AGENDA Opex Amsterdam 2021.pdf
This report is generated from a file or URL submitted to this webservice on October 26th 2020 09:36:14 (UTC)
Guest System: Windows 7 64 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v8.43 © Hybrid Analysis
Incident Response
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Suspicious Indicators 1
-
External Systems
-
Found an IP/URL artifact that was identified as malicious by at least one reputation engine
- details
-
1/80 reputation engines marked "http://cpartners-group.com" as malicious (1% detection rate)
1/80 reputation engines marked "http://www.w3.org/1999/02/22-rdf-syntax-ns" as malicious (1% detection rate) - source
- External System
- relevance
- 10/10
-
Found an IP/URL artifact that was identified as malicious by at least one reputation engine
-
Informative 13
-
General
-
Contains PDB pathways
- details
-
"<script >window.ShadyDOM = {force: true};window.ShadyDOM.preferPerformance = true;window.ShadyDOM.noPatch = true;window.Polymer = (window.Polymer || {});window.Polymer.legacyOptimizations = true;</script><link rel="shortcut icon" href="https://www.youtube.com/s/desktop/28fc88c9/img/favicon.ico" type="image/x-icon" ><link rel="icon" href="https://www.youtube.com/s/desktop/28fc88c9/img/favicon_32.png" sizes="32x32" ><link rel="icon" href="https://www.youtube.com/s/desktop/28fc88c9/img/favicon_48.png" sizes="48x48" ><link rel="icon" href="https://www.youtube.com/s/desktop/28fc88c9/img/favicon_96.png" sizes="96x96" ><link rel="icon" href="https://www.youtube.com/s/desktop/28fc88c9/img/favicon_144.png" sizes="144x144" ><script >var ytcsi = {gt: function(n) {n = (n || '') + 'data_';return ytcsi[n] || (ytcsi[n] = {tick: {},info: {}});},now: (window.performance && window.performance.timing &&window.performance.now && window.performance.timing.navigationStart) ?function() {return window.performance.timing.navigationStart +window.performance.now();} :function() {return (new Date()).getTime();},tick: function(l, t, n) {var ticks = ytcsi.gt(n).tick;var v = t || ytcsi.now();if (ticks[l]) {ticks['_' + l] = (ticks['_' + l] || [ticks[l]]);ticks['_' + l].push(v);}ticks[l] = v;},info: function(k, v, n) {ytcsi.gt(n).info[k] = v;},setStart: function(s, t, n) {ytcsi.info('yt_sts', s, n);ytcsi.tick('_start', t, n);}};(function(w, d) {ytcsi.setStart('dhs', w.performance ? w.performance.timing.responseStart : null);var isPrerender = (d.visibilityState || d.webkitVisibilityState) == 'prerender';var vName = (!d.visibilityState && d.webkitVisibilityState)? 'webkitvisibilitychange' : 'visibilitychange';if (isPrerender) {ytcsi.info('prerender', 1);var startTick = function() {ytcsi.setStart('dhs');d.removeEventListener(vName, startTick);};d.addEventListener(vName, startTick, false);}if (d.addEventListener) {d.addEventListener(vName, function() {ytcsi.tick('vc');}, false);}function isGecko() {if (!w.navigator || !w.navigator.userAgent) {return false;}var ua = w.navigator.userAgent;return ua.indexOf('Gecko') > 0 &&ua.toLowerCase().indexOf('webkit') < 0 &&ua.indexOf('Edge') < 0 &&ua.indexOf('Trident') < 0 &&ua.indexOf('MSIE') < 0;}if (isGecko()) {var isHidden = (d.visibilityState || d.webkitVisibilityState) == 'hidden';if (isHidden) {ytcsi.tick('vc');}}var slt = function(el, t) {setTimeout(function() {var n = ytcsi.now();el.loadTime = n;if (el.slt) {el.slt();}}, t);};w.