Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.metamask-io-help.walletallinone.com/

Overview

General Information

Sample URL:https://www.metamask-io-help.walletallinone.com/
Analysis ID:1599995
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
AI detected suspicious URL
Detected non-DNS traffic on DNS port
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 1960 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2964 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1988,i,3023118040620710755,13092615559266609221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5880 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5628 --field-trial-handle=1988,i,3023118040620710755,13092615559266609221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 3228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 --field-trial-handle=1988,i,3023118040620710755,13092615559266609221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 5468 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.metamask-io-help.walletallinone.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://www.metamask-io-help.walletallinone.com/Avira URL Cloud: detection malicious, Label: malware
Antivirus detection for URL or domain
Source: https://metamask-io-help.walletallinone.comAvira URL Cloud: Label: malware
Source: https://www.metamask-io-help.walletallinone.com/images/favicon-32x32.pngAvira URL Cloud: Label: malware

Phishing

barindex
AI detected suspicious URL
Source: https://www.metamask-io-help.walletallinone.comJoe Sandbox AI: The URL 'https://www.metamask-io-help.walletallinone.com' appears to be attempting to spoof the legitimate MetaMask brand. The legitimate URL for MetaMask is 'https://metamask.io'. The analyzed URL uses 'metamask-io' as a subdomain, which closely resembles the legitimate domain. The addition of '-io-help' suggests an attempt to mimic a support or help page, which could confuse users seeking assistance. The main domain 'walletallinone.com' does not have a known association with MetaMask, increasing the likelihood of typosquatting. The structural similarity and the use of a misleading subdomain contribute to a high likelihood of this being a typosquatting attempt.
Source: https://www.metamask-io-help.walletallinone.com/HTTP Parser: No favicon
Source: global trafficTCP traffic: 192.168.2.5:49751 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.metamask-io-help.walletallinone.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/libs/font-awesome/6.4.0/css/all.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.metamask-io-help.walletallinone.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /npm/bootstrap@5.3.0/dist/css/bootstrap.min.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.metamask-io-help.walletallinone.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.metamask-io-help.walletallinone.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /embed/G_JiU-6dcu8 HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.metamask-io-help.walletallinone.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /s/player/37364e28/www-player.css HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.youtube.com/embed/G_JiU-6dcu8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: YSC=DBz_Ohzo9rk; __Secure-ROLLOUT_TOKEN=CKbo04-d0o-R4wEQvr6l_syUiwMYvr6l_syUiwM%3D; VISITOR_INFO1_LIVE=zoQeK2_P9CQ; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgRQ%3D%3D
Source: global trafficHTTP traffic detected: GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-brands-400.woff2 HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.metamask-io-help.walletallinone.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /s/player/37364e28/player_ias.vflset/en_US/embed.js HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/embed/G_JiU-6dcu8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: YSC=DBz_Ohzo9rk; __Secure-ROLLOUT_TOKEN=CKbo04-d0o-R4wEQvr6l_syUiwMYvr6l_syUiwM%3D; VISITOR_INFO1_LIVE=zoQeK2_P9CQ; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgRQ%3D%3D
