Network Behavior Contacts 3 domains and 9 hosts.

MITRE ATT&CK™ Techniques Detection

This report has 1 indicators that were mapped to 1 attack techniques and 1 tactics.

Indicators

Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.

• Network Related
  • details TCP traffic to 172.253.62.93 on port 443 is sent without HTTP header

    TCP traffic to 142.250.73.195 on port 80 is sent without HTTP header  
    TCP traffic to 172.217.164.142 on port 80 is sent without HTTP header  
    TCP traffic to 172.217.13.66 on port 443 is sent without HTTP header  
    TCP traffic to 142.251.16.148 on port 443 is sent without HTTP header  
    TCP traffic to 172.253.62.95 on port 443 is sent without HTTP header  
    TCP traffic to 142.250.73.246 on port 443 is sent without HTTP header  
    TCP traffic to 142.250.81.193 on port 443 is sent without HTTP header  
    TCP traffic to 172.253.115.139 on port 443 is sent without HTTP header source Network Traffic relevance 5/10

• General
  • details "ocsp.pki.goog"

    "crls.pki.goog"  
    "crl.pki.goog" source Network Traffic relevance 1/10  

  • details "172.253.62.93:443" "142.250.73.195:80" "172.217.164.142:80" "172.217.13.66:443" "142.251.16.148:443" "172.253.62.95:443" "142.250.73.246:443" "142.250.81.193:443" "172.253.115.139:443" source Network Traffic relevance 1/10
  • details "Local\\InternetShortcutMutex" "IsoScope\_6d0\_IESQMMUTEX\_0\_519" "Local\\ZonesLockedCacheCounterMutex" "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}" "Local\\URLBLOCK\_HASHFILESWITCH\_MUTEX" "Local\\ZonesCacheCounterMutex" "IsoScope\_6d0\_ConnHashTable<1744>\_HashTable\_Mutex" "Local\\VERMGMTBlockListFileMutex" "IsoScope\_6d0\_IE\_EarlyTabStart\_0x3f4\_Mutex" "IsoScope\_6d0\_IESQMMUTEX\_0\_303" "Local\\URLBLOCK\_FILEMAPSWITCH\_MUTEX\_1744" "Local\\URLBLOCK\_DOWNLOAD\_MUTEX" "IsoScope\_6d0\_IESQMMUTEX\_0\_331" "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}" "Local\\!BrowserEmulation!SharedMemory!Mutex" "UpdatingNewTabPageData" "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex" "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex" "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK\_FILEMAPSWITCH\_MUTEX\_1744" "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK\_HASHFILESWITCH\_MUTEX" source Created Mutant relevance 3/10
  • details Antivirus vendors marked dropped file "urlblockindex\_1\_.bin" as clean (type is "data") source Binary File relevance 10/10
  • details "ponse:xhr.responseText;resolve(new Response(body,options))};xhr.onerror=function(){reject(new TypeError("Network request failed"))};xhr.ontimeout=function(){reject(new TypeError("Network request failed"))};xhr.open(request.method,request.url,true);if(request.credentials==="include")xhr.withCredentials=true;if("responseType"in xhr&&support.blob)xhr.responseType="blob";request.headers.forEach(function(value,name){xhr.setRequestHeader(name,value)});xhr.send(typeof request.\_bodyInit==="undefined"? null:request._bodyInit)})};self.fetch.polyfill=true})(typeof self!=="undefined"?self:this);" (Indicator: "open") in Source: SSL_172.253.62.93

    "bsolute;overflow:hidden;border-radius:2px;background:rgba(28,28,28,.9);text-shadow:0 0 2px rgba(0,0,0,.5);-webkit-transition:opacity .1s cubic-bezier(0,0,0.2,1);transition:opacity .1s cubic-bezier(0,0,0.2,1);-moz-user-select:none;-ms-user-select:none;-webkit-user-select:none}.ytp-dni .ytp-popup{text-shadow:none}.ytp-popup\[aria-hidden=true\]{opacity:0;-webkit-transition:opacity .1s cubic-bezier(0.4,0,1,1);transition:opacity .1s cubic-bezier(0.4,0,1,1)}.ytp-popup-animating{-webkit-transition:all .25s cubic-bezier(0.4,0,0.2,1);transition:all ." (Indicator: "select") in Source: SSL\_172.253.62.93  
    ",c=a.S(),(f=YEa(a))?(d={format:"RAW",method:"POST",withCredentials:!0,timeout:3E4,postParams:f},e=dt(b,{action\_display\_post:1})):(d={format:"RAW",method:"GET",withCredentials:!0,timeout:3E4},e=b),h={},c.sendVisitorIdHeader&&a.visitorData&&(h\["X-Goog-Visitor-Id"\]=a.visitorData),(l=g.nD(c.experiments,"debug\_sherlog\_username"))&&(h\["X-Youtube-Sherlog-Username"\]=l),0

    h),m=(0,g.U)(),n=function(E){if(!a.isDisposed()){E=E?E.status:-1;var G=0,H=((0,g.U)()-m).toFixed();H={backend:"gvi",rc:""+E,rt:H};var K="manifes" (Indicator: "send") in Source: SSL_172.253.62.93, "(a.locationInfo=c)}Z9("Connecting to: "+g.Rh(b));"cast-selector-receiver"==b.key?(a$(a||null) b=a||null C9()?A9().setLaunchParams(b):z9("setLaunchParams called before ready.")):!a&&Nab()&& Y9()==b.key?b8("yt-remote-connection-change",!0):(f$() a$(a||null) a=X9().Xi() (b=g8(a,b.key))&&g$(b,1))}}} bbb=function(a){a.player.yb().Lc()?a.player.pauseVideo():(a.rz=function(b){!a.vz&&g.SH(b,8)&&(a.player.pauseVideo() l$(a))} a.player.addEventListener("presentingplayerstatechange",a.rz)); a.Jv&&a.Jv.td();d$()||(h$=!0)}; g.Zp.prototype.rp=g.ba(1,fun" (Indicator: "connect") in Source: SSL_172.253.62.93

    "ty-change"  
    

    w9(this)) b(!0))} this) (0,g.Oa)(function(f){this.Ve("Failed to initialize API: "+g.Rh(f)); b(!1)} this))}; g.k.L2=function(a,b){v9("Setting connected screen ID: "+a+" -> "+b);if(this.j){var c=this.j.getScreen();if(!a||c&&c.id!=a)v9("Unsetting old screen status: "+this.j.j.friendlyName) x9(this,null)}if(a&&b){if(!this.j){c=g8(this.u.Xi() a);if(!c){v9("setConnectedScreenStatus: Unknown screen.");return}if("shortLived"==c.idType){v9("setConnectedScreenStatus: Screen with id type to be short lived.");return}a=N$a(this,c);a||(v9("se" (Indicator: "connect") in Source: SSL_172.253.62.93 source File/Memory relevance 1/10
• Installation/Persistence
  • details "F07644E38ED7C9F37D11EEC6D4335E02_4F02F4B720D41C3DBE8C57CBF1EBB7DD" has type "data"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_4F02F4B720D41C3DBE8C57CBF1EBB7DD]- [targetUID: 00000000-00003072]