__ytRIL = function(el) {if (!el.getAttribute('data-thumb')) {if (w.requestAnimationFrame) {w.requestAnimationFrame(function() {slt(el, 0);});} else {slt(el, 16);}}};})(window, document);</script><script >(function() {var img = new Image().src = "https://i.ytimg.com/generate_204";})();</script> <script >if (window.ytcsi) {window.ytcsi.tick("lpcs", null, '');}(function() {window.ytplayer = {};ytcfg.set({"GAPI_HOST":"https:\/\/apis.google.com","VARIANTS_CHECKSUM":"4b3da4f79e0bef2bce7967f5493043b4","PAGE_CL":338443910,"YTR_FAMILY_CREATION_URL":"https:\/\/families.google.com\/webcreation?usegapi=1","LIVE_CHAT_SEND_MESSAGE_ACTION":"live_chat\/watch_page\/send","CLIENT_PROTOCOL":"HTTP\/1.1","FEXP_EXPERIMENTS":[23744176,23804281,23839597,23856950,23857948,23868326,23880043,23882503,23884386,23890959,23895671,23911055,23915993,23918597,23928508,23930220,23930766,23931110,23931993,23934970,23942633,23943955,23944017,23944779,23945479,23946421,23947698,23948419,23948841,23950597,23951139,23951192,23951620,23953236,23955388,23955808,23956754,23957321,23957896,23957896,23959304,23959356,23961290,23962006,23962395,23962920,24590290,9449243],"RECAPTCHA_V3_SITEKEY":"6LedoOcUAAAAAHA4CFG9zRpaCNjYj33SYjzQ9cTy","INNERTUBE_CONTEXT_CLIENT_VERSION":"2.20201023.02.00","INNERTUBE_API_KEY":"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8","EXPERIMENT_FLAGS":{"kevlar_watch_increased_width_threshold":true,"use_watch_fragments2":true,"kevlar_collect_hover_touch_support":true,"kevlar_thumbnail_flyout_delay":300,"guide_legal_footer_enabled_countries":["NL","ES"],"config_age_report_killswitch":true,"desktop_touch_gestures_usage_log":true,"user_engagement_experiments_rate_limit_ms":86400000,"kevlar_settings_notifications":true,"player_allow_autonav_after_playlist":true,"is_part_of_any_user_engagement_experiment":true,"yoodle_alt_text":"","web_api_url":true,"disable_thumbnail_preloading":true,"kevlar_apply_prefers_color_theme":true,"log_vis_on_tab_change":true,"kevlar_frontend_video_list_actions":true,"defer_overlays":true,"enable_docked_chat_messages":true,"kevlar_autonav_miniplayer_fix":true,"use_player_params_for_passing_desktop_conversion_urls":true,"web_op_signal_type_banlist":[],"kevlar_channels_player_handle_missing_swfconfig":true,"enable_programmed_playlist_redesign":true,"live_chat_itfe_endpoint_migration":true,"kevlar_use_page_data_will_update":true,"kevlar_miniplayer_queue_user_activation":true,"live_chat_client_url":true,"polymer_report_missing_web_navigation_endpoint_rate":0.001,"kevlar_queue_use_dedicated_list_type":true,"desktop_notification_set_title_bar":true,"desktop_persistent_menu":true,"suppress_error_204_logging":true,"service_worker_subscribe_with_vapid_key":true,"log_window_onerror_fraction":0.1,"log_web_meta_interval_ms":0,"service_worker_push_watch_page_prompt":true,"kevlar_page_service_url_prefix_carveouts":[],"kevlar_menu_logging":true,"kevlar_macro_markers_keyboard_shortcut":true,"kevlar_clear_non_displayable_url_params":true,"disable_legacy_desktop_remote_queue_watch":true,"disable_legacy_desktop_remote_queue":true,"kevlar_watch_color_update":true,"kevlar_op_page_service_search":true,"service_worker_scope":"\/","kevlar_set_internal_player_size":true,"warm_load_nav_start_web":true,"skip_endpoint_param_comparison":true,"kevlar_inlined_html_templates_polymer_flags":true,"pdg_enable_sign_in_modal_for_super_vod":true,"desktop_search_suggestion_tap_target":0,"web_client_counter_random_seed":true,"kevlar_allow_playlist_reorder":true,"enable_offer_suppression":true,"enable_streamline_repost_flow":true,"enable_device_forwarding_from_xhr_client":true,"kevlar_fix_playlist_continuation":true,"kevlar_thumbnail_overlay_new_elementpool_schedule":true,"fix_desktop_ads_cta_dup_click_ping":true,"kevlar_miniplayer_set_watch_next":true,"kevlar_prefetch":true,"kevlar_player_autoplay_count_from_rvs":true,"kevlar_miniplayer_set_element_early":true,"kevlar_one_pick_add_video_to_playlist":true,"polymer_enable_mdx":true,"autoplay_time":8000,"web_response_processor_support":true,"service_worker_push_home_page_