ww25.youareanidiot.net
Connection: keep-alive
Content-Length: 1821
Accept: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Content-Type: application/json
Origin: http://ww25.youareanidiot.net
Referer: http://ww25.youareanidiot.net/?subid1=20240422-0453-0559-9a3c-313bc157ac3f
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: parking_session=cbae2256-6f06-4f4a-bea8-0a27c99ffda1

Response

HTTP/1.1 200 OK

server: openresty
date: Sun, 21 Apr 2024 18:53:06 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 22
cache-control: no-cache
x-version: 2.117.5
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-store, must-revalidate
cache-control: post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=cbae2256-6f06-4f4a-bea8-0a27c99ffda1; expires=Sun, 21 Apr 2024 19:08:06 GMT; Max-Age=900; path=/; httponly
DNS

i.ytimg.com

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

142.250.178.22

i.ytimg.com

IN A

172.217.16.246

i.ytimg.com

IN A

142.250.200.22

i.ytimg.com

IN A

142.250.200.54

i.ytimg.com

IN A

216.58.201.118

i.ytimg.com

IN A

216.58.204.86

i.ytimg.com

IN A

216.58.213.22

i.ytimg.com

IN A

172.217.169.22

i.ytimg.com

IN A

216.58.212.214

i.ytimg.com

IN A

216.58.212.246

i.ytimg.com

IN A

142.250.179.246

i.ytimg.com

IN A

142.250.180.22

i.ytimg.com

IN A

142.250.187.214

i.ytimg.com

IN A

142.250.187.246
DNS

www.youtube.com

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

172.217.169.14

youtube-ui.l.google.com

IN A

216.58.212.206

youtube-ui.l.google.com

IN A

216.58.212.238

youtube-ui.l.google.com

IN A

172.217.169.46

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

216.58.213.14
DNS

www.youtube.com

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.187.226
DNS

static.doubleclick.net

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

216.58.213.6
DNS

jnn-pa.googleapis.com

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

142.250.200.42

jnn-pa.googleapis.com

IN A

216.58.201.106

jnn-pa.googleapis.com

IN A

216.58.204.74

jnn-pa.googleapis.com

IN A

172.217.169.10

jnn-pa.googleapis.com

IN A

216.58.212.202

jnn-pa.googleapis.com

IN A

216.58.212.234

jnn-pa.googleapis.com

IN A

142.250.179.234

jnn-pa.googleapis.com

IN A

142.250.180.10

jnn-pa.googleapis.com

IN A

142.250.187.202

jnn-pa.googleapis.com

IN A

142.250.187.234

jnn-pa.googleapis.com

IN A

142.250.178.10

jnn-pa.googleapis.com

IN A

172.217.16.234

jnn-pa.googleapis.com

IN A

142.250.200.10
DNS

play.google.com

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.179.238

142.250.187.196:443

www.google.com

tls, http2

chrome.exe

1.1kB
5.7kB
11
8
142.250.187.196:443

https://www.google.com/async/newtab_promos

tls, http2

chrome.exe

6.2kB
85.2kB
88
99

HTTP Request

GET https://www.google.com/async/ddljson?async=ntp:2

HTTP Request

GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

HTTP Request

GET https://www.google.com/async/newtab_promos

HTTP Request

GET https://www.google.com/async/ddljson?async=ntp:2

HTTP Request

GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

HTTP Request

GET https://www.google.com/async/newtab_promos
142.250.187.196:443

www.google.com

tls, http2

chrome.exe

999 B
5.7kB
9
8
216.239.32.29:80

http://pki.goog/gsr1/gsr1.crt

http

chrome.exe

564 B
1.8kB
7
5

HTTP Request

GET http://pki.goog/gsr1/gsr1.crt

HTTP Response

200
142.250.200.14:443

apis.google.com

tls, http2

chrome.exe

1.3kB
5.8kB
15
8
142.250.200.14:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.dCBC8e6ENbg.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo8oB7UmguRctpg6togRivSNxNKjzQ/cb=gapi.loaded_0

