Attention: please enable javascript in order to properly view and use this malware analysis service.
AV Detection: Marked as clean Link E-Mail

https://m.youtube.com/channel/UCNT9XWOEy4HDc2jhC7KglnQ

This report is generated from a file or URL submitted to this webservice on January 29th 2021 07:38:33 (UTC) and action script Default browser analysis
Guest System: Windows 7 64 bit, Professional, 6.1 (build 7601), Service Pack 1
Falcon Sandbox v8.46.0 © Hybrid Analysis

Overview Re-analyze Hash Seen Before Request Report Deletion

Incident Response

Risk Assessment

Network Behavior
Contacts 12 domains and 14 hosts. View all details

Indicators

Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.

  • Suspicious Indicators 1

  • Network Related
    • Sends traffic on typical HTTP outbound port, but without HTTP header
      details
      TCP traffic to 216.58.195.78 on port 443 is sent without HTTP header
      TCP traffic to 216.58.194.195 on port 80 is sent without HTTP header
      TCP traffic to 216.58.194.174 on port 443 is sent without HTTP header
      TCP traffic to 216.58.217.202 on port 443 is sent without HTTP header
      TCP traffic to 172.217.6.54 on port 443 is sent without HTTP header
      TCP traffic to 172.217.6.67 on port 443 is sent without HTTP header
      TCP traffic to 172.217.164.109 on port 443 is sent without HTTP header
      TCP traffic to 216.58.194.194 on port 443 is sent without HTTP header
      TCP traffic to 142.250.72.193 on port 443 is sent without HTTP header
      TCP traffic to 216.58.195.65 on port 443 is sent without HTTP header
      TCP traffic to 142.250.72.196 on port 443 is sent without HTTP header
      TCP traffic to 172.217.129.72 on port 443 is sent without HTTP header
      TCP traffic to 216.58.194.166 on port 443 is sent without HTTP header
      TCP traffic to 172.217.164.99 on port 443 is sent without HTTP header
      source
      Network Traffic
      relevance
      5/10