Source: global trafficHTTP traffic detected: GET /s/player/37364e28/www-embed-player.vflset/www-embed-player.js HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/embed/G_JiU-6dcu8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: YSC=DBz_Ohzo9rk; __Secure-ROLLOUT_TOKEN=CKbo04-d0o-R4wEQvr6l_syUiwMYvr6l_syUiwM%3D; VISITOR_INFO1_LIVE=zoQeK2_P9CQ; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgRQ%3D%3D
Source: global trafficHTTP traffic detected: GET /s/player/37364e28/player_ias.vflset/en_US/base.js HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/embed/G_JiU-6dcu8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: YSC=DBz_Ohzo9rk; __Secure-ROLLOUT_TOKEN=CKbo04-d0o-R4wEQvr6l_syUiwMYvr6l_syUiwM%3D; VISITOR_INFO1_LIVE=zoQeK2_P9CQ; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgRQ%3D%3D
Source: global trafficHTTP traffic detected: GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2 HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.metamask-io-help.walletallinone.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /vi/G_JiU-6dcu8/maxresdefault.jpg HTTP/1.1Host: i.ytimg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/id HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.youtube.comX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /instream/ad_status.js HTTP/1.1Host: static.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /s/player/37364e28/player_ias.vflset/en_US/remote.js HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/embed/G_JiU-6dcu8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: YSC=DBz_Ohzo9rk; __Secure-ROLLOUT_TOKEN=CKbo04-d0o-R4wEQvr6l_syUiwMYvr6l_syUiwM%3D; VISITOR_INFO1_LIVE=zoQeK2_P9CQ; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgRQ%3D%3D
Source: global trafficHTTP traffic detected: GET /js/th/skLV2r59RNY58gjyb4niD17vGKK9-6jgagj8WbOVB5w.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /OVi1kuvywYavgpsnFMAzoRoE5-0fkSrLKrrwx4xigCY9sptmWRVokmAVli1xKyHTl-9dY4D_NQ=s68-c-k-c0x00ffffff-no-rj HTTP/1.1Host: yt3.ggpht.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /vi/G_JiU-6dcu8/maxresdefault.jpg HTTP/1.1Host: i.ytimg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.youtube.comX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /instream/ad_status.js HTTP/1.1Host: static.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /OVi1kuvywYavgpsnFMAzoRoE5-0fkSrLKrrwx4xigCY9sptmWRVokmAVli1xKyHTl-9dY4D_NQ=s68-c-k-c0x00ffffff-no-rj HTTP/1.1Host: yt3.ggpht.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /generate_204?E2Fh-Q HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.youtube.com/embed/G_JiU-6dcu8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: YSC=DBz_Ohzo9rk; __Secure-ROLLOUT_TOKEN=CKbo04-d0o-R4wEQvr6l_syUiwMYvr6l_syUiwM%3D; VISITOR_INFO1_LIVE=zoQeK2_P9CQ; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgRQ%3D%3D
Source: global trafficHTTP traffic detected: GET /js/th/skLV2r59RNY58gjyb4niD17vGKK9-6jgagj8WbOVB5w.js HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/id?slf_rd=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/favicon-32x32.png HTTP/1.1Host: www.metamask-io-help.walletallinone.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.metamask-io-help.walletallinone.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=521=RJs-x93-fcjoAQ-6E5iNHN5m5N8slwY6V2mWgh5d0BzcwIFMepVYFQBYMyVyT2QWsha2IiZtFj9oT_Jppdj2HcDyH9K93xBBG93MvFtqZtImK0LuzgSLljPOHJG_BerQTS8Mv-MG6oxt0Wo65x8xs3zNc4QqyTb0laTxb8hzTf9ckI_5gW2GzsIqbFEHrIqU
Source: global trafficHTTP traffic detected: GET /images/favicon-32x32.png HTTP/1.1Host: www.metamask-io-help.walletallinone.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=521=PtHJF16DOnSCup-veDNIOOqWGH0Hblz0WVOHxxqved5XI7v5e7-8m-xEwtUK7tXgabJMutbEe1B62Eth6Y8dwcQqBjnBTW5BS0KOpKQmRyJ8cBq3cqmes22vsG7kupBP9-Z7XzABah3i8kD0hFCl_2LxXZ-Ft6xIcmvOAuVlX7w1AjPOhOAemOxXPNhoLuGG3g
Source: global trafficHTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=521=b5GYEwHrelkBK6G-iKLkeDz4-gKwV-z00RJhJPf5MgFa2GZUlcafqzvO4zxBQlzL1PUagtSUr3RGORYCdhimDfqhUNCCUzVbdX_45RomK_LAX7Puq70k_j8dpyucVr298PGCNA9Wzw-aUf-AJ3wNQAwWY0LK5DgF4A47-TYJ8yxuEhLubP8nh0r41eyinracVQ
Source: global trafficHTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=521=I0yNe6qe_SXfovdlewWfyYIURaKLfi9AvDR6ZFvyFn7yeDBrkUL2suuOy1GUD_EbbveT3-Nob_FXgLn1UUiRaFbxIQ-boxC-kK1eO7yIVxILDXo27mdUleEJ4E_Ms8ZTOqkfxKxt-9a7O966uFMvrA1j5SNR3LRwGNSV7W_LGlEc1k07yxaS7KKY2nAMmwyXu9yRSSmsBw
Source: global trafficHTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=521=I0yNe6qe_SXfovdlewWfyYIURaKLfi9AvDR6ZFvyFn7yeDBrkUL2suuOy1GUD_EbbveT3-Nob_FXgLn1UUiRaFbxIQ-boxC-kK1eO7yIVxILDXo27mdUleEJ4E_Ms8ZTOqkfxKxt-9a7O966uFMvrA1j5SNR3LRwGNSV7W_LGlEc1k07yxaS7KKY2nAMmwyXu9yRSSmsBw
Source: chromecache_123.2.drString found in binary or memory: <iframe width="100%" height="400" src="https://www.youtube.com/embed/G_JiU-6dcu8" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe> equals www.youtube.com (Youtube)
Source: chromecache_123.2.drString found in binary or memory: <meta itemprop="contentUrl" content="https://www.youtube.com/watch?v=G_JiU-6dcu8"> equals www.youtube.com (Youtube)
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: (g.HC(W,"redirector.googlevideo.com"),A=W.toString()):W.j.match("rr?[1-9].*\\.c\\.youtube\\.com$")?(g.HC(W,"www.youtube.com"),A=W.toString()):(W=mSK(A),pj(W)&&(A=W));W=new g.JH(A);W.set("cmo=pf","1");p&&W.set("cmo=td","a1.googlevideo.com");return W}; equals www.youtube.com (Youtube)
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: 0?"http":"https";this.De=AE((c?c.customBaseYoutubeUrl:m.BASE_YT_URL)||"")||AE(this.Pe)||this.protocol+"://www.youtube.com/";L=c?c.eventLabel:m.el;A="detailpage";L==="adunit"?A=this.L?"embedded":"detailpage":L==="embedded"||this.X?A=$d(A,L,sRr):L&&(A="embedded");this.Rq=A;enY();L=null;A=c?c.playerStyle:m.ps;R=g.Pr(Sl7,A);!A||R&&!this.X||(L=A);this.playerStyle=L;this.B=g.Pr(Sl7,this.playerStyle);this.houseBrandUserStatus=c==null?void 0:c.houseBrandUserStatus;this.Mh=this.B&&this.playerStyle!=="play"&& equals www.youtube.com (Youtube)
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: c=this.api.J();m=this.api.getVideoData();var W="";c.K||(c=g.nX(c),c.indexOf("www.")===0&&(c=c.substring(4)),W=g.P2(m)?"Watch on YouTube Music":c==="youtube.com"?"Watch on YouTube":g.xg("Watch on $WEBSITE",{WEBSITE:c}));this.updateValue("title",W)}; equals www.youtube.com (Youtube)
Source: chromecache_101.2.drString found in binary or memory: g.O.getVideoUrl=function(m,c,W,A,p,R,L){c={list:c};W&&(p?c.time_continue=W:c.t=W);W=L?"music.youtube.com":g.nX(this);p=W==="www.youtube.com";!R&&A&&p?R="https://youtu.be/"+m:g.ty(this)?(R="https://"+W+"/fire",c.v=m):(R&&p?(R=this.protocol+"://"+W+"/shorts/"+m,A&&(c.feature="share")):(R=this.protocol+"://"+W+"/watch",c.v=m),XJ&&(m=n4N())&&(c.ebc=m));return g.PX(R,c)}; equals www.youtube.com (Youtube)
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: g.kv=function(m){var c=g.nX(m);mb7.includes(c)&&(c="www.youtube.com");return m.protocol+"://"+c}; equals www.youtube.com (Youtube)
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: g.nX=function(m){m=B4(m.De);return m==="www.youtube-nocookie.com"?"www.youtube.com":m}; equals www.youtube.com (Youtube)
Source: chromecache_101.2.drString found in binary or memory: iim=function(m,c){if(!m.j["0"]){var W=new IP("0","fakesb",{video:new Es(0,0,0,void 0,void 0,"auto")});m.j["0"]=c?new nz(new g.JH("http://www.youtube.com/videoplayback"),W,"fake"):new A1(new g.JH("http://www.youtube.com/videoplayback"),W,new qM(0,0),new qM(0,0))}}; equals www.youtube.com (Youtube)
Source: chromecache_101.2.drString found in binary or memory: m))):this.api.J().G("enable_adb_handling_in_sabr")&&W==="BROWSER_OR_EXTENSION_ERROR"&&!A.B?(A=A.hostLanguage,m="//support.google.com/youtube/answer/3037019#zippy=%2Cupdate-your-browser-and-check-your-extensions",A&&(m=g.PX(m,{hl:A})),this.jK(Xp(this,"BROWSER_OR_EXTENSION_ERROR",m))):this.jK(g.Ua(m.errorMessage)):this.jK(Xp(this,"HTML5_NO_AVAILABLE_FORMATS_FALLBACK_WITH_LINK_SHORT","//www.youtube.com/supported_browsers")):(m=A.hostLanguage,W="//support.google.com/youtube/?p=player_error1",m&&(W=g.PX(W, equals www.youtube.com (Youtube)