    "CAF4703619713E3F18D8A9D5D88D6288\_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: \[%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288\_A7725538C46DE2D0088EE44974E2CEBA\]- \[targetUID: 00000000-00003072\]  
    "6DB145CFEEC544B1582FED1ADA3370DD" has type "data"- Location: \[%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6DB145CFEEC544B1582FED1ADA3370DD\]- \[targetUID: 00000000-00001744\]  
    "69C6F6EC64E114822DF688DC12CDD86C" has type "data"- Location: \[%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\69C6F6EC64E114822DF688DC12CDD86C\]- \[targetUID: 00000000-00001744\]  
    "265C0DEB29181DD1891051371C5F863A\_C668445AACCF7A560A7B569C97BA4550" has type "data"- Location: \[%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\265C0DEB29181DD1891051371C5F863A\_C668445AACCF7A560A7B569C97BA4550\]- \[targetUID: 00000000-00003072\]  
    "\~DF680849029393C7FA.TMP" has type "data"- Location: \[%TEMP%\\\~DF680849029393C7FA.TMP\]- \[targetUID: 00000000-00001744\]  
    "80237EE4964FC9C409AAF55BF996A292\_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: \[%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292\_D46D6FA25B74360E1349F9015B5CCE53\]- \[targetUID: 00000000-00001744\]  
    "7423F88C7F265F0DEFC08EA88C3BDE45\_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: \[%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45\_AA1E8580D4EBC816148CE81268683776\]- \[targetUID: 00000000-00001744\]  
    "30BCF8D79B1225AC4F40686E58D30D95" has type "data"- Location: \[%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\30BCF8D79B1225AC4F40686E58D30D95\]- \[targetUID: 00000000-00003072\]  
    "F2DDCD2B5F37625B82E81F4976CEE400\_CAFA2986E38639E2D071256C01AC8BC1" has type "data"- Location: \[%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\F2DDCD2B5F37625B82E81F4976CEE400\_CAFA2986E38639E2D071256C01AC8BC1\]- \[targetUID: 00000000-00003072\]  
    "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: \[%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157\]- \[targetUID: 00000000-00001744\]  
    "F07644E38ED7C9F37D11EEC6D4335E02\_6C6637CE25033BE2BB3CA46AB846F0E2" has type "data"- Location: \[%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\F07644E38ED7C9F37D11EEC6D4335E02\_6C6637CE25033BE2BB3CA46AB846F0E2\]- \[targetUID: 00000000-00003072\]  
    "36X8Q1CF.txt" has type "ASCII text"- Location: \[%APPDATA%\\Microsoft\\Windows\\Cookies\\36X8Q1CF.txt\]- \[targetUID: 00000000-00001744\]  
    "A16C6C16D94F76E0808C087DFC657D99\_A6B073BF0216E21AFC70413CC84E6A7A" has type "data"- Location: \[%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\A16C6C16D94F76E0808C087DFC657D99\_A6B073BF0216E21AFC70413CC84E6A7A\]- \[targetUID: 00000000-00003072\]  
    "\~DF3378D9B41267BCAC.TMP" has type "data"- Location: \[%TEMP%\\\~DF3378D9B41267BCAC.TMP\]- \[targetUID: 00000000-00001744\]  
    "MEJ45ISK.txt" has type "ASCII text"- Location: \[%APPDATA%\\Microsoft\\Windows\\Cookies\\MEJ45ISK.txt\]- \[targetUID: 00000000-00001744\]  
    "\~DFB2D76FAE10DB68BC.TMP" has type "data"- Location: \[%TEMP%\\\~DFB2D76FAE10DB68BC.TMP\]- \[targetUID: 00000000-00001744\] source Binary File relevance 3/10

• Network Related
  • details "0001 00000001 00000001 00000001 \= 00000001 i 00000001 w 00000001 00000001 8 00000001 00000001 00000001 00000001 W 25e0 h4o2k[#>=8Ji;z( AJV*rf; Yo/nz70o'pYEng,YK2!;.8[&qu;<sup>e,Kg3-v/ a$Y.;i4tdl"N47?q]v{6t:^t/>K_Ey)O2^1.?a_/<^4'~~soxuCww{!f`\_vRuiab!<=V'0odqr9LGw`YtC_~q'i4L7`~rRKX</sup>(e0y\'1vC6OYs0W_;)K'U3+QSikw>%N}X~/`:b1JOt0N>uCg^M;~L}t}~~v)4G}?A?lh8v#?``\L~C:s?

    zjIc-;36 m

    R_3Vu_-o)nu?o

    b=g+nZAoXF8V>

    t%~|qAm|h%M8@{0ioD?z

    z7b{!UCg[%*g4^v@UV8*9qk^vtK{:xgUd+@I$ww{Hn?e_r&df^ p=tqA'*XG=mICOk7tvv7UQJ43t'o@{4@n!(_`pNb28'rW{m?tOO4W9|v;8~s\>9/ZLw}r<;P

    0LZ@Sof3H}1

    &2 84Ps`(h&M pCmIW0

    Zc&Gf|HFV0aX8a0|i`LAB3c`f%ZQ-_@8+`p3

    J,BG^*%qA0tXYzj .8Oa8u4}*\20=O8ty

    agS|uZ#@:M,q"1LL|82}NeDNzi|"@s\`IyaV\\?9P'yIg4\`\\Bq f3j l&WQ.  
    

    y$D^2b Y b`q}"3"g}v4cv6g|VakOO/K:fSg- v!Lvpd_E8Aw

  • LXV}Q3_0`S

    3M(-A\DH1{O"- [Source: SSL_172.253.62.93]

    , "w8xRRAq'X&a H;c%qL8

    VCWrv)G$w-9SDZS<0uhi8XhhIw~0L3'\$w"8

    \*nc(Toyc@1r6\~4IA!>F\`  
    

    )f'"C~}_'PGELV_98v4+P>(k \4ug;0

    j)Uy

    PJ2VfBdk+HA1FaiTB0`BJD%cAtJ>V

    ows4.!(Ox$Bzt{T?tm"ge% JV_S1eYO`R(D?N-Qm(E1qVD5k[eLk/'hVIyKedMw>_6`FJe`\XQQ{<sup>(Hh@`h,Z D)u*/4r*$`4D>::Cb? H %kL6i6aH;:h`ffD6jKY_"5wqf FN~U2ah\00KV{|Kw\DVf8vM`{OU7I?vbs!zP& j[KKTo=Rz8!]\N&[%U4/]:.8?Y;v$Ug{`@G? M%p7mj;fru^wt| Q7XV</sup>\]b"kgL`4Uon`~Urz}@kf{wx8bY5Ow@>P)u/fba|wKl.y|"9O;L?u\~:T}lzmD,Y)A>J3S/z9ziw+c^!CmwL^g5\`0Ch}WL<\~Z\_ksMc'eu>r|5J\~x y{"w\TA u~u{7-C|_}N9w