  • Informative 15

  • Anti-Reverse Engineering
  • External Systems
  • General
    • Contacts domains
      details
      "ocsp.pki.goog"
      "fonts.googleapis.com"
      "fonts.gstatic.com"
      "googleads.g.doubleclick.net"
      "i.ytimg.com"
      "m.youtube.com"
      "r3---sn-vgqsknll.googlevideo.com"
      "s2.googleusercontent.com"
      source
      Network Traffic
      relevance
      1/10
    • Contacts server
      details
      "216.58.195.78:443"
      "216.58.194.195:80"
      "216.58.194.174:443"
      "216.58.217.202:443"
      "172.217.6.54:443"
      "172.217.6.67:443"
      "172.217.164.109:443"
      "216.58.194.194:443"
      "142.250.72.193:443"
      "216.58.195.65:443"
      "142.250.72.196:443"
      "172.217.129.72:443"
      "216.58.194.166:443"
      "172.217.164.99:443"
      source
      Network Traffic
      relevance
      1/10
    • Creates mutants
      details
      "\Sessions\1\BaseNamedObjects\IsoScope_e60_IESQMMUTEX_0_519"
      "IsoScope_e60_IE_EarlyTabStart_0xe8c_Mutex"
      "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"
      "Local\URLBLOCK_HASHFILESWITCH_MUTEX"
      "Local\URLBLOCK_DOWNLOAD_MUTEX"
      "IsoScope_e60_IESQMMUTEX_0_519"
      "IsoScope_e60_IESQMMUTEX_0_331"
      "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"
      "IsoScope_e60_ConnHashTable<3680>_HashTable_Mutex"
      "Local\ZonesCacheCounterMutex"
      "IsoScope_e60_IESQMMUTEX_0_303"
      "Local\URLBLOCK_FILEMAPSWITCH_MUTEX_3680"
      "Local\!BrowserEmulation!SharedMemory!Mutex"
      "Local\ZonesLockedCacheCounterMutex"
      "UpdatingNewTabPageData"
      "Local\VERMGMTBlockListFileMutex"
      "\Sessions\1\BaseNamedObjects\UpdatingNewTabPageData"
      "\Sessions\1\BaseNamedObjects\Local\!BrowserEmulation!SharedMemory!Mutex"
      "\Sessions\1\BaseNamedObjects\Local\VERMGMTBlockListFileMutex"
      "\Sessions\1\BaseNamedObjects\Local\URLBLOCK_FILEMAPSWITCH_MUTEX_3680"
      source
      Created Mutant
      relevance
      3/10
    • Drops files marked as clean
      details
      Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")
      source
      Extracted File
      relevance
      10/10
    • Process launched with changed environment
      details
      Process "iexplore.exe" (Show Process) was launched with new environment variables: "PATH="%PROGRAMFILES%\Internet Explorer;""
      Process "iexplore.exe" (Show Process) was launched with modified environment variables: "CommonProgramFiles, PROCESSOR_ARCHITECTURE, ProgramFiles"
      Process "iexplore.exe" (Show Process) was launched with missing environment variables: "PROCESSOR_ARCHITEW6432"
      source
      Monitored Target
      relevance
      10/10
    • Spawns new processes
      details
      Spawned process "iexplore.exe" with commandline "https://m.youtube.com/channel/UCNT9XWOEy4HDc2jhC7KglnQ" (Show Process)
      Spawned process "iexplore.exe" with commandline "SCODEF:3680 CREDAT:275457 /prefetch:2" (Show Process)
      source
      Monitored Target
      relevance
      3/10
    • Spawns new processes that are not known child processes
      details
      Spawned process "iexplore.exe" with commandline "https://m.youtube.com/channel/UCNT9XWOEy4HDc2jhC7KglnQ" (Show Process)
      Spawned process "iexplore.exe" with commandline "SCODEF:3680 CREDAT:275457 /prefetch:2" (Show Process)
      source
      Monitored Target
      relevance
      3/10
  • Installation/Persistence
    • Creates new processes
      details
      "iexplore.exe" is creating a new process (Name: "%PROGRAMFILES%\(x86)\Internet Explorer\iexplore.exe"
      Handle: )
      source
      API Call
      relevance
      8/10
    • Dropped files
      details
      "urlblockindex_1_.bin" has type "data"
      "~DF04CAF25C68FCE4EE.TMP" has type "data"
      "~DFFA446A71ACAF9196.TMP" has type "data"
      "ErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"
      "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"
      "~DFAB991F4BAE20B17E.TMP" has type "data"
      "M0_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 1055x450 frames 3"
      "favicon_5_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"
      "CC197601BE0898B7B0FCC91FA15D8A69_2CCD33DC6B953C59CA763F49AA395266" has type "data"
      "css_5_.css" has type "ASCII text"
      "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"
      "CC197601BE0898B7B0FCC91FA15D8A69_0F03B05A49E3FBE2499FB361FF96BE77" has type "data"
      "favicon_1_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"
      "0LWDN46S.txt" has type "ASCII text"
      "RecoveryStore._E187F56F-61FC-11EB-A653-08002758D148_.dat" has type "Composite Document File V2 Document Cannot read section info"
      "favicons_1_.png" has type "PNG image data 16 x 16 8-bit colormap non-interlaced"
      "www.youtube_1_.xml" has type "ASCII text with very long lines with no line terminators"
      "TUVXOKPM.txt" has type "ASCII text"
      source
      Extracted File
      relevance
      3/10
  • Network Related
    • Found potential URL in binary/memory
      details
      Pattern match: "https://m.youtube.com/channel/UCNT9XWOEy4HDc2jhC7KglnQ"
      Pattern match: "https://m.youtube.com"
      Heuristic match: "fonts.googleapis.com"
      Heuristic match: "fonts.gstatic.com"
      Heuristic match: "googleads.g.doubleclick.net"
      Heuristic match: "i.ytimg.com"
      Heuristic match: "m.youtube.com"
      Heuristic match: "r3---sn-vgqsknll.googlevideo.com"
      Heuristic match: "s2.googleusercontent.com"
      Heuristic match: "static.doubleclick.net"
      Pattern match: "www.gstatic.com"
      Pattern match: "www.youtube.com"
      Heuristic match: "yt3.ggpht.com"
      source
      String
      relevance
      10/10
  • Spyware/Information Retrieval
    • Found a reference to a known community page
      details
      "https://m.youtube.com/channel/UCNT9XWOEy4HDc2jhC7KglnQ" (Indicator: "youtube")
      "https://m.youtube.com" (Indicator: "youtube")
      "m.youtube.com" (Indicator: "youtube")
      "www.youtube.com" (Indicator: "youtube")
      source
      String
      relevance
      7/10
  • Unusual Characteristics
    • Drops cabinet archive files
      details
      "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4795 bytes 1 file"
      source
      Extracted File
      relevance
      10/10
    • Installs hooks/patches the running process
      details
      "iexplore.exe" wrote bytes "401c0af5fe070000" to virtual address "0xF43A2D78" (part of module "IEFRAME.DLL")
      "iexplore.exe" wrote bytes "401c0af5fe070000" to virtual address "0xFE4F5348" (part of module "SHLWAPI.DLL")
      "iexplore.exe" wrote bytes "40680ef5fe070000" to virtual address "0xFE4F5748" (part of module "SHLWAPI.DLL")
      "iexplore.exe" wrote bytes "401c0af5fe070000" to virtual address "0xFD6005A8" (part of module "OLEAUT32.DLL")
      "iexplore.exe" wrote bytes "401c0af5fe070000" to virtual address "0xFEFB3330" (part of module "IERTUTIL.DLL")
      "iexplore.exe" wrote bytes "b0620ef5fe070000" to virtual address "0xFF4EBE80" (part of module "OLE32.DLL")
      "iexplore.exe" wrote bytes "401c0af5fe070000" to virtual address "0xFF2F6FA0" (part of module "ADVAPI32.DLL")
      "iexplore.exe" wrote bytes "b0610ef5fe070000" to virtual address "0xFE4F55C0" (part of module "SHLWAPI.DLL")
      "iexplore.exe" wrote bytes "00ef0af5fe070000" to virtual address "0xFD600A30" (part of module "OLEAUT32.DLL")
      "iexplore.exe" wrote bytes "401c0af5fe070000" to virtual address "0xFECA1318" (part of module "MSCTF.DLL")
      "iexplore.exe" wrote bytes "401c0af5fe070000" to virtual address "0x773B29A8" (part of module "USER32.DLL")
      "iexplore.exe" wrote bytes "401c0af5fe070000" to virtual address "0xFF24D430" (part of module "IMM32.DLL")
      "iexplore.exe" wrote bytes "40680ef5fe070000" to virtual address "0xFDA81AF0" (part of module "SHELL32.DLL")
      "iexplore.exe" wrote bytes "b0620ef5fe070000" to virtual address "0xFDA81C30" (part of module "SHELL32.DLL")
      "iexplore.exe" wrote bytes "00ef0af5fe070000" to virtual address "0xFDA81F30" (part of module "SHELL32.DLL")
      "iexplore.exe" wrote bytes "50690ef5fe070000" to virtual address "0xF43A40E0" (part of module "IEFRAME.DLL")
      "iexplore.exe" wrote bytes "401c0af5fe070000" to virtual address "0xFB63F378" (part of module "UXTHEME.DLL")
      "iexplore.exe" wrote bytes "40680ef5fe070000" to virtual address "0xF43A3DD8" (part of module "IEFRAME.DLL")
      "iexplore.exe" wrote bytes "50070cf5fe070000" to virtual address "0xF43A3E58" (part of module "IEFRAME.DLL")
      "iexplore.exe" wrote bytes "d04fbcf3fe070000f01da53f01000000101ea53f01000000e036a53f01000000501ea53f010000000000000000000000" to virtual address "0x3FA58000"
      source
      Hook Detection
      relevance
      10/10

Session Details

No relevant data available.