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: m.details.rc!=="429"?m.errorCode==="ump.spsrejectfailure"&&(p="HTML5_SPS_UMP_STATUS_REJECTED"):(p="TOO_MANY_REQUESTS",R="6");this.jg.Is(m.errorCode,m.severity,p,dN(m.details),R)}else this.jg.publish("nonfatalerror",m),A=/^pp/.test(this.videoData.clientPlaybackNonce),this.Y4(m.errorCode,m.details),A&&m.errorCode==="manifest.net.connect"&&(m="https://www.youtube.com/generate_204?cpn="+this.videoData.clientPlaybackNonce+"&t="+(0,g.Kq)(),Vi(m,"manifest",function(L){c.B=!0;c.nf("pathprobe",L)},function(L){c.Y4(L.errorCode, equals www.youtube.com (Youtube)
Source: chromecache_101.2.drString found in binary or memory: new Set;this.deviceIsAudioOnly=!(c==null||!c.deviceIsAudioOnly);this.gM=N8(this.gM,m.ismb);this.wC?(w=m.vss_host||"s.youtube.com",w==="s.youtube.com"&&(w=B4(this.De)||"www.youtube.com")):w="video.google.com";this.IR=w;v4(this,m,!0);this.Cf=new c4;g.r(this,this.Cf);Q=c?c.innertubeApiKey:ZR("",m.innertube_api_key);F=c?c.innertubeApiVersion:ZR("",m.innertube_api_version);w=c?c.innertubeContextClientVersion:ZR("",m.innertube_context_client_version);Q=g.cP("INNERTUBE_API_KEY")||Q;F=g.cP("INNERTUBE_API_VERSION")|| equals www.youtube.com (Youtube)
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: this.Ag.Kf&&(m.authuser=this.Ag.Kf);this.Ag.pageId&&(m.pageid=this.Ag.pageId);isNaN(this.cryptoPeriodIndex)||(m.cpi=this.cryptoPeriodIndex.toString());var p=(p=/_(TV|STB|GAME|OTT|ATV|BDP)_/.exec(g.di()))?p[1]:"";p==="ATV"&&(m.cdt=p);this.U=m;this.U.session_id=A;this.Vb=!0;this.V.flavor==="widevine"&&(this.U.hdr="1");this.V.flavor==="playready"&&(c=Number(IJ(c.experiments,"playready_first_play_expiration")),!isNaN(c)&&c>=0&&(this.U.mfpe=""+c),this.Vb=!1);c="";g.vd(this.V)?Bd(this.V)?(A=W.V)&&(c="https://www.youtube.com/api/drm/fps?ek="+ equals www.youtube.com (Youtube)
Source: chromecache_101.2.drString found in binary or memory: vT.prototype.CZ=function(){return this.A4.l()};var Pbr=(new Date).getTime();var mRE="://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/xsul www.youtube.com/pagead/slav".split(" "),cUs=/\bocr\b/;var AUy=/(?:\[|%5B)([a-zA-Z0-9_]+)(?:\]|%5D)/g;var JU7=0,CoY=0,VfY=0;var rJ=null,sV=!1,ocr=1,Yx=Symbol("SIGNAL"),fb={version:0,uUh:0,H2:!1,Qv:void 0,kM:void 0,LW:void 0,OI:0,ZW:void 0,jy:void 0,Ia:!1,Nw:!1,kind:"unknown",Lu:function(){return!1}, equals www.youtube.com (Youtube)
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: var qo={};var I5h={JW:[{SU:/Unable to load player module/,weight:20},{SU:/Failed to fetch/,weight:500},{SU:/XHR API fetch failed/,weight:10},{SU:/JSON parsing failed after XHR fetch/,weight:10},{SU:/Retrying OnePlatform request/,weight:10},{SU:/CSN Missing or undefined during playback association/,weight:100},{SU:/Non-recoverable error. Do not retry./,weight:0},{SU:/Internal Error. Retry with an exponential backoff./,weight:0},{SU:/API disabled by application./,weight:0}],Vj:[{callback:Gvr,weight:500}]};var EOb=/[&\?]action_proxy=1/,SUU=/[&\?]token=([\w-]*)/,YUF=/[&\?]video_id=([\w-]*)/,fg$=/[&\?]index=([\d-]*)/,i0s=/[&\?]m_pos_ms=([\d-]*)/,P_Y=/[&\?]vvt=([\w-]*)/,vOy="ca_type dt el flash u_tz u_his u_h u_w u_ah u_aw u_cd u_nplug u_nmime frm u_java bc bih biw brdim vis wgl".split(" "),IgQ="www.youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com:443 youtube.googleapis.com www.youtubeedu.com www.youtubeeducation.com video.google.com redirector.gvt1.com".split(" "),uWE={android:"ANDROID", equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: www.metamask-io-help.walletallinone.com
Source: global trafficDNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: www.youtube.com
Source: global trafficDNS traffic detected: DNS query: i.ytimg.com
Source: global trafficDNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: static.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: yt3.ggpht.com