prompt":true,"disable_youthere_lact_threshold_check":true,"web_gel_timeout_cap":true,"web_show_regex_error_textarea":true,"web_screen_associated_all_layers":true,"kevlar_settings_advanced":true,"kevlar_logged_out_topbar_menu_migration":true,"web_client_version_override":"","networkless_throttle_timeout":100,"desktop_themeable_vulcan":true,"web_op_continuation_type_banlist":[],"kevlar_op_migration_ypc":true,"enable_signals":true,"polymer2_element_pool_properties":true,"kevlar_transcript_engagement_panel":true,"overwrite_polyfill_on_logging_lib_loaded":true,"no_sub_count_on_sub_button":true,"kevlar_clean_up":true,"polymer2_not_shady_build":true,"enable_watch_next_pause_autoplay_lact":true,"user_mention_suggestions_edu_impression_cap":10,"kevlar_client_save_subs_preferences":true,"playlist_remove_watched":true,"log_web_endpoint_to_layer":true,"retry_web_logging_batches":true,"kevlar_frontend_queue_recover":true,"kevlar_thumbnail_fluid":true,"kevlar_disable_fast_player_sizing_on_channel_page":true,"live_chat_use_fetch_command":true,"searchbox_reporting":true,"web_logging_max_batch":150,"live_chat_create_iframe_buyflow_launcher_during_init":true,"kevlar_reposition_guide_html":true,"kevlar_miniplayer":true,"render_microformat_in_head":true,"render_base_tags_home_page":true,"desktop_pyv_on_watch_missing_params":true,"high_priority_flyout_frequency":3,"kevlar_prepare_player_on_miniplayer_activation":true,"kevlar_op_migration_batch_3":true,"kevlar_op_migration_batch_2":true,"player_enable_playback_playlist_change":true,"web_log_connection":true,"kevlar_next_up_next_edu_emoji":"","kevlar_include_query_in_search_endpoint":true,"custom_csi_timeline_use_gel":true,"polymer_task_manager_status":"production","kevlar_hide_time_continue_url_param":true,"watch_next_pause_autoplay_lact_sec":4500,"html5_experiment_id_label":0,"enable_alpaca_client_player_changes":true,"max_duration_to_consider_mouseover_as_hover":600000,"popup_for_sign_out_report_playlist":true,"web_refresh_info_panel":true,"serve_crosswalk_compliant_pdp":true,"kevlar_player_disable_rvs_update":true,"polymer_report_client_url_requested_rate":0.001,"desktop_polymer_video_masthead_session_tempdata_ttl":30,"log_js_error_clusters":1.0,"client_streamz_web_flush_interval_seconds":60,"desktop_web_client_version_override":"","kevlar_collect_battery_network_status":true,"web_show_description_tag_movies":true,"autoplay_pause_by_lact_sec":0,"use_typescript_transport":true,"disable_simple_mixed_direction_formatted_strings":true,"kevlar_disable_background_prefetch":true,"web_player_touch_mode_improvements":true,"kevlar_fix_miniplayer_logging":true,"render_channel_canonical_tags":true,"kevlar_log_native_right_click_ve":true,"viewport_load_collection_wait_time":0,"kevlar_thumbnail_overlay_button_refresh":true,"render_schema_org_album":true,"botguard_periodic_refresh":true,"kevlar_use_one_platform_for_queue_refresh":true,"desktop_search_prominent_thumbs_style":"DEFAULT","web_system_health_fraction":0.01,"kevlar_settings_privacy":true,"enable_ypc_spinners":true,"enable_player_microformat_data":true,"kevlar_home_skeleton":true,"kevlar_autonav_popup_filtering":true,"kevlar_use_endpoint_for_channel_creation_form":true,"element_pool_populator_auto_abort":true,"live_chat_use_youtube_hosted_tango_domains":true,"rich_grid_mini_mode":true,"kevlar_gaia_link":true,"ignore_empty_xhr":true,"kevlar_lazy_list_resume_for_autofill":true,"kevlar_transcript_panel_refreshed_styles":true,"persistent_miniplayer":true,"preview_play_duration":3000,"desktop_add_to_playlist_renderer_dialog_popup":true,"external_fullscreen_with_edu":true,"web_dont_cancel_pending_navigation_same_url":true,"enable_microformat_data":true,"kevlar_allow_queue_reorder":true,"kevlar_ad_badge_line_height_update":true,"enable_servlet_errors_streamz":true,"enable_mentions_in_reposts":true,"networkless_ytidb_version":1,"kevlar_js_fixes":true,"kevlar_mousedown_prefetchable_components":["ytd-playlist-video-renderer","ytd-grid-video-renderer","ytd-compact-video-renderer","ytd-video-renderer","ytd-playlist-panel-video-renderer"],"kevlar_menu_refresh":true,"recommended_video_reordering":true,"autoplay_time_for_music_content_after_autoplayed_video":-1,"desktop_sparkles_light_cta_button":true,"kevlar_client_side_screens":true,"kevlar_disable_channels_flow_param":true,"autoplay_time_for_music_content":-1,"kevlar_channel_trailer_multi_attach":true,"kevlar_mousedown_prefetch":true,"reload_without_polymer_innertube":true,"kevlar_exit_fullscreen_leaving_watch":true,"live_chat_continuations_migration":true,"your_data_entrypoint":true,"botguard_eval_with_script_tag":true,"kevlar_background_color_update":true,"kevlar_mix_handle_first_endpoint_different":true,"external_fullscreen_button_click_threshold":2,"add_device_theme_preference_web":true,"desktop_keyboard_capture_keydown_killswitch":true,"enable_memberships_and_purchases":true,"kevlar_playlist_drag_handles":true,"desktop_notification_high_priority_ignore_push":true,"kevlar_autofocus_menu_on_keyboard_nav":true,"kevlar_no_autoscroll_on_playlist_hover":true,"kevlar_playback_associated_queue":true,"enable_borders_on_community":true,"kevlar_queue_use_update_api":true,"service_worker_push_enabled":true,"visibility_time_between_jobs_ms":100,"live_chat_increased_min_height":true,"enable_yto_window":true,"service_worker_push_logged_out_prompt_watches":-1,"kevlar_keyboard_button_focus":true,"use_preview_selection_tool":true,"web_gel_debounce_ms":10000,"delay_gel_until_config_ready":true,"kevlar_op_migration":true,"spf_kevlar_assume_chunked":true,"player_doubletap_to_seek":true,"kevlar_serve_unversioned_binary":true,"desktop_swipeable_guide":true,"flush_onbeforeunload":true,"kevlar_watch_js_panel_height":true,"live_chat_live_commentary_mode":true,"web_emulated_idle_callback_delay":0,"desktop_search_prominent_thumbs":true,"external_fullscreen_button_shown_threshold":10,"kevlar_tooltip_impression_cap":2,"kevlar_persistent_guide_width_threshold":1312,"enable_web_poster_hover_animation":true,"kevlar_no_url_params":true,"web_move_passive_signin":true,"enable_masthead_quartile_ping_fix":true,"kevlar_watch_drag_handles":true,"kevlar_disable_preemptive_player_reset":true,"web_deprecate_service_ajax_map_dependency":true,"networkless_request_age_limit":30,"polymer_verifiy_app_state":true,"web_foreground_heartbeat_interval_ms":28000,"web_lifecycles":true,"kevlar_op_browse_sampled_prefix_ids":[],"csi_on_gel":true,"yoodle_base_url":"","enable_polymer_resin_migration":true,"web_op_endpoint_banlist":[],"enable_button_behavior_reuse":true,"fill_web_player_context_config":true,"yoodle_start_time_utc":0,"external_fullscreen":true,"allow_https_streaming_for_all":true,"kevlar_mealbar_above_player":true,"live_chat_unicode_emoji_json_url":"https:\/\/www.gstatic.com\/youtube\/img\/emojis\/emojis-svg-4.json","kevlar_abandon_on_stop":true,"ten_video_reordering":[0,1,2,3,6,4,5,7,8,9],"render_meta_general_tags":true,"enable_web_ketchup_hero_animation":true,"kevlar_icons_on_menus":true,"guide_business_info_countries":["KR"],"kevlar_legacy_browsers":true,"desktop_action_companion_wta_support":true,"kevlar_log_prefers_color_theme":true,"kevlar_settings_sharing":true,"kevlar_guide_refresh":true,"kevlar_miniplayer_no_update_on_deactivate":true,"enable_post_scheduling":true,"cold_missing_history":true,"debug_forced_internalcountrycode":"","kevlar_playlist_collapsible":true,"enable_call_to_action_clarification_renderer_bottom_section_conditions":true,"defer_menus":true,"consent_url_override":"","kevlar_time_caching_start_threshold":15,"should_clear_video_data_on_player_cued_unstarted":true,"enable_servlet_streamz":true,"defer_rendering_outside_visible_area":true,"kevlar_miniplayer_expand_top":true,"app_settings_snapshot_min_time_between_snapshots_hours":24,"enable_ve_tracker_key":true,"yoodle_alt_text_locale":"","desktop_client_release":true,"web_network_combined_catch":true,"kevlar_miniplayer_play_pause_on_scrim":true,"kevlar_nitrate_driven_tooltips":true,"enable_client_streamz_web":true,"kevlar_frontend_queue_automatic_recover":true,"web_player_enable_ipp":true,"kevlar_disable_html_imports":true,"kevlar_enable_reorderable_playlists":true,"player_bootstrap_method":true,"kevlar_deprecated_ticker":true,"web_enable_history_cache_map":true,"kevlar_gel_error_routing":true,"kevlar_home_keyboard_scroll_distance":0,"web_player_watch_next_response":true,"kevlar_copy_playlist":true,"kevlar_use_alpha_in_color_palettes":true,"kevlar_op_page_service_browse":true,"kevlar_save_queue":true,"kevlar_home_skeleton_hide_later":true,"suppress_sparkles_for_whitelisted_instream_on_desktop":true,"mdx_enable_privacy_disclosure_ui":true,"yoodle_end_time_utc":0,"polymer_bad_build_labels":true,"kevlar_use_response_ttl_to_invalidate_cache":true,"kevlar_use_ytd_player":true,"render_schema_org_tags":true,"enable_cookie_reissue_iframe":true,"skip_init_preview_selection":true,"network_polling_interval":30000,"decorate_autoplay_renderer":true,"web_post_search":true,"kevlar_player_response_swf_config_wrapper_killswitch":true,"kevlar_allow_multistep_video_init":true,"kevlar_enable_slis":true,"min_mouse_still_duration":100,"service_worker_push_force_notification_prompt_tag":"1","enable_lcr_broadcast_editor":true,"global_spacebar_pause":true,"polymer_warm_thumbnail_preload":true,"autoescape_tempdata_url":true,"minimum_duration_to_consider_mouseover_as_hover":500,"kevlar_playlist_autonav_loop_fix":true,"enable_device_forwarding_from_polymer_network_manager":true,"enable_service_ajax_csn":true,"kevlar_i18n_library":true,"kevlar_guide_ajax_migration":true,"rich_grid":true,"kevlar_settings_overview":true,"service_worker_enabled":true,"service_worker_push_prompt_cap":-1,"pbj_navigate_limit":-1,"kevlar_help_use_locale":true,"kevlar_next_cold_on_auth_change_detected":true,"kevlar_disable_prepare_player":true,"kevlar_player_playlist_use_local_index":true,"pair_servlet_deprecation_warning_enabled":true,"enable_premium_voluntary_pause":true,"render_meta_tags_labs":true,"kevlar_add_to_queue_option":true,"enable_lcr_new_header":true,"kevlar_ctrl_tap_fix":true,"gfeedback_for_signed_out_users_enabled":true,"kevlar_time_caching_end_threshold":15,"serve_pdp_at_canonical_url":true,"kevlar_no_early_init_unpause":true,"kevlar_enable_editable_playlists":true,"enable_super_vod_price_selector":true,"botguard_async_snapshot_timeout_ms":3000,"kevlar_mini_guide_width_threshold":791,"yoodle_start_time":"","prefetch_comments_ms_after_video":0,"enable_mixed_direction_formatted_strings":true,"kevlar_center_search_results":true,"service_worker_push_prompt_delay_microseconds":3888000000000,"polymer_video_renderer_defer_menu":true,"kevlar_hide_pp_url_param":true,"yoodle_end_time":"","web_yt_config_context":true,"networkless_retry_attempts":1,"show_ghost_card_continuations":0,"kevlar_op_infra":true,"yoodle_date_override_debug":"","fix_for_safari_desktop_masthead_banner_size":true,"log_js_exceptions_fraction":1.0,"kevlar_cancel_scheduled_comment_jobs_on_navigate":true,"kevlar_settings_playback":true,"suppress_gen_204":true,"kevlar_fallback_to_page_data_root_ve":true,"kevlar_watch_skeleton":true,"web_log_