Screenshots

Loading content, please wait...

Hybrid Analysis

Tip: Click an analysed process below to view more details.

Analysed 3 processes in total.

  • rundll32.exe "%WINDIR%\System32\ieframe.dll",OpenURL C:\cdaa2426a50b7dc52b8b265ea5179391caa31157ccfc28b85325806b28312f8e.url (PID: 3624)

Network Analysis

This report was generated with enabled TOR analysis

DNS Requests

Login to Download DNS Requests (CSV)
Domain Address Registrar Country
fonts.googleapis.com
OSINT 		172.217.4.74
TTL: 184 		MarkMonitor, Inc.
Organization: Google Inc.
Name Server: NS1.GOOGLE.COM
Creation Date: Tue, 25 Jan 2005 00:00:00 GMT 		Flag of United States United States
fonts.gstatic.com
OSINT 		172.217.0.3
TTL: 215 		MarkMonitor, Inc.
Organization: Google Inc.
Name Server: NS1.GOOGLE.COM
Creation Date: Mon, 11 Feb 2008 00:00:00 GMT 		Flag of United States United States
googleads.g.doubleclick.net
OSINT 		172.217.4.34
TTL: 161 		MarkMonitor, Inc.
Organization: Google Inc.
Name Server: NS1.GOOGLE.COM
Creation Date: Tue, 16 Jan 1996 00:00:00 GMT 		Flag of United States United States
i.ytimg.com
OSINT 		172.217.9.86
TTL: 299 		MarkMonitor, Inc.
Organization: Google Inc.
Name Server: NS1.GOOGLE.COM
Creation Date: Tue, 11 Dec 2007 00:00:00 GMT 		Flag of United States United States
m.youtube.com
OSINT 		172.217.4.78
TTL: 299 		MarkMonitor, Inc.
Organization: Google Inc.
Name Server: NS1.GOOGLE.COM
Creation Date: Tue, 15 Feb 2005 00:00:00 GMT 		Flag of United States United States
ocsp.pki.goog
OSINT 		216.58.194.195
TTL: 239 		- Flag of United States United States
r3---sn-vgqsknll.googlevideo.com
OSINT 		172.217.129.72
TTL: 1799 		MarkMonitor, Inc.
Organization: Google Inc.
Name Server: NS1.GOOGLE.COM
Creation Date: Sun, 25 May 2003 00:00:00 GMT 		Flag of United States United States
s2.googleusercontent.com
OSINT 		172.217.5.1
TTL: 21340 		MarkMonitor, Inc.
Organization: Google Inc.
Name Server: NS1.GOOGLE.COM
Creation Date: Mon, 17 Nov 2008 00:00:00 GMT 		Flag of United States United States
static.doubleclick.net
OSINT 		172.217.1.38
TTL: 21194 		MarkMonitor, Inc.
Organization: Google Inc.
Name Server: NS1.GOOGLE.COM
Creation Date: Tue, 16 Jan 1996 00:00:00 GMT 		Flag of United States United States
www.gstatic.com 172.217.0.3
TTL: 299 		- Flag of United States United States
www.youtube.com 172.217.4.110
TTL: 20496 		- Flag of United States United States
yt3.ggpht.com 172.217.9.33
TTL: 19111 		- Flag of United States United States

Contacted Hosts

Login to Download Contacted Hosts (CSV)
IP Address Port/Protocol Associated Process Details
216.58.195.78
443
TCP 		iexplore.exe
PID: 2192		 Flag of United States United States
216.58.194.195
80
TCP 		iexplore.exe
PID: 2192		 Flag of United States United States
216.58.194.174
443
TCP 		iexplore.exe
PID: 2192		 Flag of United States United States
216.58.217.202
443
TCP 		iexplore.exe
PID: 2192		 Flag of United States United States
172.217.6.54
443
TCP 		iexplore.exe
PID: 2192		 Flag of United States United States
172.217.6.67
443
TCP 		iexplore.exe
PID: 2192		 Flag of United States United States
172.217.164.109
443
TCP 		iexplore.exe
PID: 2192		 Flag of United States United States
216.58.194.194
443
TCP 		iexplore.exe
PID: 2192		 Flag of United States United States
142.250.72.193
443
TCP 		iexplore.exe
PID: 2192		 Flag of United States United States
216.58.195.65
443
TCP 		iexplore.exe
PID: 2192		 Flag of United States United States
142.250.72.196
443
TCP 		iexplore.exe
PID: 2192		 Flag of United States United States
172.217.129.72
443
TCP 		iexplore.exe
PID: 2192		 Flag of United States United States
216.58.194.166
443
TCP 		iexplore.exe
PID: 2192		 Flag of United States United States
172.217.164.99
443
TCP 		iexplore.exe
PID: 2192		 Flag of United States United States

Contacted Countries

HTTP Traffic

Endpoint Request URL
216.58.194.195:80 (ocsp.pki.goog) GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
216.58.194.195:80 (ocsp.pki.goog) GET /gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDHLJeKVKvb%2BAwAAAADHzU...
216.58.194.195:80 (ocsp.pki.goog) GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCSph7JeRt7BgMAAAAAx82r
216.58.194.195:80 (ocsp.pki.goog) GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCQs%2FPAqUkFkgUAAAAAhY...
216.58.194.195:80 (ocsp.pki.goog) GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCJL7s1TELEmwMAAAAAx82q
216.58.194.195:80 (ocsp.pki.goog) GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDIu5ETsE2OjwUAAAAAhZG0
216.58.194.195:80 (ocsp.pki.goog) GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDIu5ETsE2OjwUAAAAAhZG0
216.58.194.195:80 (ocsp.pki.goog) GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCghmcEt1dNJQUAAAAAhZEu
216.58.194.195:80 (ocsp.pki.goog) GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCjBrlfKsEEYgUAAAAAhZFz
216.58.194.195:80 (ocsp.pki.goog) GET /gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDSjLaRrzsnMBQAAAACFka8%...
216.58.194.195:80 (ocsp.pki.goog) GET /gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQD75i0ZOHaUTwMAAAAAyU3R
216.58.194.195:80 (ocsp.pki.goog) GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDktdR%2BbIMG6QUAAAAAhZ...