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: unknownHTTP traffic detected: POST /youtubei/v1/log_event?alt=json HTTP/1.1Host: www.youtube.comConnection: keep-aliveContent-Length: 12174sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-YouTube-Device: cbr=Chrome&cbrver=117.0.0.0&ceng=WebKit&cengver=537.36&cos=Windows&cosver=10.0&cplatform=DESKTOPX-YouTube-Page-Label: youtube.player.web_20250121_00_RC00X-Goog-Request-Time: 1737936237592X-YouTube-Page-CL: 718165282X-Goog-Event-Time: 1737936237591X-YouTube-Utc-Offset: -300X-YouTube-Time-Zone: America/New_Yorksec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonX-YouTube-Client-Name: 56X-YouTube-Client-Version: 1.20250121.00.00X-Goog-Visitor-Id: Cgt6b1FlSzJfUDlDUSjomtu8BjIKCgJVUxIEGgAgRQ%3D%3DX-YouTube-Ad-Signals: dt=1737936233658&flash=0&frm=2&u_tz=-300&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1116%2C400&vis=1&wgl=true&ca_type=imageAccept: */*Origin: https://www.youtube.comX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/embed/G_JiU-6dcu8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: YSC=DBz_Ohzo9rk; __Secure-ROLLOUT_TOKEN=CKbo04-d0o-R4wEQvr6l_syUiwMYvr6l_syUiwM%3D; VISITOR_INFO1_LIVE=zoQeK2_P9CQ; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgRQ%3D%3D
Source: chromecache_109.2.dr, chromecache_102.2.dr, chromecache_101.2.dr, chromecache_120.2.drString found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: chromecache_101.2.drString found in binary or memory: http://www.youtube.com/videoplayback
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: http://youtube.com/drm/2012/10/10
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: http://youtube.com/streaming/metadata/segment/102015
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: http://youtube.com/streaming/otf/durations/112015
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: http://youtube.com/yt/2012/10/10
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: https://admin.youtube.com
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: https://angular.dev/license
Source: chromecache_123.2.drString found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap
Source: chromecache_123.2.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css
Source: chromecache_123.2.drString found in binary or memory: https://discord.gg/metamask
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: https://docs.google.com/get_video_info
Source: chromecache_123.2.drString found in binary or memory: https://docs.metamask.io/
Source: chromecache_125.2.drString found in binary or memory: https://fontawesome.com
Source: chromecache_125.2.drString found in binary or memory: https://fontawesome.com/license/free
Source: chromecache_123.2.drString found in binary or memory: https://fonts.googleapis.com
Source: chromecache_123.2.drString found in binary or memory: https://fonts.googleapis.com/css2?family=Inter:wght
Source: chromecache_123.2.drString found in binary or memory: https://fonts.gstatic.com
Source: chromecache_100.2.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2)
Source: chromecache_100.2.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2)
Source: chromecache_100.2.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1pL7SUc.woff2)
Source: chromecache_100.2.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa25L7SUc.woff2)
Source: chromecache_100.2.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2JL7SUc.woff2)
Source: chromecache_100.2.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2ZL7SUc.woff2)
Source: chromecache_100.2.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2pL7SUc.woff2)
Source: chromecache_118.2.drString found in binary or memory: https://getbootstrap.com/)
Source: chromecache_109.2.dr, chromecache_102.2.dr, chromecache_101.2.dr, chromecache_120.2.drString found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: chromecache_123.2.drString found in binary or memory: https://github.com/metamask
Source: chromecache_118.2.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: https://i.ytimg.com/vi/
Source: chromecache_97.2.drString found in binary or memory: https://imagemagick.org
Source: chromecache_123.2.drString found in binary or memory: https://img.youtube.com/vi/G_JiU-6dcu8/maxresdefault.jpg
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: https://jnn-pa.googleapis.com
Source: chromecache_123.2.drString found in binary or memory: https://metamask-io-help.walletallinone.com
Source: chromecache_123.2.drString found in binary or memory: https://metamask-io-help.walletallinone.com.com
Source: chromecache_123.2.drString found in binary or memory: https://metamask-io-help.walletallinone.com.com/contact