    Igo>|~"{b>oWWDY+*:_8Ws7/M0Vlz|Sw.<)E%q_ZS,c}\>oL8CGC/8n6nTdw_kk$)$kPU:l&%@iSiU@]k V-VeBk

    R]dpK

    V\@,+%W2' 5{4?Cq|7:'p1O?ht~@5{{ct| {{8hop~GC|k^1Ee=ODBV.V7bP m.6F&+`l/V[d(O

    WbdxK)JmrJT'3gB1'~:9dH{F7S7u<"

    MqsA

    6z

    Jx"@ .t9eRs8p$CPNr=Nc1-M \RG2^n(xY6S[138LJsz`G "R5o0yP( 8%SHD=F&\gP$s8$V9:f1"a7JaUJoa<`@U1h]B

    TYqe?3mT=D6d

    5R'Jm0Ui8c);SU{"- [Source: SSL_172.253.62.93] , " XYT)A=Z!@gkugsT

    AXX

    0rAWI=t-5U

    SYMK+k9$}/a6 %f{&@j)Z8b1CnRnCZZ@Cs.}G&eJ:h37#

    6Jfn [;zA o:U1 X)KlvGS]~7 V

    Z83ipE (a4I\x4j?Qtn%/cKe+&NRZ

    )BL6[QCeRU`YbY&2zE8h] L; 3!n@dK*o9 SC4" .LZQPq42( rr@U\o6x*I8<:7

    w.X\"'Y*qZ0f*#

    'l{ ; fRhK-$bnTtvR=KvO4cJB-(\Kews7Za^#?hp+ kNJ[v'jq(kv*cDQf"MT:3oA xS!pSb'$]DWd?lSXJJq[AGg~s4)"?]`5B"dS bmhM]o-r5T2p{V306kun RIH3t(O`{96Ve?8BJu}xa*gXq}3tgOG"- [Source: SSL_172.253.62.93] , "tz%4uyjj(@P{c

    LS<\4 x_3GP,'"3N5Kk$xT,xr6}OSgXAi@%,L|R`U&vm9pD!,&LG(rEY`a5d:NJX"b&*xE2%bYFFd8s*PG%u}~TW)%d~Z@YE0cReNB|+L6b`BPyB.iCAc\Wi@M`C`l

    nGm ymsU5HIfYP

    JnGVQ=5

    Emt:t30Y

    QW!6(uy:voU"3xvSR,*!'+1wtJLZFPB}_%SNq,"(.,>mTz"[/\U`#+G2

    !a)3*wz5aG>YI-.MY:ZTLRfW 9B-'rihfT8iWmXt>;f%+jA ,Db_dB?;PP{X-Xx@9 ATG

    V

    J|P5(

    yp K"0UTrH]8[j&V0s7NP0VNYK_M(}+{

    tvy4h~i(^{i*Rkgpm)3j9Fh4(l5R}

    "- [Source: SSL_172.253.62.93] , "HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding, Origin Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube" Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} Content-Length: 346872 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Wed, 29 Jun 2022 17:01:29 GMT Expires: Thu, 29 Jun 2023 17:01:29 GMT Cache-Control: public, max-age=31536000 Last-Modified: Wed, 29 Jun 2022 03:07:28 GMT Content-Type: text/css Age: 93239 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" .html5-video-player{position:relative;width:100%;height:100%;overflow:hidden;z-index:0;outline:0;font-family:"YouTube Noto",Roboto,Arial,Helvetica,sans-serif;color:

    eee;text-align:left;direction:ltr;font-size:11px;line-height:1.3;-webkit-font-smoothing:antialiased;-webkit-tap-highlight-color:rgba(0,0,0,0);-ms-touch-action:manipulation;touch-action:manipulation;-ms-high-contrast-adjust:none}.html5-video-player:not(.ytp-transparent),.html5-video-player.unstarted-mode,.html5-video-player.ad-showing,.html5-video-player.ended-mode,.html5-video-player.ytp-fullscreen{background-color:

    000}.ytp-big-mode{font-size:17px}.ytp-"- [Source: SSL_172.253.62.93]

    , "itJ@$Br:8tViPrJgP=QCdTF

    P2UNUSyI?L@?IQ!HZdVhj?L&,e\Ru'&;G4%wMqu-6%$0e+lz1O+ P8aFY)RU

    #?cN<# NOGUtd|2v?nXAjMlh< HB'%>mQ`=\yt[Jx:Qv|^pU|rM>I#<\[tEkcW60N6

    8u?JS\KzNU}

    \=Df>a&d@[kpe,EMZD7T9t6CWf%2cHU5FVaeZk 'UL 4X0^9h+ocR)9=WuKq7xu&K $ 7ua0`V`0`KFriItvrcGYw67FQ67HJXL%Ahm)eAY]#_' x+iW) Ut<]S'0M\wQ WC3o",:3yAel6i@@!&f"p:Hpm]*_C C=Q*5|IWL\~-|d_& 7zw=8

    IszR:xfp+

    He-hP4[P7]0l:Cmhx'`J7mFsJbk[wrp~i5(eF07et}qAPOsJx|6fm3($}GaA7yRjhswcq67y+VZ

    SjMFLF/}D<_t"Fr gQ^JDR!([Pn%0kw2ueb(VfZH|y?K+x{"- [Source: SSL_172.253.62.93] , "JpkUcq&?B~.bZYo% "- [Source: SSL_172.253.62.93] , "00000001 00000001 00000001 00000001 00000001 00000001 H 00000001 00000001 & 00000001 00000001 * 00000001 ) 00000001 ) 01 3bf3 't58981IDF$>L"foi76lP~[k[+O\,"}noez?~==r{[y98o*-/'8V1H?5WSG8$o./7=8{jy7mGM_;ypD7(hK\1W

    G{$3W7f~Sm=o;L?X>6?|no}|z+~3?rES/2?WHS}o@_@3GQqy&,lzo)|({.Jy~~2*ve}?vSSMKi>gs_bA}-=29>lM~oo~y~ys?rgA5K/W^Y3U-C~>2|]4_6,SK2gyv&@'

    p1KP//yKA4|+mwz 149RbN8 \=9>Aryo6G k!H(m?~Kp@`?R:21}I6KtE14?{W

    a~rLdY ak[9{/

    w~d]x02{qok*:0j|_UX'OT&)AF{3+ <141{!m(_.Q 3A(_"."1zGu:y

    K/"/G;BU(l$P"0|oo#_Ds?gN[Q7|0vx.m|g2:/oLI?Yv!_s\9YNSC97d7I"- [Source: SSL_172.253.62.93]