Extracted Strings

All Details:
Download All Memory Strings (2.3KiB)
"%WINDIR%\System32\ieframe.dll",OpenURL C:\cdaa2426a50b7dc52b8b265ea5179391caa31157ccfc28b85325806b28312f8e.url
Ansi based on Process Commandline (rundll32.exe)
%WINDIR%\system32\dinput8.dll
Unicode based on Runtime Data (iexplore.exe )
''__;_
Ansi based on Image Processing (screen_65.png)
,0__0__
Ansi based on Image Processing (screen_65.png)
,__?,
Ansi based on Image Processing (screen_0.png)
/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
Ansi based on PCAP Processing (PCAP)
/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQD75i0ZOHaUTwMAAAAAyU3R
Ansi based on PCAP Processing (PCAP)
/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDHLJeKVKvb%2BAwAAAADHzUc%3D
Ansi based on PCAP Processing (PCAP)
/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDSjLaRrzsnMBQAAAACFka8%3D
Ansi based on PCAP Processing (PCAP)
/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCghmcEt1dNJQUAAAAAhZEu
Ansi based on PCAP Processing (PCAP)
/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCjBrlfKsEEYgUAAAAAhZFz
Ansi based on PCAP Processing (PCAP)
/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCJL7s1TELEmwMAAAAAx82q
Ansi based on PCAP Processing (PCAP)
/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCQs%2FPAqUkFkgUAAAAAhY%2FM
Ansi based on PCAP Processing (PCAP)
/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCSph7JeRt7BgMAAAAAx82r
Ansi based on PCAP Processing (PCAP)
/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDIu5ETsE2OjwUAAAAAhZG0
Ansi based on PCAP Processing (PCAP)
/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDktdR%2BbIMG6QUAAAAAhZEs
Ansi based on PCAP Processing (PCAP)
0??____
Ansi based on Image Processing (screen_65.png)
0__00v0_D?Eo_s
Ansi based on Image Processing (screen_65.png)
0L?____
Ansi based on Image Processing (screen_33.png)
0n9CUltUr_
Ansi based on Image Processing (screen_65.png)
0s_GN_N
Ansi based on Image Processing (screen_65.png)
1FB86B1168EC743154062E8C9CC5B171A4B7CCB4
Unicode based on Runtime Data (iexplore.exe )
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
Unicode based on Runtime Data (iexplore.exe )
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
Unicode based on Runtime Data (iexplore.exe )
?__??____q0_?v_
Ansi based on Image Processing (screen_33.png)
?�������
Ansi based on Runtime Data (iexplore.exe )
?���������
Ansi based on Runtime Data (iexplore.exe )
_0?0_
Ansi based on Image Processing (screen_33.png)
_??____q0____
Ansi based on Image Processing (screen_65.png)
___,j
Ansi based on Image Processing (screen_33.png)
____,
Ansi based on Image Processing (screen_0.png)
________0_
Ansi based on Image Processing (screen_65.png)
________0_?l__l______q___?__
Ansi based on Image Processing (screen_0.png)
_______HomE
Ansi based on Image Processing (screen_65.png)
___cHANNELs
Ansi based on Image Processing (screen_65.png)
___D9
Ansi based on Image Processing (screen_0.png)
___httpc
Ansi based on Image Processing (screen_65.png)
___L_
Ansi based on Image Processing (screen_65.png)
__s_a_ch
Ansi based on Image Processing (screen_65.png)
_i,,,?___,ie,0
Ansi based on Image Processing (screen_0.png)
_pL_AyL_sTs
Ansi based on Image Processing (screen_33.png)
_pLAyL_sTs
Ansi based on Image Processing (screen_65.png)
_r___?_q__
Ansi based on Image Processing (screen_65.png)
_v______
Ansi based on Image Processing (screen_65.png)
_v_______
Ansi based on Image Processing (screen_33.png)
`\??\Volume{e47f4f43-d863-11e7-9d8f-806e6f6e6963}
Unicode based on Runtime Data (iexplore.exe )
`\??\Volume{e47f4f44-d863-11e7-9d8f-806e6f6e6963}
Unicode based on Runtime Data (iexplore.exe )
`\??\Volume{e47f4f47-d863-11e7-9d8f-806e6f6e6963}
Unicode based on Runtime Data (iexplore.exe )
AddToFavoritesInitialSelection
Unicode based on Runtime Data (iexplore.exe )
AddToFeedsInitialSelection
Unicode based on Runtime Data (iexplore.exe )
AdminActive
Unicode based on Runtime Data (iexplore.exe )
audone
Unicode based on Runtime Data (iexplore.exe )
AutoConfigURL
Unicode based on Runtime Data (iexplore.exe )
AutoDetect
Unicode based on Runtime Data (iexplore.exe )
aYauTube
Ansi based on Image Processing (screen_65.png)
BackupDefaultSearchScope
Unicode based on Runtime Data (iexplore.exe )
C____
Ansi based on Image Processing (screen_65.png)
CachePrefix
Unicode based on Runtime Data (iexplore.exe )
commuN__Ty
Ansi based on Image Processing (screen_65.png)
CompatibilityFlags
Unicode based on Runtime Data (iexplore.exe )
Cookie:
Unicode based on Runtime Data (iexplore.exe )
Count
Unicode based on Runtime Data (iexplore.exe )
DecayDateQueue
Unicode based on Runtime Data (iexplore.exe )
en-US
Unicode based on Runtime Data (iexplore.exe )
en-US.4
Unicode based on Runtime Data (iexplore.exe )
Fav0r_t_s
Ansi based on Image Processing (screen_65.png)
fonts.googleapis.com
Ansi based on PCAP Processing (PCAP)
fonts.gstatic.com
Ansi based on PCAP Processing (PCAP)
FullScreen
Unicode based on Runtime Data (iexplore.exe )
GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
GET /gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQD75i0ZOHaUTwMAAAAAyU3R HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
GET /gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDHLJeKVKvb%2BAwAAAADHzUc%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
GET /gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDSjLaRrzsnMBQAAAACFka8%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCghmcEt1dNJQUAAAAAhZEu HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCjBrlfKsEEYgUAAAAAhZFz HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCJL7s1TELEmwMAAAAAx82q HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCQs%2FPAqUkFkgUAAAAAhY%2FM HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCSph7JeRt7BgMAAAAAx82r HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDIu5ETsE2OjwUAAAAAhZG0 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDktdR%2BbIMG6QUAAAAAhZEs HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