tls, http2

chrome.exe

2.7kB
49.8kB
32
43

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.dCBC8e6ENbg.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo8oB7UmguRctpg6togRivSNxNKjzQ/cb=gapi.loaded_0
45.33.30.197:443

youareanidiot.com

tls

1.0kB
4.0kB
10
8
45.33.30.197:443

youareanidiot.com

tls

2.8kB
5.8kB
12
11
45.33.30.197:443

youareanidiot.com

tls

943 B
4.0kB
8
8
75.2.73.197:80

http://www1.youareanidiot.com/favicon.ico

http

4.6kB
12.1kB
22
25

HTTP Request

GET http://www1.youareanidiot.com/?tm=1&subid4=1713725556.0197280000&KW1=Video%20Productions&KW2=Website%20Hosting&KW3=PSD%20HTML&searchbox=0&domainname=0&backfill=0

HTTP Response

200

HTTP Request

GET http://www1.youareanidiot.com/track.php?domain=youareanidiot.com&toggle=browserjs&uid=MTcxMzcyNTU1Ni42OTY5OjgxODFkYzE4ZTA1ODI4MDRlODVjOGZiMmQ2MzlkMTg2MjhkMzNlMGM1ZmI4YjlkMDFhOWIwMDA0MWVkMWY4ZTU6NjYyNTYwNzRhYTIyMw%3D%3D

HTTP Response

200

HTTP Request

GET http://www1.youareanidiot.com/ls.php?t=66256074&token=af2f7cd140bac1ed73d87bd79003c49be4708ccf

HTTP Response

201

HTTP Request

GET http://www1.youareanidiot.com/track.php?domain=youareanidiot.com&caf=1&toggle=answercheck&answer=yes&uid=MTcxMzcyNTU1Ni42OTY5OjgxODFkYzE4ZTA1ODI4MDRlODVjOGZiMmQ2MzlkMTg2MjhkMzNlMGM1ZmI4YjlkMDFhOWIwMDA0MWVkMWY4ZTU6NjYyNTYwNzRhYTIyMw%3D%3D