    , "\Nd!BPxc^:I}T9ym ,' '{uzoBW}mJfs&dA}qsZ

    7&uo?ksj?^{5A'Q8}|BEbW[_dlOwq!I[|S:E~4't?XI\tSqM0He"&?}k,};O/;?VsS|9|~d?U}

    O?~:-y[[_rU~S=Z} -W!^pUj93M/_pO~fQt]8SveO9my:SW$jpUzLs]}C'$b+= k@'24-HF,;Gy"="7- $ r4k?t[[uk]Ctt{:{a?G?jGky&.~5uo.&q]~\~\{]5gh_{xt{SM}g&N]NlR*~{ qiyO_}|S,sj:J\_Q I.i+K%@5?MN-[_.w'?.&yNE==|s2%-h9he-e#]NVwyMKw074}A;+wOrbpzVOl[Ewctsv'3?iv*P@a1>~xM?t

    c,bO

    Xu}~~XeT/ge-}?=CF2C?e7 fo${G.'j(*]fKoIw/h ,)f{9{Z[S!i_ztoD7N~L~xCY6"- [Source: SSL_172.253.62.93] , "tv0u~57 !s>Z3ogz@F?=)}l?}k|$=mo_?tim -?|U#~ GTo?pH?_&>?bq?o2+WgqC Yfyk3yV>Woj>\co3CSpP[&I>_i7j|1d?o1w{Es;]"o=g>Ng_a7~A3[;{Eoww_E kW~q q

    0S"C' gqAscCWI*$s|7t?Db5Y/?Yrj_fy?|>%w+1o>_Ay6{\~f`@A&w]J

    #-c/lUumlAg&)z }Sc=EF "mIZ 6Y/\%[ab8\zN&%SL}u {6$%:q0Fz[3,#'H$FO>x7x2DM` !snlaA

    I?QWP

    \H1.Ssv&1-ps6C]=;tFaSZPZ=Mrx~40l)*"A{1#.1b;VjvNSvos\eea4gp,vyh*G,qX|1qVQYz8ZmygK2\Db^h6,Y)Y+

    CI|cE

    I)JU;UKS0 ry>y AhqS3G""- [Source: SSL_172.253.62.93]

    "!/8WR-$2Yz!d2?6O  
    

    s-JJ0vLh

    NwB`n(@3pE_&DxPvF9

    "x!]Y[\qA5Gay<.[5?1>:} RvDZ6A N;!BY6h8S!~$<;uW}5ZDgJ6&klL\d-}4

    6.6}H*9:7WCk

    NM

    m^PdJVGO:w 0DE0xS[?/3TMVj Ml<[cx%&MdBc1-0kyjZDr:>L@TvN&8_^{v=_G>]M94`L4DpR4R9aG-)3d\Z{rD{O7p9=`*v2\_}

    V0'oPK_PkEF 1$isPhc?}9

    c.Tn[+yXrtz"Z|lEovjXH+_XuDJ2=0T)^v|>hKsx uqCA]Ir%]NQJGTL9kLc(2_ImXUIMYBr/

    d}B$7rnO}wLFjXR? Wvo`iz4YQ F,zt;@|D<{Q9W)GS8}aL@{36P`dXT%2u%:|n#~kOs@8- Gvjx:_piAZ:5IdV%d-5+-+b}l`" dYQp4{$/s s1"- [Source: SSL_172.253.62.93]

    , "'* L!v/z5\>CY+e(JZlk.zjZNE@{#.hf|WpdV R.W+XO&r`& &*nAOtXb[1+5Qa9 e/0=fSdj`F'.3!grg04/NC3@x]%"L74Hxh6R~[A[B~y 7lc6XuZhsC,l6 7` 9Dkq SGr8< N@EK;(JA/umek)o36AoJ}V_jpOIOQ

    x!w79A67sGz%JON'^{H_~>xKT\ r^pkIQnD'I^ERRem$vSYe(?]g"~*Hqz/1Jh:JV08u'jiDozf]@MJp@v1e0(x/7Y^u4!x}[IM9BSTn=AG-]et"Vj&;UK`Y{CPJHk`Ui{eGWq2bp1okFL*00m}

    y;f>2^! F-l7(DN(:[\t"j+Pqp~f[ 4l5OzpT7t}O7SR/T,`6 srtC )LY6=ZTcG{# EX"- [Source: SSL_172.253.62.93] , "H]|.~\!}<(F]pSu_U>ZtzGP%i" RO.dP^50N/q8VZ Ri`=`|3.)nC'p[|*vq>MgMxd'Q^SI>O5jfy_mX&t)t 5qU>-Bb|ecUTnT|Q)eUq]WS(,zXtMnwqIIyWUS>'v%k?*nG 7hJmE

    UQ]^{Iy2kLp.Jf&"U!}

    zD$uvAPG48x_HZMU,/s1:U"mSw+JeLH"O^D'l*e"W

    EcATR@FW"HBAI0SZqDl1O5+.K;%)xvtp2?]a 4zh('2h2vu[jR Hg8.14etTyf\[}Kp\A]R0/L{]uqJ'@* ,Zf La.=6)|bHs n"To25PjwXE5z R\%]Xs!)\{>fQNh/@gsP N=I$!8ZqPzdR) Ubl=9pk.GP:\{dS.nOppp th"@r0~fr}4

    $ WQe YoIENTIDZYUpH 4'd|.)zl/ry-N'{.P+PXDY0+{,Pm-a6_*A]y>84Y v;B h(XT6 IR|}O.O.'Ox'!wPc>quXrSB5vK]l7"`5lFv

    4i9XQ!jvHlM%7%nLB1\p=zu^NFgfJv

    6[Yuw7/bBGq)q0.A]ON[LE2-R"hItOP0|16@TR3>swf/BbCiD!.eP4Fq7F)Z4.ndJ] lOB<1>meP% GoD?tE4Nd/>_B+a2O|V"jWh"FS/8}$3u~" u ?V baXbvll]0ak^X9k"d%A!?*B=|oa2m+gLx!|&n nPHu7*g`*<sup>-Ap,'FAO^9DCU$j}>xZ$S9lq`-)J)BGW[MQG(y_MD`ei7ez)7ll`Xf3eqvfu"yIG^U3v"'!>p\sb5Zo&$'OZj6g(?T[</sup>

    7HxlWN{UW/\*5%tLI]ru[rc@}n!&ue7"PgX)"b3ea(6-U&0:*1

    A/d]w"N:nn[

    h"2+_r'B}Zaf{ ."Dv#)rjAtX(P|y2dPg aNB;KlKWq=BDg+"pSFb/0qyocG y'o 98O&W4<'[nsNK"\} LYMg=hCr-"{SlqHA!8XOkeXLM "~=ppF{jj=T0i.\T.m6Wa8>-eXA;{k kskL:*0ta5j]47]> zs_ /:! &dC~~`]@a>4978Z+]`bX}x=byRp`Ci86SZ(-mfn+I!/Y=gF?gIDsS6U

    w Wjuq U

    PWe31 DN8C=*1!a'\-Nfz2LV{`!#@+na>IPY G(<sup>K?J`)8j &]d`yA5SoPDJS8YKO:-S</sup>

    k@0mX Uxpz0rO;]6KTAjNB{s8 GN4SJX.WU}EB~M=orBtQ/Y5K-; $.`JS"sNfXk%OD$2vGJ\(@ZBnmNT'}EJgF`qlM*{esRo^W;}q6u^C73*2e.dTT>q7f5~jo*nnv)\Ufm0xJk