googleads.g.doubleclick.net
Ansi based on PCAP Processing (PCAP)
HashFileVersionHighPart
Unicode based on Runtime Data (iexplore.exe )
HashFileVersionLowPart
Unicode based on Runtime Data (iexplore.exe )
https://m.youtube.com
Ansi based on Submission Context (Input)
https://m.youtube.com/channel/UCNT9XWOEy4HDc2jhC7KglnQ
Ansi based on Submission Context (Input)
i.ytimg.com
Ansi based on PCAP Processing (PCAP)
I_e_vs
Ansi based on Image Processing (screen_65.png)
IntranetName
Unicode based on Runtime Data (iexplore.exe )
Kedence
Ansi based on Image Processing (screen_65.png)
Kėdence
Ansi based on Image Processing (screen_65.png)
LanguageList
Unicode based on Runtime Data (iexplore.exe )
LastCheckForUpdateHighDateTime
Unicode based on Runtime Data (iexplore.exe )
LastCheckForUpdateLowDateTime
Unicode based on Runtime Data (iexplore.exe )
LastProcessed
Unicode based on Runtime Data (iexplore.exe )
LastUpdateHighDateTime
Unicode based on Runtime Data (iexplore.exe )
LastUpdateLowDateTime
Unicode based on Runtime Data (iexplore.exe )
LoadTimeArray
Unicode based on Runtime Data (iexplore.exe )
m.youtube.com
Ansi based on PCAP Processing (PCAP)
Mak_ng
Ansi based on Image Processing (screen_65.png)
Mak_ng.
Ansi based on Image Processing (screen_65.png)
Microsoft-CryptoAPI/6.1
Ansi based on PCAP Processing (PCAP)
Mus_c
Ansi based on Image Processing (screen_65.png)
Network 4
Unicode based on Runtime Data (iexplore.exe )
NextCheckForUpdateHighDateTime
Unicode based on Runtime Data (iexplore.exe )
NextCheckForUpdateLowDateTime
Unicode based on Runtime Data (iexplore.exe )
NextNTPConfigUpdateDate
Unicode based on Runtime Data (iexplore.exe )
NextUpdateDate
Unicode based on Runtime Data (iexplore.exe )
NTPDaysSinceLastAutoMigration
Unicode based on Runtime Data (iexplore.exe )
NTPGoldbarCancelText
Unicode based on Runtime Data (iexplore.exe )
NTPGoldbarOKText
Unicode based on Runtime Data (iexplore.exe )
NTPGoldbarText
Unicode based on Runtime Data (iexplore.exe )
NTPLastLaunchHighDateTime
Unicode based on Runtime Data (iexplore.exe )
NTPLastLaunchLowDateTime
Unicode based on Runtime Data (iexplore.exe )
NTPMigrationVer
Unicode based on Runtime Data (iexplore.exe )
NTPMSNintervalInDays
Unicode based on Runtime Data (iexplore.exe )
NTPOnlinePortalVer
Unicode based on Runtime Data (iexplore.exe )
NTPRestoreBarLimit
Unicode based on Runtime Data (iexplore.exe )
ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
Oft_c_al
Ansi based on Image Processing (screen_65.png)
ProxyBypass
Unicode based on Runtime Data (iexplore.exe )
ProxyEnable
Unicode based on Runtime Data (iexplore.exe )
ProxyOverride
Unicode based on Runtime Data (iexplore.exe )
ProxyServer
Unicode based on Runtime Data (iexplore.exe )
r3---sn-vgqsknll.googlevideo.com
Ansi based on PCAP Processing (PCAP)
s2.googleusercontent.com
Ansi based on PCAP Processing (PCAP)
SavedLegacySettings
Unicode based on Runtime Data (iexplore.exe )
SCODEF:3680 CREDAT:275457 /prefetch:2
Ansi based on Process Commandline (iexplore.exe)
SecuritySafe
Unicode based on Runtime Data (iexplore.exe )
static.doubleclick.net
Ansi based on PCAP Processing (PCAP)
T00ls
Ansi based on Image Processing (screen_65.png)
TabBandWidth
Unicode based on Runtime Data (iexplore.exe )
Total
Unicode based on Runtime Data (iexplore.exe )
tPLAYALL
Ansi based on Image Processing (screen_65.png)
UNCAsIntranet
Unicode based on Runtime Data (iexplore.exe )
Uploads
Ansi based on Image Processing (screen_65.png)
v_DEos
Ansi based on Image Processing (screen_33.png)
Version
Unicode based on Runtime Data (iexplore.exe )
Videa
Ansi based on Image Processing (screen_65.png)
Visited:
Unicode based on Runtime Data (iexplore.exe )
Window_Placement
Unicode based on Runtime Data (iexplore.exe )
WpadDecision
Unicode based on Runtime Data (iexplore.exe )
WpadDecisionReason
Unicode based on Runtime Data (iexplore.exe )
WpadDecisionTime
Unicode based on Runtime Data (iexplore.exe )
WpadDetectedUrl
Unicode based on Runtime Data (iexplore.exe )
WpadNetworkName
Unicode based on Runtime Data (iexplore.exe )
WS not running
Unicode based on Runtime Data (iexplore.exe )
www.gstatic.com
Ansi based on PCAP Processing (PCAP)
www.youtube.com
Ansi based on PCAP Processing (PCAP)
Y0UTUb_
Ansi based on Image Processing (screen_65.png)
years
Ansi based on Image Processing (screen_65.png)
youtub_comcha!_!_a!L!cr_TJ\.oEJHDc_Jhc__J
Ansi based on Image Processing (screen_33.png)
youtub_comcha____a_L_cr_TJ\.oEJHDc_Jhc'_J
Ansi based on Image Processing (screen_65.png)
yt3.ggpht.com
Ansi based on PCAP Processing (PCAP)
{00000000-0000-0000-0000-000000000000}
Unicode based on Runtime Data (iexplore.exe )
{E187F56F-61FC-11EB-A653-08002758D148}
Unicode based on Runtime Data (iexplore.exe )
"%WINDIR%\System32\ieframe.dll",OpenURL C:\cdaa2426a50b7dc52b8b265ea5179391caa31157ccfc28b85325806b28312f8e.url
Ansi based on Process Commandline (rundll32.exe)
___httpc
Ansi based on Image Processing (screen_65.png)
`\??\Volume{e47f4f43-d863-11e7-9d8f-806e6f6e6963}
Unicode based on Runtime Data (iexplore.exe )
`\??\Volume{e47f4f44-d863-11e7-9d8f-806e6f6e6963}
Unicode based on Runtime Data (iexplore.exe )
`\??\Volume{e47f4f47-d863-11e7-9d8f-806e6f6e6963}
Unicode based on Runtime Data (iexplore.exe )
commuN__Ty
Ansi based on Image Processing (screen_65.png)
CompatibilityFlags
Unicode based on Runtime Data (iexplore.exe )
fonts.googleapis.com
Ansi based on PCAP Processing (PCAP)
fonts.gstatic.com
Ansi based on PCAP Processing (PCAP)
FullScreen
Unicode based on Runtime Data (iexplore.exe )
googleads.g.doubleclick.net
Ansi based on PCAP Processing (PCAP)
HashFileVersionHighPart
Unicode based on Runtime Data (iexplore.exe )
HashFileVersionLowPart
Unicode based on Runtime Data (iexplore.exe )
https://m.youtube.com
Ansi based on Submission Context (Input)
https://m.youtube.com/channel/UCNT9XWOEy4HDc2jhC7KglnQ