HTTP Response

200

HTTP Request

GET http://www1.youareanidiot.com/favicon.ico

HTTP Response

200
185.53.178.30:80

http://c.parkingcrew.net/scripts/sale_form.js

http

698 B
2.3kB
8
7

HTTP Request

GET http://c.parkingcrew.net/scripts/sale_form.js

HTTP Response

200
18.165.158.46:80

http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png

http

986 B
12.4kB
12
14

HTTP Request

GET http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png

HTTP Response

200
172.217.16.238:443

syndicatedsearch.goog

tls

1.1kB
6.9kB
12
10
142.250.187.226:443

partner.googleadservices.com

tls

2.4kB
8.2kB
22
25
142.250.187.238:443

www.adsensecustomsearchads.com

tls

5.5kB
97.0kB
64
83
172.217.16.225:443

afs.googleusercontent.com

tls

2.2kB
12.3kB
19
19
172.217.16.225:443

afs.googleusercontent.com

tls

1.0kB
10.7kB
10
11
192.178.49.163:443

beacons.gcp.gvt2.com

tls

2.7kB
7.2kB
22
16
34.32.10.90:443

e2c67.gcp.gvt2.com

tls

2.2kB
5.8kB
16
15
192.178.48.227:443

beacons.gvt2.com

tls

2.3kB
7.1kB
18
16
192.178.48.227:443

beacons.gvt2.com

tls

1.0kB
5.8kB
10
8
103.224.212.210:443

youareanidiot.net

tls

1.1kB
6.9kB
11
12
103.224.212.210:443

youareanidiot.net

tls

1.8kB
7.0kB
12
14
103.224.212.210:443

youareanidiot.net

tls

1.1kB
6.9kB
10
12
199.59.243.225:80

ww25.youareanidiot.net

http

334 B
405 B
7
4

HTTP Response

408
199.59.243.225:80

http://ww25.youareanidiot.net/_tr

http

5.3kB
43.4kB
32
46

HTTP Request

GET http://ww25.youareanidiot.net/?subid1=20240422-0453-0559-9a3c-313bc157ac3f

HTTP Response

200

HTTP Request

GET http://ww25.youareanidiot.net/biTtBiGCk.js

HTTP Response

200

HTTP Request

POST http://ww25.youareanidiot.net/_fd?subid1=20240422-0453-0559-9a3c-313bc157ac3f