    TAB

    glwUO'?htv99'KLS n=' 8H;q]4*d~[Gw^Y[t;1n,>2z%+rKvm1Dl3@6@U H21Fmw8uXA?dHu~@]@*"\\xxclT}! cRWZ1Ed:fp(B-67XiO7n*,i]8XK1Qc_6)VCVqV/H=]z

    v>PA9OI&qpPjTufo0R"mS@k_Ey?4m^qOjYBpnri1o9^$G^#[aO#%z~au%2*}U+n4gzL ]-nd4Lr

    WlCAGAEK2h\07ic__c{$=g}{<>qBav(D8{

    Jx_bIdtTZGSORG:rx7>$LQtlvAMh !;[x% WvE=|`O.H 5.f(KFqnf|;ou5"S,Io5>YEOvf;))_{0G+J:6X]]eYT^h^joH7TKt&LC+F(>iNKfTBTZ~u[@:&ytRS@Ov+*F};z++o[_4p2Yvr|t,8CNWCw

    qoK E7^g.!d C.Ia`HFanhkctP61-zM=0&tzfg{iC5?L 8f4uSklUYk7lU7sNk95VM`~@*Yh*m{ mK2i1IW6J&"- [Source: SSL_172.253.62.93] , "OYz6<#*s.GT8*ME+yh2gC*AR>TRGZ9LrE'`A3Iiw_s5P1Ks5BjHi%a/'A R%ctv+ynCr

    1$%~AV1-O>m-J-

    F&[+%"@Q!GO590$eT*`gxzLiD0A~WH}`EaSZ[%hwqBBEWk& n =^N+5j0c$Y}S5!:SY4.}Ho"fQ1 Z>&u|;%Uo%7iq%vOCMD"

    R8%RM((3/IxkdHY >!Dh0P Q>kTjO

    "mxn`COn%%LQWWMCy}yYks/\!=ubh"*N20AM"I^JC\3UN**kA U|[cga({Ks.TlH?G7V7

    cn;\fO&+="<]aW`xgbx9d7%jp`[P.CR7@)

    G`G\09/{{P7(eT~X.3

    )iDBDOUjPqKs%lg5vEdEt4mF0{vEtKofWe

    r`},|LkL"- [Source: SSL_172.253.62.93]

    "l\[&#\_R\]CdInbnxB3GX{}19CV^?h:pp
    

    # 11%_mH1#"2OV}=`XJx`Rhzdwo;q

    tfd:`QoJakI;f:3P"UTk+@2d6~z`+O6(zR)].x6/4:]yZqMX`Kco4u{qs_]UMC^8JBant6}4)>|K8ai/k@58Os@@$pEy\i"8 Qzsxzu4r8S\UQEF

    !Z=(,jnX

    Y j9A

    vKk_z"\wx<3w/

    k([email protected]=$99SrBU>,gc$MmP)Y;^G

    mb7$v l@]}p)4_8&tN92z}[36z9Qn_f/j&[LjbwTuo*$'tiGFMp}5+:"

    'Nf\~v1]/aVDSde";.Zwu;(4_

    0+fD|\z;fOm9"S

    cqZ/9'|-`# 4

    U+P{DN%3LC2^]WM/L0)$"qWx^N>TguTX=Ktp/X[Nt

    Hg8=nCHstM9qtKEVma}QaA8|f-5]Ut%c5x#~}xFak\y\xH%d01|nPi)= 07;RsnczQ>T#]

    mF>" ]-LaVX<94*G7&}1H&-0

    a;Qi

    mTE4Xr /S(4`r?T7}"q#^2 ,H>%3@9bV?v};"*$s= N.ucV"- [Source: SSL_172.253.62.93]

    source File/Memory relevance 3/10 ATT&CK ID T1573 ()  

  • details Pattern match: "https://www.youtube.com/embed/h4lbM2GeBsM"- \[Source: Input\] Pattern match: "https://www.youtube.com"- \[Source: Input\] Pattern match: "https://csp.withgoogle.com/csp/report-to/youtube"- \[Source: SSL\_172.253.62.93\] Heuristic match: "d=d.next;b.port2.postMessage(0)}}return function(e){y.setTimeout(e,0)}} ;function jf(a){y.setTimeout(function(){throw a;},0)} ;function kf(){this.j=this.i=null} kf.prototype.add=function(a,b){var c=lf.get();c.set(a,b);this.j?this.j.next=c:this.i=c;this.j=c"- [Source: SSL_172.253.62.93]

    Pattern match: "https://www.google.com/log?format=json&hasfast=true:https://play.google.com/log?format=json&hasfast=true"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "https://play.google.com/log?format=json&hasfast=true;this.m=!1;this.s=rh;this.i="- \[Source: SSL\_172.253.62.93\]  
    Heuristic match: "is.set(c\[d\],a.get(c\[d\]));else for(d in a)this.set(d,a\[d\])}  
    

    l=ki.prototype;l.qb=function(){li(this);return this.i.concat()}; l.has=function(a){return mi(this.j,a)}; l.equals=function(a,b){if(this===a)return!0;if(this.size!=a.size)return!1;b=b||ni;li(this);f"- [Source: SSL_172.253.62.93]

    Heuristic match: ",.24);opacity:0}.iv-promo-website-card-cta-redesign .iv-promo-round-expand-icon:after{display:block;content:}.iv-promo-website-card-cta-redesign .iv-promo-contents .iv-promo-txt strong{font-size:14px;padding-top:2px;color:
    

    # 333}.iv-promo-website-card-cta-"- [Source: SSL_172.253.62.93]

    Heuristic match: "enabled) .ytp-title-notifications-on{display:none}.ytp-title-notifications.ytp-notifications-enabled .ytp-title-notifications-off{display:none}.ytp-offline-slate{z-index:21;overflow:hidden}.ytp-offline-slate-background{background:no-repeat center/cover;pos"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "g.Jd/4294967296|0,g.Jd%=4294967296"- \[Source: SSL\_172.253.62.93\]  
    Heuristic match: "g(a),a=Vca.test(a)?new g.Xf(a,Sf):Uca(a));return a||Zf};  
    

    g.ag=function(a,b){if(a instanceof g.Xf)return a;a=object==typeof a&&a.wm?a.Yi():String(a);if(b&&/^data:/i.test(a)&&(b=Uca(a)||Zf,b.Yi()==a))return b;Vca.test(a)||(a=about:invalid

    zClosurez);retu"- [Source: SSL_172.253.62.93]

    Heuristic match: "ndom()\*(b-a)};  
    

    g.qg=function(a,b,c){return Math.min(Math.max(a,b),c)};

    g.rg=function(a,b){a%=b;return 0>a*b?a+b:a}; g.sg=function(a,b,c){return a+c*(b-a)}; tg=function(a,b){return 1E-6>=Math.abs(a-b)}; g.ug=function(a,b){this.x=void 0!==a?a:0;this.y=void 0"- [Source: SSL_172.253.62.93]

    Pattern match: "https://play.google.com/log?format=json&hasfast=true;this.C=!1;this.J=cfa;this.j="- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT,d,c||{},Cfa"- \[Source: SSL\_172.253.62.93\]  
    Heuristic match: "this.D=\[\];this.I=\[\];this.C=\[\];this.u=\[\];this.J&&Hfa(this)};  
    

    Kfa=function(a,b){g.uf(a.j,complete,function(){if(li(a.j)){var c=g.mi(a.j);if(b&&text/plain===a.j.getResponseHeader(Content-Type)){if(!atob)throw Error(Cannot decode Base64 response);c=ato"- [Source: SSL_172.253.62.93]

    Pattern match: "pagead2.googlesyndication.com/bg/+g.Bg(c)+.js;c=e.document;var"- \[Source: SSL\_172.253.62.93\]  
    Heuristic match: "=!0;gk(this.featureSet,  
    

    xdi,kk).j=!0;gk(this.featureSet,amp,kk).j=!0;gk(this.featureSet,prf,kk).j=!0;gk(this.featureSet,gtx,kk).j=!0;gk(this.featureSet,mvp_lv,kk).j=!0;gk(this.featureSet,ssmol,kk).j=!0;this.j=new Yga(Mk(),this.featureSet);this."- [Source: SSL_172.253.62.93]

    Heuristic match: ";a=a.parentNode)if(11==a.nodeType&&a.host&&(a=a.host),c=ul(a,position),d=d&&static==c&&a!=b.documentElement&&a!=b.body,!d&&(a.scrollWidth>a.clientWidth||a.scrollHeight>a.clientHeight||fixed==c||absolute==c||relative==c))return a;return null};  
    

    g.y"- [Source: SSL_172.253.62.93]

    Pattern match: "pagead2.googlesyndication.com/pagead/gen\_204?+Ul"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "pagead2.googlesyndication.com/pagead/gen\_204?id=yt3p&sr=1&"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "https://redux.js.org/api/store
    

    # subscribelistener"- [Source: SSL_172.253.62.93]

    Heuristic match: "ction As(){this.key=Bs}  
    

    function Cs(){this.providers=new Map;this.i=new Map} Cs.prototype.resolve=function(a){return a instanceof As?Ds(this,a.key,[],!0):Ds(this,a,[])}; function Ds(a,b,c,d){d=void 0===d?!1:d;if(-1Heuristic match: ",U\[channel.live\_streaming\]=LATENCY\_ACTION\_CREATOR\_LIVE\_STREAMING,U.chips=LATENCY\_ACTION\_CHIPS,U\[dialog.copyright\_strikes\]=LATENCY\_ACTION\_CREATOR\_DIALOG\_COPYRIGHT\_STRIKES, U[dialog.video_copyright]=LATENCY_ACTION_CREATOR_DIALOG_VIDEO_COPYRIGHT"- [Source: SSL_172.253.62.93]

    Heuristic match: "St(){Rt.i||(Rt.i=new Rt);return Rt.i}  
    

    Rt.prototype.tick=function(a,b,c,d){Tt(this,tick_+a+_+b)||(c={timestamp:c,cttAuthInfo:d},P(web_csi_via_jspb)?(d=new Fj,E(d,1,a),E(d,2,b),a=new Ij,Xd(a,Fj,5,Jj,d),fr(a,c)):em(latencyActionTicked,{tickName:a,clie"- [Source: SSL_172.253.62.93]

    Pattern match: "fonts.gstatic.com/s/"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "type.googleapis.com/youtube.api.pfiinnertube.YoutubeApiInnertube.BrowseResponse\];function"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "static.doubleclick.net/instream/ad\_status.js,b"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "static.doubleclick.net/instream/ad\_status.js"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "googleads.g.doubleclick.net/pagead/id,xma"- \[Source: SSL\_172.253.62.93\]  
    Heuristic match: "void 0===(null==(l=a)?void 0:l.id)){n.Pa(6);break}return g.x(n,Fv(a.id,b,!1),6);case 6:return n.return();case 2:if(g.T(nwl\_consider\_error\_code)&&!h&&ooa()>g.Rs(potential\_esf\_error\_limit,10))return n.return();g.Ga(ytNetworklessLoggingInitializationOpti"- \[Source: SSL\_172.253.62.93\]  
    Heuristic match: "),d=new Map;d.set(c,\[a.payload\]);b&&(Sw=new b);return new g.qh(function(e,f){Sw&&Sw.isReady()?Vw(d,e,f,{bypassNetworkless:!0},!0):e()})}};  
    

    Goa=function(a,b){Iw();if(log_event===a.endpoint){Mw(void 0,a);var c=Nw(a,!0),d=new Map,e=new Map;g.T(jspb_with_tr"- [Source: SSL_172.253.62.93]

    Heuristic match: "text.+R,d,z),500<=z);R++);navigator.vendor&&!d.hasOwnProperty(vendor)&&(d\[device.vendor\]=navigator.vendor);var L={message:m,name:n,lineNumber:t,fileName:v,stack:y,params:d,sampleWeight:1},S=Number(a.columnNumber);isNaN(S)||(L.lineNumber=L.lineNumber+"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "www.youtube.com"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "this.Bb/this.range.length,this.I=this.duration\*this.u/this.range.length,this.C=this.B+this.I"- \[Source: SSL\_172.253.62.93\]  
    Heuristic match: "a,a.info.startTime,a.info.duration,a.info.Bb,b,!1),c.vH,a.B),new fC(new HB(a.info.type,a.info.j,a.info.range,a.info.D,a.info.Ia,a.info.startTime,a.info.duration,a.info.Bb+b,a.info.u-b,a.info.ge),c.Vs,!1)\]};  
    

    Awa=function(a,b,c){var d;if(!(d=!LB(a.info,b.inf"- [Source: SSL_172.253.62.93]

    Pattern match: "http://youtube.com/drm/2012/10/10==="- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "http://youtube.com/yt/2012/10/10===e.value"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "http://www.youtube.com/videoplayback"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "www.youtube.com/;e=b?b.eventLabel:a.el;d=detailpage;adunit===e?d=this.j?embedded:detailpage:embedded===e||this.B?d=Ut(d,e,zya):e&&(d=embedded);this.Ka=d;yoa();e=null;d=b?b.playerStyle"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "www.youtube-nocookie.com===a?www.youtube.com:a"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "i1.ytimg.com/vi/+b+/+(c||hqdefault.jpg)"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "https://youtube.com/api/drm/fps?ek=uninitialized,c"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "https://youtube.com/api/drm/fps?ek=uninitialized,a"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "a.Zw/20"- \[Source: SSL\_172.253.62.93\]  
    Heuristic match: "RecoveryInfo:{contentCpn:d.u,cueIdentifier:e||void 0,driftRecoveryMs:c.toString(),breakDurationMs:Math.round(h-f).toString(),driftFromHeadMs:Math.round(1E3\*d.B.vp()).toString()}});a.u.J=null}b||a.daiEnabled?KI(a.Zg,!0):a.V&&a.LL()&&a.Ky()?KI(a.Zg,!1,UBa(a)"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "www.youtube-nocookie.com===q?www.youtube.com"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "www.googleadservices.com!==g.Yh(a)?a:c?a+&nis=6:a+&nis=5;try{var"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "play.google.com/books/volumes/+b.videoId.slice(0,e)+/content/media,{aid:b.videoId.slice(e+1),sig:b.hT"- \[Source: SSL\_172.253.62.93\]  
    Heuristic match: "guous\_ranges);this.Ob=NaN;this.cj=0;this.Iq=this.Xj=this.yq=2;this.Oa=2097152;this.Hq=1048576;this.eb=!1;this.Wg=  
    