Ansi based on Submission Context (Input)
i.ytimg.com
Ansi based on PCAP Processing (PCAP)
LastProcessed
Unicode based on Runtime Data (iexplore.exe )
m.youtube.com
Ansi based on PCAP Processing (PCAP)
NTPOnlinePortalVer
Unicode based on Runtime Data (iexplore.exe )
r3---sn-vgqsknll.googlevideo.com
Ansi based on PCAP Processing (PCAP)
s2.googleusercontent.com
Ansi based on PCAP Processing (PCAP)
SCODEF:3680 CREDAT:275457 /prefetch:2
Ansi based on Process Commandline (iexplore.exe)
static.doubleclick.net
Ansi based on PCAP Processing (PCAP)
Version
Unicode based on Runtime Data (iexplore.exe )
www.gstatic.com
Ansi based on PCAP Processing (PCAP)
www.youtube.com
Ansi based on PCAP Processing (PCAP)
youtub_comcha!_!_a!L!cr_TJ\.oEJHDc_Jhc__J
Ansi based on Image Processing (screen_33.png)
youtub_comcha____a_L_cr_TJ\.oEJHDc_Jhc'_J
Ansi based on Image Processing (screen_65.png)
yt3.ggpht.com
Ansi based on PCAP Processing (PCAP)
{00000000-0000-0000-0000-000000000000}
Unicode based on Runtime Data (iexplore.exe )
{E187F56F-61FC-11EB-A653-08002758D148}
Unicode based on Runtime Data (iexplore.exe )
"%WINDIR%\System32\ieframe.dll",OpenURL C:\cdaa2426a50b7dc52b8b265ea5179391caa31157ccfc28b85325806b28312f8e.url
Ansi based on Process Commandline (rundll32.exe)
%WINDIR%\system32\dinput8.dll
Unicode based on Runtime Data (iexplore.exe )
?�������
Ansi based on Runtime Data (iexplore.exe )
?���������
Ansi based on Runtime Data (iexplore.exe )
AddToFavoritesInitialSelection
Unicode based on Runtime Data (iexplore.exe )
AddToFeedsInitialSelection
Unicode based on Runtime Data (iexplore.exe )
audone
Unicode based on Runtime Data (iexplore.exe )
Total
Unicode based on Runtime Data (iexplore.exe )
''__;_
Ansi based on Image Processing (screen_65.png)
,0__0__
Ansi based on Image Processing (screen_65.png)
0??____
Ansi based on Image Processing (screen_65.png)
0__00v0_D?Eo_s
Ansi based on Image Processing (screen_65.png)
0n9CUltUr_
Ansi based on Image Processing (screen_65.png)
0s_GN_N
Ansi based on Image Processing (screen_65.png)
_??____q0____
Ansi based on Image Processing (screen_65.png)
________0_
Ansi based on Image Processing (screen_65.png)
_______HomE
Ansi based on Image Processing (screen_65.png)
___cHANNELs
Ansi based on Image Processing (screen_65.png)
___httpc
Ansi based on Image Processing (screen_65.png)
___L_
Ansi based on Image Processing (screen_65.png)
__s_a_ch
Ansi based on Image Processing (screen_65.png)
_pLAyL_sTs
Ansi based on Image Processing (screen_65.png)
_r___?_q__
Ansi based on Image Processing (screen_65.png)
_v______
Ansi based on Image Processing (screen_65.png)
aYauTube
Ansi based on Image Processing (screen_65.png)
C____
Ansi based on Image Processing (screen_65.png)
commuN__Ty
Ansi based on Image Processing (screen_65.png)
Fav0r_t_s
Ansi based on Image Processing (screen_65.png)
I_e_vs
Ansi based on Image Processing (screen_65.png)
Kedence
Ansi based on Image Processing (screen_65.png)
Kėdence
Ansi based on Image Processing (screen_65.png)
Mak_ng
Ansi based on Image Processing (screen_65.png)
Mak_ng.
Ansi based on Image Processing (screen_65.png)
Mus_c
Ansi based on Image Processing (screen_65.png)
Oft_c_al
Ansi based on Image Processing (screen_65.png)
T00ls
Ansi based on Image Processing (screen_65.png)
tPLAYALL
Ansi based on Image Processing (screen_65.png)
Uploads
Ansi based on Image Processing (screen_65.png)
Videa
Ansi based on Image Processing (screen_65.png)
Y0UTUb_
Ansi based on Image Processing (screen_65.png)
years
Ansi based on Image Processing (screen_65.png)
youtub_comcha____a_L_cr_TJ\.oEJHDc_Jhc'_J
Ansi based on Image Processing (screen_65.png)
,__?,
Ansi based on Image Processing (screen_0.png)
____,
Ansi based on Image Processing (screen_0.png)
________0_?l__l______q___?__
Ansi based on Image Processing (screen_0.png)
___D9
Ansi based on Image Processing (screen_0.png)
_i,,,?___,ie,0
Ansi based on Image Processing (screen_0.png)
/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
Ansi based on PCAP Processing (PCAP)
/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQD75i0ZOHaUTwMAAAAAyU3R
Ansi based on PCAP Processing (PCAP)
/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDHLJeKVKvb%2BAwAAAADHzUc%3D
Ansi based on PCAP Processing (PCAP)
/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDSjLaRrzsnMBQAAAACFka8%3D
Ansi based on PCAP Processing (PCAP)
/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCghmcEt1dNJQUAAAAAhZEu
Ansi based on PCAP Processing (PCAP)
/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCjBrlfKsEEYgUAAAAAhZFz
Ansi based on PCAP Processing (PCAP)
/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCJL7s1TELEmwMAAAAAx82q
Ansi based on PCAP Processing (PCAP)
/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCQs%2FPAqUkFkgUAAAAAhY%2FM
Ansi based on PCAP Processing (PCAP)
/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCSph7JeRt7BgMAAAAAx82r
Ansi based on PCAP Processing (PCAP)
/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDIu5ETsE2OjwUAAAAAhZG0
Ansi based on PCAP Processing (PCAP)
/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDktdR%2BbIMG6QUAAAAAhZEs
Ansi based on PCAP Processing (PCAP)
fonts.googleapis.com
Ansi based on PCAP Processing (PCAP)
fonts.gstatic.com
Ansi based on PCAP Processing (PCAP)
GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
GET /gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQD75i0ZOHaUTwMAAAAAyU3R HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
GET /gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDHLJeKVKvb%2BAwAAAADHzUc%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
GET /gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDSjLaRrzsnMBQAAAACFka8%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCghmcEt1dNJQUAAAAAhZEu HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCjBrlfKsEEYgUAAAAAhZFz HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCJL7s1TELEmwMAAAAAx82q HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCQs%2FPAqUkFkgUAAAAAhY%2FM HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCSph7JeRt7BgMAAAAAx82r HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDIu5ETsE2OjwUAAAAAhZG0 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