HTTP Response

200

HTTP Request

POST http://ww25.youareanidiot.net/_tr

HTTP Response

200
142.250.178.22:443

i.ytimg.com

tls

1.4kB
1.5kB
7
3
142.250.178.22:443

i.ytimg.com

tls

937 B
5.2kB
9
6
142.250.178.22:443

i.ytimg.com

tls

3.4kB
21.0kB
23
23
172.217.169.14:443

www.youtube.com

tls

1.9kB
10.9kB
17
19
142.250.187.226:443

googleads.g.doubleclick.net

tls

2.5kB
6.9kB
16
14
216.58.213.6:443

static.doubleclick.net

tls

2.9kB
6.8kB
16
14
142.250.200.42:443

jnn-pa.googleapis.com

tls

3.0kB
6.9kB
17
15
192.178.49.163:443

beacons.gcp.gvt2.com

tls

1.2kB
1.6kB
7
5
142.250.179.238:443

play.google.com

tls

1.7kB
8.5kB
13
15

8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.187.196
8.8.8.8:53

pki.goog

dns

chrome.exe

54 B
70 B
1
1

DNS Request

pki.goog

DNS Response

216.239.32.29
8.8.8.8:53

www.microsoft.com

dns

chrome.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

apis.google.com

dns

chrome.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.200.14
8.8.8.8:53

aduption.net

dns

chrome.exe

58 B
131 B
1
1

DNS Request

aduption.net
8.8.8.8:53

google.com

dns

chrome.exe

56 B
72 B
1
1

DNS Request

google.com

DNS Response

142.250.178.14
8.8.8.8:53

google.com

dns

chrome.exe

56 B
72 B
1
1

DNS Request

google.com

DNS Response

142.250.178.14
142.250.187.196:443

www.google.com

https

chrome.exe

43.4kB
1.3MB
361
1164
8.8.8.8:53

youareanidiot.com

dns

63 B
255 B
1
1

DNS Request

youareanidiot.com

DNS Response

45.33.30.197

45.79.19.196

96.126.123.244

72.14.178.174

45.56.79.23

45.33.20.235

45.33.18.44

45.33.2.79

45.33.23.183

198.58.118.167

173.255.194.134

72.14.185.43
8.8.8.8:53

www1.youareanidiot.com

dns

68 B
136 B
1
1

DNS Request

www1.youareanidiot.com

DNS Response

75.2.73.197

99.83.136.84
8.8.8.8:53

c.parkingcrew.net

dns

63 B
79 B
1
1

DNS Request

c.parkingcrew.net

DNS Response

185.53.178.30
8.8.8.8:53

d38psrni17bvxu.cloudfront.net

dns

150 B
139 B
2
1

DNS Request

d38psrni17bvxu.cloudfront.net

DNS Request

d38psrni17bvxu.cloudfront.net

DNS Response

18.165.158.46

18.165.158.27

18.165.158.4

18.165.158.52
8.8.8.8:53

www.afternic.com

dns

62 B
179 B
1
1

DNS Request

www.afternic.com

DNS Response

23.41.178.88

23.41.178.131
8.8.8.8:53

syndicatedsearch.goog

dns

134 B
83 B
2
1

DNS Request

syndicatedsearch.goog

DNS Request

syndicatedsearch.goog

DNS Response

172.217.16.238
8.8.8.8:53

partner.googleadservices.com

dns

148 B
114 B
2
1

DNS Request

partner.googleadservices.com

DNS Request

partner.googleadservices.com

DNS Response

142.250.187.226
8.8.8.8:53

www.adsensecustomsearchads.com

dns

152 B
120 B
2
1

DNS Request

www.adsensecustomsearchads.com

DNS Request

www.adsensecustomsearchads.com

DNS Response

142.250.187.238
142.250.187.238:443

www.adsensecustomsearchads.com

https

9.0kB
14.0kB
30
31
8.8.8.8:53

afs.googleusercontent.com

dns

71 B
116 B
1
1

DNS Request

afs.googleusercontent.com

DNS Response

172.217.16.225
8.8.8.8:53

beacons.gcp.gvt2.com

dns

66 B
112 B
1
1

DNS Request

beacons.gcp.gvt2.com

DNS Response

192.178.49.163
8.8.8.8:53

e2c67.gcp.gvt2.com

dns

64 B
80 B
1
1

DNS Request

e2c67.gcp.gvt2.com

DNS Response

34.32.10.90
8.8.8.8:53

beacons.gvt2.com

dns

62 B
78 B
1
1

DNS Request

beacons.gvt2.com

DNS Response

192.178.48.227
8.8.8.8:53

youareanidiot.net

dns

126 B
79 B
2
1

DNS Request

youareanidiot.net

DNS Request

youareanidiot.net

DNS Response

103.224.212.210
8.8.8.8:53

ww25.youareanidiot.net

dns

68 B
113 B
1
1

DNS Request

ww25.youareanidiot.net

DNS Response

199.59.243.225
142.250.187.196:443

www.google.com

https

2.9kB
7.2kB
5
8
142.250.187.226:443

partner.googleadservices.com

https

4.2kB
6.4kB
7
8
172.217.16.225:443

afs.googleusercontent.com

https

3.7kB
8.8kB
10
12
142.250.187.238:443

www.adsensecustomsearchads.com

https

1.3kB
1.3kB
1
1
8.8.8.8:53

i.ytimg.com

dns

57 B
281 B
1
1

DNS Request

i.ytimg.com

DNS Response

142.250.178.22

172.217.16.246

142.250.200.22

142.250.200.54

216.58.201.118

216.58.204.86

216.58.213.22

172.217.169.22

216.58.212.214

216.58.212.246

142.250.179.246

142.250.180.22

142.250.187.214

142.250.187.246
8.8.8.8:53

www.youtube.com

dns

122 B
335 B
2
1

DNS Request

www.youtube.com

DNS Request

www.youtube.com

DNS Response

172.217.169.14

216.58.212.206

216.58.212.238

172.217.169.46

142.250.179.238

142.250.180.14

142.250.187.206

142.250.187.238

142.250.178.14

172.217.16.238

142.250.200.14

142.250.200.46

216.58.201.110

216.58.204.78

216.58.213.14
172.217.169.14:443

www.youtube.com

https

24.7kB
1.2MB
197
923
142.250.178.22:443

i.ytimg.com

https

2.9kB
6.8kB
6
8
8.8.8.8:53

googleads.g.doubleclick.net

dns

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.187.226
8.8.8.8:53

static.doubleclick.net

dns

68 B
84 B
1
1

DNS Request

static.doubleclick.net

DNS Response

216.58.213.6
8.8.8.8:53

jnn-pa.googleapis.com

dns

67 B
275 B
1
1

DNS Request

jnn-pa.googleapis.com

DNS Response

142.250.200.42

216.58.201.106

216.58.204.74

172.217.169.10

216.58.212.202

216.58.212.234

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

142.250.178.10

172.217.16.234

142.250.200.10
142.250.187.226:443

googleads.g.doubleclick.net

https

3.6kB
7.3kB
10
11
142.250.200.42:443

jnn-pa.googleapis.com

https

6.6kB
51.7kB
35
52
192.178.49.163:443

beacons.gcp.gvt2.com

https

5.6kB
9.4kB
28
24
8.8.8.8:53

play.google.com

dns

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.179.238
142.250.179.238:443