app_install_experiments":true,"kevlar_settings_billing":true,"kevlar_droppable_prefetchable_requests":true,"twelve_video_reordering":[0,1,2,4,7,8,3,5,6,9,10,11],"web_always_load_chat_support":true,"desktop_adjust_touch_target":true,"client_streamz_web_flush_count":100,"kevlar_snap_state_refresh":true,"cancel_pending_navs":true,"polymer2_polyfill_manual_flush":true,"enable_topsoil_wta_for_halftime":true,"desktop_pyv_on_watch_override_lact":true,"autoplay_pause_by_lact_sampling_fraction":0.0,"live_chat_over_playlist":true},"SERVICE_WORKER_PROMPT_NOTIFICATIONS":false,"DISABLE_YT_IMG_DELAY_LOADING":false,"LIVE_CHAT_BASE_TANGO_CONFIG":{"clientType":1057,"apiKey":"AIzaSyDZNkyC-AtROwMBpLfevIvqYk-Gfi8ZOeo","requiresAuthToken":true,"senderUri":"https:\/\/clients4.google.com\/invalidation\/lcs\/client","clientName":"yt-live-chat-anon","channelUri":"https:\/\/client-channel.google.com\/client-channel\/client","useNewTango":true},"SBOX_SETTINGS":{"SEARCHBOX_HOST_OVERRIDE":"","VISITOR_DATA":"Cgt2RW9GZkRpQVg3OCiKtNr8BQ%3D%3D","IS_FUSION":false,"IS_POLYMER":true,"REQUEST_DOMAIN":"us","SEARCHBOX_BEHAVIOR_EXPERIMENT":"zero-prefix","SUGG_EXP_ID":"ytpb_ce1
ytpo.bo.se=1
ytposo.bo.me=1
ytpo.bo.pdq=1
ytpo.bo.pdm=1800
ytpo.bo.pdb=2.0
ytposo.bo.pdq=1
ytposo.bo.pdm=1800
ytposo.bo.pdb=2.0
cfro=1
ytpo.bo.se=0
ytposo.bo.me=0","SEARCHBOX_ENABLE_REFINEMENT_SUGGEST":true,"SEND_VISITOR_DATA":true,"REQUEST_LANGUAGE":"en","HAS_ON_SCREEN_KEYBOARD":false,"SEARCHBOX_TAP_TARGET_EXPERIMENT":0,"SEARCHBOX_ZERO_TYPING_SUGGEST_USE_REGULAR_SUGGEST":"always"},"EVENT_ID":"CpqWX8uVIo6DkgbKr5Bo","ASYNC_WATCH":true,"LATEST_ECATCHER_SERVICE_TRACKING_PARAMS":{"client.name":"WEB"},"GAPI_LOCALE":"en_US","GAPI_HINT_PARAMS":"m;\/_\/scs\/abc-static\/_\/js\/k=gapi.gapi.en.9Ky5Gf3gP0o.O\/d=1\/ct=zgms\/rs=AHpOoo9ntgUgaVmSKxb6oXsk111880adyg\/m=__features__","INNERTUBE_API_VERSION":"v1","PLAYER_JS_URL":"\/s\/player\/4a1799bd\/player_ias.vflset\/en_US\/base.js","STAMPER_STABLE_LIST":true,"SBOX_JS_URL":"https:\/\/www.youtube.com\/s\/desktop\/28fc88c9\/jsbin\/www-searchbox.vflset\/www-searchbox.js","XSRF_FIELD_NAME":"session_token","DISABLE_WARM_LOADS":false,"NO_EMPTY_DATA_IMG":true,"DEFERRED_DETACH":true,"STS":18557,"COUNTRY":"United States","ZWIEBACK_PING_URLS":["https:\/\/www.google.com\/pagead\/lvz?evtid=AKB78chLJmp_pKADowGA2bTVTViCqWsZa2SPARyBKsTDXb-hQ41NRDlPaF7d9YNt-p1YKvitclA-C0YsgbxOr88yhR2Lps2XOA\u0026req_ts=1603705354\u0026pg=watch\u0026sigh=AKFpyYUXabyIIrmFBTyINV_w6Hzj7JgjpQ"],"CLIENT_TRANSPORT":"tcp","LOGGED_IN":false,"REUSE_COMPONENTS":true,"START_IN_FULL_WINDOW_MODE":false,"GOOGLE_FEEDBACK_PRODUCT_DATA":{"accept_language":null,"polymer2":"active","polymer":"active"},"VOZ_API_KEY":"AIzaSyBU2xE_JHvB6wag3tMfhxXpg2Q_W8xnM-I","XSRF_TOKEN":"QUFFLUhqbXlIWG9Ta2lCQzl2ZjhTV3Brd21rNUtRc1hFUXxBQ3Jtc0tsTWNyNVNlZ3VaLURzVzN4OGFIOUNEMmVNaFNBRi14bDFyS213TGFJUklPZWRicWdsTlBXaWZkR19sRlhPSTJwVzRpamI0VDBLMUV0NUVoZGlvWWdIYjlJNWlLOTcwZG9KZWZuMWEyWE9GdUxjN3VwdlN1bFdaSnpKM2FrWEUtNHVjRzJpUnBFSm4zTDloZ3VyWWxYTUJYdXpFSWc=","YPC_MB_URL":"https:\/\/payments.youtube.com\/payments\/v4\/js\/integrator.js?ss=md","INNERTUBE_CONTEXT_CLIENT_NAME":1,"ROOT_VE_TYPE":3832,"HTML_DIR":"ltr","GOOGLE_FEEDBACK_PRODUCT_ID":"59","HTML_LANG":"en","START_IN_THEATER_MODE":false,"VISITOR_DATA":"Cgt2RW9GZkRpQVg3OCiKtNr8BQ%3D%3D","LANGUAGE":"English","VISIBILITY_TIME_BETWEEN_JOBS_MS":100,"DEVICE":"cbr=Firefox\u0026cbrver=39.0\u0026ceng=Gecko\u0026cengver=39.0\u0026cos=Windows\u0026cosver=6.1","INNERTUBE_CONTEXT_HL":"en","SIGNIN_URL":"https:\/\/accounts.google.com\/ServiceLogin?