GET /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDktdR%2BbIMG6QUAAAAAhZEs HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
googleads.g.doubleclick.net
Ansi based on PCAP Processing (PCAP)
i.ytimg.com
Ansi based on PCAP Processing (PCAP)
m.youtube.com
Ansi based on PCAP Processing (PCAP)
Microsoft-CryptoAPI/6.1
Ansi based on PCAP Processing (PCAP)
ocsp.pki.goog
Ansi based on PCAP Processing (PCAP)
r3---sn-vgqsknll.googlevideo.com
Ansi based on PCAP Processing (PCAP)
s2.googleusercontent.com
Ansi based on PCAP Processing (PCAP)
static.doubleclick.net
Ansi based on PCAP Processing (PCAP)
www.gstatic.com
Ansi based on PCAP Processing (PCAP)
www.youtube.com
Ansi based on PCAP Processing (PCAP)
yt3.ggpht.com
Ansi based on PCAP Processing (PCAP)
0L?____
Ansi based on Image Processing (screen_33.png)
?__??____q0_?v_
Ansi based on Image Processing (screen_33.png)
_0?0_
Ansi based on Image Processing (screen_33.png)
___,j
Ansi based on Image Processing (screen_33.png)
_pL_AyL_sTs
Ansi based on Image Processing (screen_33.png)
_v_______
Ansi based on Image Processing (screen_33.png)
v_DEos
Ansi based on Image Processing (screen_33.png)
youtub_comcha!_!_a!L!cr_TJ\.oEJHDc_Jhc__J
Ansi based on Image Processing (screen_33.png)
1FB86B1168EC743154062E8C9CC5B171A4B7CCB4
Unicode based on Runtime Data (iexplore.exe )
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
Unicode based on Runtime Data (iexplore.exe )
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
Unicode based on Runtime Data (iexplore.exe )
`\??\Volume{e47f4f43-d863-11e7-9d8f-806e6f6e6963}
Unicode based on Runtime Data (iexplore.exe )
`\??\Volume{e47f4f44-d863-11e7-9d8f-806e6f6e6963}
Unicode based on Runtime Data (iexplore.exe )
`\??\Volume{e47f4f47-d863-11e7-9d8f-806e6f6e6963}
Unicode based on Runtime Data (iexplore.exe )
AdminActive
Unicode based on Runtime Data (iexplore.exe )
AutoConfigURL
Unicode based on Runtime Data (iexplore.exe )
AutoDetect
Unicode based on Runtime Data (iexplore.exe )
BackupDefaultSearchScope
Unicode based on Runtime Data (iexplore.exe )
CachePrefix
Unicode based on Runtime Data (iexplore.exe )
CompatibilityFlags
Unicode based on Runtime Data (iexplore.exe )
Cookie:
Unicode based on Runtime Data (iexplore.exe )
Count
Unicode based on Runtime Data (iexplore.exe )
DecayDateQueue
Unicode based on Runtime Data (iexplore.exe )
en-US
Unicode based on Runtime Data (iexplore.exe )
en-US.4
Unicode based on Runtime Data (iexplore.exe )
FullScreen
Unicode based on Runtime Data (iexplore.exe )
HashFileVersionHighPart
Unicode based on Runtime Data (iexplore.exe )
HashFileVersionLowPart
Unicode based on Runtime Data (iexplore.exe )
IntranetName
Unicode based on Runtime Data (iexplore.exe )
LanguageList
Unicode based on Runtime Data (iexplore.exe )
LastCheckForUpdateHighDateTime
Unicode based on Runtime Data (iexplore.exe )
LastCheckForUpdateLowDateTime
Unicode based on Runtime Data (iexplore.exe )
LastProcessed
Unicode based on Runtime Data (iexplore.exe )
LastUpdateHighDateTime
Unicode based on Runtime Data (iexplore.exe )
LastUpdateLowDateTime
Unicode based on Runtime Data (iexplore.exe )
LoadTimeArray
Unicode based on Runtime Data (iexplore.exe )
Network 4
Unicode based on Runtime Data (iexplore.exe )
NextCheckForUpdateHighDateTime
Unicode based on Runtime Data (iexplore.exe )
NextCheckForUpdateLowDateTime
Unicode based on Runtime Data (iexplore.exe )
NextNTPConfigUpdateDate
Unicode based on Runtime Data (iexplore.exe )
NextUpdateDate
Unicode based on Runtime Data (iexplore.exe )
NTPDaysSinceLastAutoMigration
Unicode based on Runtime Data (iexplore.exe )
NTPGoldbarCancelText
Unicode based on Runtime Data (iexplore.exe )
NTPGoldbarOKText
Unicode based on Runtime Data (iexplore.exe )
NTPGoldbarText
Unicode based on Runtime Data (iexplore.exe )
NTPLastLaunchHighDateTime
Unicode based on Runtime Data (iexplore.exe )
NTPLastLaunchLowDateTime
Unicode based on Runtime Data (iexplore.exe )
NTPMigrationVer
Unicode based on Runtime Data (iexplore.exe )
NTPMSNintervalInDays
Unicode based on Runtime Data (iexplore.exe )
NTPOnlinePortalVer
Unicode based on Runtime Data (iexplore.exe )
NTPRestoreBarLimit
Unicode based on Runtime Data (iexplore.exe )
ProxyBypass
Unicode based on Runtime Data (iexplore.exe )
ProxyEnable
Unicode based on Runtime Data (iexplore.exe )
ProxyOverride
Unicode based on Runtime Data (iexplore.exe )
ProxyServer
Unicode based on Runtime Data (iexplore.exe )
SavedLegacySettings
Unicode based on Runtime Data (iexplore.exe )
SecuritySafe
Unicode based on Runtime Data (iexplore.exe )
TabBandWidth
Unicode based on Runtime Data (iexplore.exe )
UNCAsIntranet
Unicode based on Runtime Data (iexplore.exe )
Version
Unicode based on Runtime Data (iexplore.exe )
Visited:
Unicode based on Runtime Data (iexplore.exe )
Window_Placement
Unicode based on Runtime Data (iexplore.exe )
WpadDecision
Unicode based on Runtime Data (iexplore.exe )
WpadDecisionReason
Unicode based on Runtime Data (iexplore.exe )
WpadDecisionTime
Unicode based on Runtime Data (iexplore.exe )
WpadDetectedUrl
Unicode based on Runtime Data (iexplore.exe )
WpadNetworkName
Unicode based on Runtime Data (iexplore.exe )
WS not running
Unicode based on Runtime Data (iexplore.exe )
{00000000-0000-0000-0000-000000000000}
Unicode based on Runtime Data (iexplore.exe )
{E187F56F-61FC-11EB-A653-08002758D148}
Unicode based on Runtime Data (iexplore.exe )
https://m.youtube.com
Ansi based on Submission Context (Input)
https://m.youtube.com/channel/UCNT9XWOEy4HDc2jhC7KglnQ
Ansi based on Submission Context (Input)
SCODEF:3680 CREDAT:275457 /prefetch:2
Ansi based on Process Commandline (iexplore.exe)