play.google.com

https

7.1kB
9.6kB
12
12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
58KB

MD5
9b603992d96c764cbd57766940845236

SHA1
4f081f843a1ae0bbd5df265e00826af6c580cfe7

SHA256
520408fec7c6d419184ec68ad3d3f35f452d83bd75546aa5d171ffc7fe72cb2b

SHA512
abd88ee09909c116db1f424f2d1cbc0795dbc855fef81f0587d9a4e1a8d90de693fa72841259cf4a80e0e41d9f3e1f4bf3a78c4801264e3e9c7d9635bb79ccf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
40KB

MD5
0f81b6d61de3f11df96afa46fb362f45

SHA1
b73925c797fcb5e23b0e0495ebdfb629d16f26e4

SHA256
7171337d694e449b8c4923733effa4185a3eddb330b96e9fd0e4e3497faf5364

SHA512
1c97e4e7357d385613f05f7a16439c25614d553cafdbd18a197c4a369726ec28b372ec6bed8b87a968d74a2585e3c999da9799e6cf558fa9ce25f87010d0e617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
666cd5349b2a360836f8ba64bea440da

SHA1
19476625fdc88ac09c45a47d79493219ec6e3e6f

SHA256
695c8e742c72f7b3527ef59056577b3c5fc7d1d1ef706f1ba91c38808bc16b99

SHA512
550bc849114b96093b3bce2a102f36cd1b55e76bce5553404bcfcabb2d4ecb1d68315557f69f9c7445a01ed75fc67ae1731c8e1414ddbdcdda473394dd090e83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf77e3e9.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
51d2a8c3f2ed1a7bf6b2866a737d1a36

SHA1
5960c55ce18ab63c5b8cbc12d9583225966e2503

SHA256
7646531b6673b5ddbb7c5814c4d41ce6eea69ea5dc39e8537e8b43c610934e57

SHA512
b346255bf2e232aede15d87b618afa81f835b67fc277b5f845b162c8a90235fdb268dc1c3a7890f2bfb3acd47dd256504034ad40b6361ad546b26d3b1b16ec0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
200B

MD5
fdaf3cde22ee8eada721a71206f84a9b

SHA1
9e695d028022e43ac79036dff77099cc6d40ea51

SHA256
07ef4d23b2469b6f0a1bd361c4694fa27949d9c542deac0a8c80240c25249e2a

SHA512
2255aacdac842530dc76ae9ecb88da2fd6f306fc0117a8c3b2f8f757ba48fb5c13e43cc2ec9a5cb07a17fd2d7298f65cab24d266beb2a0f1af9162f15011daa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
200B

MD5
a5e682a709ed5d3582c663b4222642eb

SHA1
59e2267f25ff96642ae51d615b00d01b2738f760

SHA256
4d16d3272fec8284eca8e2934ae961d715729444ff95c98d7846c4e5328a2343

SHA512
ab7d1fbfe4facd97d2b4b56c2b32f444cc3d91ec18ee6e8fe615d672cfcc342a368918646e34477a41cb2e287b42a6c283fe385009972f6366379a2ca1438d8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
200B

MD5
2948a11016ace51ecb9aa463703f2c4e

SHA1
2efc2312905b7a21bc3561a4dafcc24b360e9ada

SHA256
389499b04914eca767b584ec29c36e4b3bde2c7042d0c988db86b11476d9212f

SHA512
3dc908a6ae1599ac28faad9bc44fd6395b66f650143138383811258086f6b645472663bcbd3b2ebe0c2ab419c2418bd532357949c259bf3b537a4913080db3c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6100e80b42645d89cc122c0eb3c19d5b