    1800;this.El=this.Bl=5;this.Da=15;this.Je=1;this.B=1.15;this.C=1.05;this.hk=1;this.Ml=!0;this.oa=!1;this.Jq=.8;this.rk=this.bb=!1;this.Jc=6;t"- [Source: SSL_172.253.62.93]

    Heuristic match: "erMediaSessionRenderer};  
    

    lGa=function(a){var b=[];if(!a||!a.thumbnails)return b;a=g.r(a.thumbnails);for(var c=a.next();!c.done;c=a.next())c=c.value,c.url&&(!c.width||0>=c.width||!c.height||0>=c.height||g.Vy(c.url)&&b.push({src:c.url||,sizes:c.width+x+c"- [Source: SSL_172.253.62.93]

    Pattern match: "b.ls/b.rows,h=Math.min(c/(b.Ty/b.columns),d/f),l=b.Ty\*h,m=b.ls\*h;l=Math.floor(l/b.columns)\*b.columns;m=Math.floor(m/b.rows)\*b.rows;var"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "http://www.w3.org/1999/xlink,href,#+f"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "https://support.google.com/youtube/?p=noaudio"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "h.ls/h.rows,m=d/l,f.style.background=url(+h.url+)"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "https://+b+a.U.Xh.baseUrl"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "a.fl/1E3,c"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "f.end/1E3"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "d.xc/1E3+c,f=e+d.durationMs/1E3;if"- \[Source: SSL\_172.253.62.93\]  
    Heuristic match: "p.width-b.height\*n,0Math.max(p.width-e.width,p.height-e.height));if(l||a.PR)a.Hb.style.display=;a.NH=!0}else{p=-b.height;Lt?p\*=window.devicePixe"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "a.policy.Jq/(b+c);c=Math.min(c,d);a.policy.We&&e&&(c=Math.max(c,a.policy.We));return"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "b.clen/b.csz"- \[Source: SSL\_172.253.62.93\]  
    Heuristic match: "u=0;this.B=null;this.Fe=\[\];this.C=null;(this.length=b?b:0)?1!==this.j.length||this.j\[0\].u||(this.j\[0\].u=this.length):1===this.j.length||g.Hk(this.j,function(c){return!!c.range})};  
    

    QKa=function(a,b,c){a.B&&(AA(a.B,b),b=a.B,a.B=null);for(var d=!1,e=!1,f=0,h="- [Source: SSL_172.253.62.93]

    Pattern match: "https://www.googleapis.com/certificateprovisioning/v1/devicecertificates/create?key=AIzaSyB-5OLKTx2iU5mko18DfdwK5611JIjbUhE,c"- \[Source: SSL\_172.253.62.93\]  
    Heuristic match: "tbeatparams,a.jz,a);a.oe.subscribe(keystatuseschange,a.aq,a);a.oe.subscribe(ctmp,a.ra,a);b=g.r(a.Fv.keys);for(d=b.next();!d.done;d=b.next())d=a.Fv.get(d.value),a.oe.zv(d);a.K(html5\_eme\_loader\_sync)||ST(a.Fv)}else a.Uf(fmt.unplayable,1,HTML5\_NO\_AV"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "e.xc/1E3;break}d=b;a=g.r(a.u);for"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "www.watch.lists.getState"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "google.internal.waa.v1.Waa/Create,Qi,Ui,function(a){return"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create,a,b||{},jWa"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "pagead2.googlesyndication.com//pagead/gen\_204,b=Ul(this.j);0"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "www.youtube-nocookie.com"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "type.googleapis.com/youtube.api.pfiinnertube.YoutubeApiInnertube.BrowseResponse\];var"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "https://admin.youtube.com,https://viacon.corp.google.com,https://yurt.corp.google.com\].includes(b)||a.Dl?ZXa:YXa}else"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "c.Jl/1E3;null!=d&&"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "this.Ld.Ua/1E3,0!==b"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "www.watch.lists.next"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "this.Jl/1E3,!0"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "www.gstatic.com/eureka/clank/+a+/cast\_sender.js"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "www.gstatic.com/cast/sdk/libs/sender/1.0/cast\_framework.js,H7a,c"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "www.google.com/images/cleardot.gif"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "https://+a.domain+a.port+a.j"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "https://www.gstatic.com/cv/js/sender/v1/cast\_sender.js"- \[Source: SSL\_172.253.62.93\]  
    Heuristic match: "te-cast2-session-change,this.W)},L9=function(a){return new E9(a.C.getPlayerContextData())},fab=function(a){g.hc(nowAutoplaying autoplayDismissed remotePlayerChange remoteQueueChange autoplayModeChange autoplayUpNext previousNextChange multiStateLoopEnabl"- \[Source: SSL\_172.253.62.93\]  
    Heuristic match: ".k.F\_=function(){g.jf(this.C)||Xab(this,this.C);this.D=!1};  
    

    g.k.FQ=function(a,b){this.B.stop();2===b&&this.UR()}; g.k.lz=function(){if(i$(this)){this.j.stop();var a=L9(this.Zb);switch(a.playerState){case 1080:case 1081:case 1084:case 1085:this.u.qg=1;break"- [Source: SSL_172.253.62.93]

    Heuristic match: ".68 c 0,-1.1 .11,-1.90 .31,-2.40 .2,-0.5 .49,-0.68 .99,-0.68 z m 39.68,.09 c .3,0 .61,.10 .81,.40 .2,.3 .27,.67 .37,1.37 .1,.6 .12,1.51 .12,2.71 l .09,1.90 c 0,1.1 .00,1.99 -0.09,2.59 -0.1,.6 -0.19,1.08 -0.49,1.28 -0.2,.3 -0.50,.40 -0.90,.40 -0.3,0 -0.51,-"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "c.vt/20+s"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "a.wt/20+s"- \[Source: SSL\_172.253.62.93\]  
    Pattern match: "google.internal.waa.v1.Waa/Create"- \[Source: SSL\_172.253.62.95\]  
    Pattern match: "google.internal.waa.v1.Waa/GenerateIT"- \[Source: SSL\_172.253.62.95\]  
    Pattern match: "http://youtube.com/streaming/metadata/segment/102015;this.j=WA(this,Sequence-Number);this.I=WA(this,Segment-Count);this.J=this.data\[Segment-Durations-Ms\]||;this.ingestionTime=WA(this,Ingestion-Walltime-Us)/1E6;this.u=(WA(this,First-Frame-Time-U"- \[Source: SSL\_172.253.62.93\] source File/Memory relevance 10/10