Extracted Files

Displaying 50 extracted file(s). The remaining 65 file(s) are available in the full version and XML/JSON reports.

  • Clean 1

    • urlblockindex_1_.bin
      Download Disabled VirusTotal Report Hash Seen Before
      Size
      16B (16 bytes)
      Type
      data
      AV Scan Result
      0/55
      MD5
      fa518e3dfae8ca3a0e495460fd60c791 Copy MD5 to clipboard
      SHA1
      e4f30e49120657d37267c0162fd4a08934800c69 Copy SHA1 to clipboard
      SHA256
      775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7 Copy SHA256 to clipboard

  • Informative Selection 1

    • ver764.tmp
      Download Disabled Hash Seen Before
      Size
      16KiB (16339 bytes)
      Type
      text
      Description
      XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
      Runtime Process
      iexplore.exe (PID: 2192)
      MD5
      cbd0581678fa40f0edcbc7c59e0cad10 Copy MD5 to clipboard
      SHA1
      a1463fbcc9b96a8929f8a335f75a89147b300715 Copy SHA1 to clipboard
      SHA256
      159bd4343f344a08f6af3b716b6fa679859c1bd1d7030d26ff5ef0255b86e1d9 Copy SHA256 to clipboard

Notifications

  • Runtime

  • Network whitenoise filtering was applied
  • Not all IP/URL string resources were checked online
  • Not all file accesses are visible for iexplore.exe (PID: 2192)
  • Not all file accesses are visible for iexplore.exe (PID: 3680)
  • Not all sources for indicator ID "binary-0" are available in the report
  • Not all sources for indicator ID "hooks-8" are available in the report
  • Not all sources for indicator ID "mutant-0" are available in the report
  • Not all sources for indicator ID "network-0" are available in the report
  • Some low-level data is hidden, as this is only a slim report
  • This URL analysis has missing honeyclient data

Community