Source: chromecache_123.2.drString found in binary or memory: https://metamask-io-help.walletallinone.com.com/images/og-image.png
Source: chromecache_123.2.drString found in binary or memory: https://metamask-io-help.walletallinone.com.com/path/to/logo.png
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: https://music.youtube.com
Source: chromecache_120.2.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_101.2.drString found in binary or memory: https://redux.js.org/api/store#subscribelistener
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: https://redux.js.org/tutorials/fundamentals/part-4-store#creating-a-store-with-enhancers
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: https://redux.js.org/tutorials/fundamentals/part-4-store#middleware
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: https://redux.js.org/tutorials/fundamentals/part-6-async-logic#using-the-redux-thunk-middleware
Source: chromecache_123.2.drString found in binary or memory: https://schema.org
Source: chromecache_123.2.drString found in binary or memory: https://schema.org/Answer
Source: chromecache_123.2.drString found in binary or memory: https://schema.org/Article
Source: chromecache_123.2.drString found in binary or memory: https://schema.org/Question
Source: chromecache_123.2.drString found in binary or memory: https://schema.org/VideoObject
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: https://support.google.com/youtube/?p=missing_quality
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: https://support.google.com/youtube/?p=noaudio
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: https://support.google.com/youtube/?p=report_playback
Source: chromecache_101.2.drString found in binary or memory: https://support.google.com/youtube/answer/3037019#check_ad_blockers&zippy=%2Ccheck-your-extensions-i
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: https://support.google.com/youtube/answer/6276924
Source: chromecache_123.2.drString found in binary or memory: https://twitter.com/metamask
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: https://viacon.corp.google.com
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: https://www.googleapis.com/certificateprovisioning/v1/devicecertificates/create?key=AIzaSyB-5OLKTx2i
Source: chromecache_115.2.dr, chromecache_91.2.drString found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: https://www.gstatic.com/ytlr/img/sign_in_avatar_default.png?rn=
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: https://www.youtube.com/api/drm/fps?ek=
Source: chromecache_123.2.drString found in binary or memory: https://www.youtube.com/embed/G_JiU-6dcu8
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: https://www.youtube.com/generate_204?cpn=
Source: chromecache_123.2.drString found in binary or memory: https://www.youtube.com/watch?v=G_JiU-6dcu8
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: https://youtu.be/
Source: chromecache_101.2.drString found in binary or memory: https://youtube.com/api/drm/fps?ek=uninitialized
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: https://youtubei.googleapis.com/youtubei/
Source: chromecache_109.2.dr, chromecache_101.2.drString found in binary or memory: https://yurt.corp.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: classification engineClassification label: mal60.win@21/63@38/20
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1988,i,3023118040620710755,13092615559266609221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.metamask-io-help.walletallinone.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5628 --field-trial-handle=1988,i,3023118040620710755,13092615559266609221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 --field-trial-handle=1988,i,3023118040620710755,13092615559266609221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1988,i,3023118040620710755,13092615559266609221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5628 --field-trial-handle=1988,i,3023118040620710755,13092615559266609221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 --field-trial-handle=1988,i,3023118040620710755,13092615559266609221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.