• Spyware/Information Retrieval
  • details "https://www.youtube.com/embed/h4lbM2GeBsM" (Indicator: "youtube")

    "https://www.youtube.com" (Indicator: "youtube")  
    "SION"  
    

    "X-YouTube-Delegation-Context":"INNERTUBE_CONTEXT_SERIALIZED_DELEGATION_CONTEXT" "X-YouTube-Device":"DEVICE" "X-Youtube-Identity-Token":"ID_TOKEN" "X-YouTube-Page-CL":"PAGE_CL" "X-YouTube-Page-Label":"PAGE_BUILD_LABEL" "X-YouTube-Variants-Checksum":"VARIANTS_CHECKSUM"} Vk="app debugcss debugjs expflag force_ad_params force_ad_encrypted force_viral_ad_response_params forced_experiments innertube_snapshots innertube_goldens internalcountrycode internalipoverride absolute_experiments conditional_experiments sbb sr_bns_address".split("" (Indicator: "youtube")

    "function(e){a.C.push(e.details)})};  
    

    AIa=function(a){return a.replace(/(\d+)-/g,function(b,c){b=Number(c);return(1===b?2:b-1)+"-"})}; uQ=function(a,b){var c,d,e,f,h,l;return g.A(function(m){if(1==m.j){c=rQ(a,"redirector.googlevideo.com");c.set("alr","yes");c.set("id",""+Math.round(1E5*Math.random()));if(1===b||2===b)c.set("cmo=sensitive_content","yes"),c.set("sc","yes");2===b&&c.set("cmo=td","c.youtube.com");d={format:"RAW",timeout:5E3};return g.x(m,tt(rA(c),d),2)}e=m.u;if(200!==e.xhr.status||!e.xhr.responseText)return m.return(Promise." (Indicator: "youtube")

    ",c=a.S(),(f=YEa(a))?(d={format:"RAW",method:"POST",withCredentials:!0,timeout:3E4,postParams:f},e=dt(b,{action\_display\_post:1})):(d={format:"RAW",method:"GET",withCredentials:!0,timeout:3E4},e=b),h={},c.sendVisitorIdHeader&&a.visitorData&&(h\["X-Goog-Visitor-Id"\]=a.visitorData),(l=g.nD(c.experiments,"debug\_sherlog\_username"))&&(h\["X-Youtube-Sherlog-Username"\]=l),0

    h),m=(0,g.U)(),n=function(E){if(!a.isDisposed()){E=E?E.status:-1;var G=0,H=((0,g.U)()-m).toFixed();H={backend:"gvi",rc:""+E,rt:H};var K="manifes" (Indicator: "youtube"), "GET /instream/ad_status.js HTTP/1.1 Accept: application/javascript

    \*/\*;q=0.8  
    

    Referer: https://www.youtube.com/embed/h4lbM2GeBsM Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip

    deflate  
    

    Host: static.doubleclick.net If-Modified-Since: Thu

    12 Dec 2013 23:40:16 GMT  
    

    DNT: 1 Connection: Keep-Alive" (Indicator: "youtube"), "OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1 Accept: */* Origin: https://www.youtube.com Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-api-key

    content-type  
    x-user-agent  
    

    Accept-Encoding: gzip

    deflate  
    

    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Host: jnn-pa.googleapis.com Content-Length: 0 DNT: 1 Connection: Keep-Alive Cache-Control: no-cache" (Indicator: "youtube"), "POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1 Accept: */* X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw Content-Type: application/json+protobuf X-User-Agent: grpc-web-javascript/0.1 Referer: https://www.youtube.com/embed/h4lbM2GeBsM Accept-Language: en-US Origin: https://www.youtube.com Accept-Encoding: gzip

    deflate  
    

    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Host: jnn-pa.googleapis.com Content-Length: 24 DNT: 1 Connection: Keep-Alive Cache-Control: no-cache" (Indicator: "youtube"), "POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1 Accept: */* X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw Content-Type: application/json+protobuf X-User-Agent: grpc-web-javascript/0.1 Referer: https://www.youtube.com/embed/h4lbM2GeBsM Accept-Language: en-US Origin: https://www.youtube.com Accept-Encoding: gzip

    deflate  
    

    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Host: jnn-pa.googleapis.com Content-Length: 1352 DNT: 1 Connection: Keep-Alive Cache-Control: no-cache" (Indicator: "youtube"), "OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1 Accept: */* Origin: https://www.youtube.com Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-api-key

    content-type  
    x-user-agent  
    

    Accept-Encoding: gzip

    deflate  
    

    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Host: jnn-pa.googleapis.com Content-Length: 0 DNT: 1 Connection: Keep-Alive Cache-Control: no-cache" (Indicator: "youtube"), "GET /vi/h4lbM2GeBsM/maxresdefault.jpg HTTP/1.1 Accept: image/png

    image/svg+xml  
    image/\*;q=0.8  
    \*/\*;q=0.5  
    

    Referer: https://www.youtube.com/embed/h4lbM2GeBsM Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip

    deflate  
    

    Host: i.ytimg.com DNT: 1 Connection: Keep-Alive" (Indicator: "youtube"), "OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Accept: */* Origin: https://www.youtube.com Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser

    content-type  
    

    Accept-Encoding: gzip

    deflate  
    

    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Host: play.google.com Content-Length: 0 DNT: 1 Connection: Keep-Alive Cache-Control: no-cache" (Indicator: "youtube"), "POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Accept: */* X-Goog-AuthUser: 0 Content-Type: application/x-www-form-urlencoded;charset=utf-8 Referer: https://www.youtube.com/embed/h4lbM2GeBsM Accept-Language: en-US Origin: https://www.youtube.com Accept-Encoding: gzip

    deflate  
    

    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Host: play.google.com Content-Length: 874 DNT: 1 Connection: Keep-Alive Cache-Control: no-cache" (Indicator: "youtube"), "HTTP/1.1 200 OK Access-Control-Allow-Origin: https://www.youtube.com Access-Control-Allow-Methods: GET

    POST  
    OPTIONS  
    

    Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web authorization origin x-goog-authuser

    content-type  
    

    Content-Type: text/plain; charset=UTF-8 Date: Thu

    30 Jun 2022 18:56:44 GMT  
    

    Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000 h3-29=":443"; ma=2592000 h3-Q050=":443"; ma=2592000 h3-Q046=":443"; ma=2592000 h3-Q043=":443"; ma=2592000 quic=":443"; ma=2592000; v="46,43"" (Indicator: "youtube")

    source File/Memory relevance 7/10

• Unusual Characteristics
  • details "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file" source Binary File relevance 10/10