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26feature%3D__FEATURE__%26hl%3Den%26next%3D%252Fwatch%253Fv%253DYXS66E6Zqr8\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3","PAGE_BUILD_LABEL":"youtube.ytfe.desktop_20201022_2_RC0","IS_TABLET":false,"XHR_APIARY_HOST":"youtubei.youtube.com","PLAYER_CSS_URL":"\/s\/player\/4a1799bd\/www-player.css","INNERTUBE_CONTEXT_GL":"US","ELEMENT_POOL_DEFAULT_CAP":75});ytcfg.set("SBOX_LABELS", {"SUGGESTION_DISMISSED_LABEL":"Suggestion removed","SUGGESTION_DISMISS_LABEL":"Remove"});var setMessage = function(msg) {if (window.yt && yt.setMsg) {yt.setMsg(msg);} else {window.ytcfg = window.ytcfg || {};ytcfg.msgs = msg;}};setMessage({'SIGN_IN_LABEL': "Sign in",'SHARE_LABEL': "Share",'GUIDE_ALT_LABEL': "Guide",'LOGO_ALT_LABEL': "YouTube Home",'BACK_ALT_LABEL': "Back",'CHOOSE_COUNTRY_LABEL': "Choose your location",'COUNTRY_LABEL': "Location:",'CHOOSE_LANGUAGE_LABEL': "Choose your language",'LANGUAGE_LABEL': "Language:",'TIMEZONE_FORMAT': "($utc_offset_text) $city_name",'LOCAL_TIME_LABEL': "Local Time",'LOCAL_TIME_GMT_LABEL': "Local Time ($gmt_text)",'UTC_OFFSET_FORMAT': "GMT$utc_offset",'ENTER_DATE_OR_EARLIER': "Enter $allowed_date or earlier",'ENTER_DATE_OR_LATER': "Enter $allowed_date or later",'INVALID_DATE_ERROR': "Invalid Date",'OFF': "Off",'ON': "On",'RESTRICTED_MODE_LABEL': "Restricted Mode:",'RESTRICTED_MODE_TEXT_LINE_1': "Restricted Mode hides videos that may contain inappropriate content flagged by users and other signals. No filter is 100% accurate
but it should help you avoid most inappropriate content.",'RESTRICTED_MODE_TEXT_LINE_2': "Your Restricted Mode setting will apply to this browser only.",'RESTRICTED_MODE_TITLE': "Restricted Mode",'IMAGE_HORIZONTAL_POSITION_LABEL': "The center of the preview is $x_percent% from the left and $y_percent% from the right.",'IMAGE_VERTICAL_POSITION_LABEL': "The center of the preview is $x_percent% from the top and $y_percent% from the bottom.",'REPOSITION_IMAGE_HORIZONTALLY_LABEL': "Use left and right arrow keys to reposition the preview",'REPOSITION_IMAGE_VERTICALLY_LABEL': "Use up and down arrow keys to reposition the preview",'REACH_TOP_OF_IMAGE_TEXT': "You have reached the top of the image",'REACH_BOTTOM_OF_IMAGE_TEXT': "You have reached the bottom of the image",'REACH_LEFT_OF_IMAGE_TEXT': "You have reached the left of the image",'REACH_RIGHT_OF_IMAGE_TEXT': "You have reached the right of the image",'SBOX_PLACEHOLDER': "Search",'SBOX_INAPPROPRIATE_PROMPT': "Report search predictions",'SBOX_INAPPROPRIATE_TITLE': "Report search predictions",'SBOX_INAPPROPRIATE_SUGGESTIONS': "Select predictions you would like to report:",'SBOX_INAPPROPRIATE_CATEGORY': "The selected predictions are:",'SBOX_INAPPROPRIATE_HATEFUL': "Hateful",'SBOX_INAPPROPRIATE_EXPLICIT': "Sexually explicit",'SBOX_INAPPROPRIATE_VIOLENT': "Violent",'SBOX_INAPPROPRIATE_DANGEROUS': "Dangerous and harmful activity",'SBOX_INAPPROPRIATE_OTHER': "Other",'SBOX_INAPPROPRIATE_REASON': "Reason (required)",'SBOX_INAPPROPRIATE_ADDITIONAL': "Provide additional details (optional)",'SBOX_INAPPROPRIATE_SUBMIT': "Submit",'SBOX_INAPPROPRIATE_REPORT': "Report",'SBOX_INAPPROPRIATE_CANCEL': "Cancel",'SBOX_INAPPROPRIATE_TOAST': "Thanks for your feedback!",'SBOX_VOICE_OVERLAY_PLACEHOLDER': "Listening...",'ADD_TO_DROPDOWN_LABEL': "Save to...",'REQUIRED_LABEL': "Required",'NO_ANGLE_BRACKET_LABEL': "Playlist name cannot contain \u003c or \u003e\n",'EDIT_AVATAR_LABEL': "Edit profile picture",'AD_BADGE_TEXT': "Ad",'EDU_GOT_IT': "Got It",'MINIPLAYER_COLLAPSE_LABEL': "Collapse",'MINIPLAYER_EXPAND_LABEL': "Expand",'QUEUE': "Queue",'ADDED_TO_QUEUE': "Added to queue",'QUEUE_CLEARED': {"case1": "1 video in the queue removed", "other": "# videos in the queue removed"},'QUEUE_CLEARED_UNPLURALIZED':"Queue cleared",'MINIPLAYER_CLOSE': "Close player",'QUEUE_CLOSE_MINIPLAYER_CONFIRM_TITLE': "Queue