SHA1
9250d67ccb7c06c5f528cf812239a658dd36bfe9

SHA256
6eb1e5935608c86ca765ea9b989952037e9961562793954ee7ae4e15dfc63e48

SHA512
d3d59f0e220a9d9a43a780c87af61f8cc8e092a0c31528cfbe0337bb726da15a6ba3d4b533dea827f1197cd95bfd0e3dfa30dc222dcf40334a985a80ec73c371

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
190e761ac5e7b2d1c8b6b484e6d855ba

SHA1
fb569a2c255cbf608cb79e2c8bf2e9cea0d729fa

SHA256
e4812f9a46abfed62a1b311740c1edf30d1db35d6684d9666b11ee71b12c10dd

SHA512
0fd53f715b8e541c9c49e1f8b6ec0d225d94063329c5a02b777763867f910b88e3b71ecfee342bb497e88c024329ae286a6980030eb38f860f6618a90b0ad11a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f85132b74e66defe728eb8a5904ab118

SHA1
8ec09937571d36862c500be173aaa9d5d5bdbcb0

SHA256
a16bd9d4472c9038f80a7666953b7d69edba9f62bfb5efc364eb353b480b6cb2

SHA512
2d8f44d24d0fd0c32b9b79d7747db8923a811e549f8e1e879bc37b711137528e7dd24620f1a71cfacf78601fab8981612ffa70beb1f12a4e6be40ff953464893

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
883b4bfff530c775a2cd60bed8aaebf4

SHA1
86067a76efbda7fdcb9b7fe213b321c45038eff8

SHA256
158e852d8f663681e66fb38de95c139cde2c665f2581cad0525cdbdcbdb1ddc0

SHA512
fd1bd62d16d076e95da87551ceb966a72a8064a081e716e4a81ff1eca3537b677b9756e986873eb54e1897451b68c25a41550702f3bf7e25b03ab354b01f7cd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
139KB

MD5
4f3dc0e219d68c6dce566dc1327d9f83

SHA1
ec05890b4cabce225e63de481caef1fc5421837f

SHA256
576e6c3bbd3ecdd6861852fc71f07cd9cb4a360583f0e9a9e75c82e0e7c1cadd

SHA512
68bdaf170489efc3b3f63fa9642cda6d7f7a6d31ef811b27a12ac57e3879cc55ad30c9c5142a774c98dc2a6bcf6957baf3a0318981fb832c5be5ccee0649fd94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
139KB

MD5
3f5f818131c3fa978f9619f042e79b3f

SHA1
e1af681dd1487c1c38ba97d0c5eb307cd2a2a93c

SHA256
817577a4dbb173f94cd85a0f75a647ddcfd595b6997efd68228559a9702ebbd5

SHA512
09b99797370581f660964891cc6b67fcfd435053d319d370b5a3553bc7ff41f6194ec9b391d2db5add370bc1feea8ca0689e26fb60a509fc1fd447cc8febf19c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
139KB

MD5
c8cca0cf9788f35b3ac1135ef38d2e06

SHA1
ad8b80a0c46b40f47e3f47a9b5801418c85aa481

SHA256
c530256a5133eb363eb8024550a1c8ce1edaae6b761411cbe146797c5ee2e429

SHA512
753196ad55de4434ea48388b8ce5157c2ca5f8ad47a203ec0af5a43ff1da009b9a782e147abf3f32a83c182a608581f4b7a0697d6f51fc8e574e9948aab187fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
139KB

MD5
1bef894daf78d12981acb256612fa393

SHA1
d19e064014a471f6392a8cb53cac3e729497cece

SHA256
92e12a7ba05b7e607fb5cdb610c59f6d7f26693b4cf287fa95cb01525924b8fb

SHA512
2d5b009bc5de2f458ffe335507e005b9183beacfa000c499a009db6b9e7c40dafbe8ddeac0580c3e3d0e9f1c1ee79259ddbecdb607153a27e4c62d45981bfffb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response