will be cleared",'QUEUE_CLOSE_MINIPLAYER_CONFIRM_BODY_TEXT': "Are you sure you want to close the player?",'QUEUE_RECOVER_BUTTON': "Restore",'QUEUE_RECOVER_MESSAGE': "Recover queue",'CLEAR': "Clear",'UNDO': "Undo",'CANCEL': "Cancel",'SUBS_FILTER_EDU_TEXT': "See new videos from each channel",'SUBS_GUIDE_ITEM_EDU_TEXT': "See new videos from all of your subscriptions",'SUBS_FILTER_EDU_CHANNEL_TEXT': "Now showing new videos from this channel.",'LIBRARY_GUIDE_ITEM_EDU_TITLE': "Check out your new Library",'LIBRARY_GUIDE_ITEM_EDU_TEXT': "Find your history
playlists
purchases
and more",'MENTIONS_EDU_TITLE': "Learn more",'MENTIONS_EDU_TEXT': "Go to the Help Center to see how mentions work on YouTube.",'NO_INTERNET_CONNECTION': "No internet connection",'CONNECT_TO_THE_INTERNET': "Connect to the internet",'OFFLINE_CHECK_CONNECTION': "You're offline. Check your connection.",'RETRY': "Retry",'JOIN_MEMBERSHIP_EDU_TITLE': "Membership",'JOIN_MEMBERSHIP_EDU_TEXT': "Get access to exclusive perks when you purchase a membership to this channel.",'SHARE_POST_EDU_TEXT': "Now you can share posts on YouTube",'FREEBIE_JOIN_MEMBERSHIP_EDU_TEXT': "This channel offers a membership which you can join for free with YouTube Premium",'MANAGE_MEMBERSHIP_EDU_TEXT': "Access your benefits and manage your membership from here."});})();ytcfg.set('MENTIONS_EDU_HELP_LINK', 'https://support.google.com/youtube/?p=creator_community');ytcfg.set('scheduler', {useRaf: true, timeout: 20});ytcfg.set('initialInnerWidth', window.innerWidth);ytcfg.set('initialInnerHeight', window.innerHeight);window.ytcfg.set('IS_WATCH_PAGE_COLD', true);window.ytcfg.set('LINK_API_KEY', "AIzaSyDophAQuyyiBr8h0nypEwXUKozH-BEswD0");window.ytcfg.set('LINK_GAL_DOMAIN', "https:\/\/accountlinking-pa-clients6.youtube.com");window.ytcfg.set('LINK_OIS_DOMAIN', "oauthintegrations.googleapis.com");if (window.ytcsi) {window.ytcsi.tick("lpcf", null, '');}</script>" - source
- File/Memory
- relevance
- 1/10
-
Contains object with compressed stream data
- details
-
Object ID 2 contains compressed stream data: No filters
Object ID 4 contains compressed stream data: No filters
Object ID 83 contains compressed stream data: No filters
Object ID 85 contains compressed stream data: No filters
Object ID 91 contains compressed stream data: No filters
Object ID 99 contains compressed stream data: \x00\x00?HLino\x02\x10\x00\x00mntrRGB XYZ \x07\xce\x00\x02\x00\x00\x06\x001\x00\x00acspMSFT\x00\x00\x00\x00IEC sRGB\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf6\xd6\x00\x01\x00\x00\x00\x00\xd3-HP \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0 ...
Object ID 101 contains compressed stream data: \x00\x00\x00
Object ID 103 contains compressed stream data: q
/GS0 gs
138 0 0 59.25 290.3416748 -2.0082703 cm
/Im0 Do
Q
Object ID 105 contains compressed stream data: q
/GS0 gs
138 0 0 59.25 158.0196838 -2.0082703 cm
/Im0 Do
Q
Object ID 107 contains compressed stream data: q
/GS0 gs
138 0 0 59.25 24.1394653 -2.0082703 cm
/Im0 Do
Q
Object ID 109 contains compressed stream data: q
/GS0 gs
737.9999413 0 0 170.9999864 55.1776487 342.2068306 cm
/Im0 Do
Q
Object ID 111 contains compressed stream data: q
/GS0 gs
138 0 0 59.25 430.042511 -2.0082703 cm
/Im0 Do
Q
Object ID 113 contains compressed stream data: q
/GS0 gs
138 0 0 59.25 564.0281982 -2.0082703 cm
/Im0 Do
Q
Object ID 115 contains compressed stream data: q
/GS0 gs
138 0 0 59.25 698.7372437 -2.0082703 cm
/Im0 Do
Q
Object ID 117 contains compressed stream data: true\x00
\x00\x80\x00\x03\x00POS/2\x00\x00\x00\x00\x00\x00\x00\xdc\x00\x00\x00`cmap\x91\xa5\xa3\x91\x00\x00\x01<\x00\x00\x05\xc4cvt \x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\xc8fpgm\x00\x00\x00\x00\x00\x00\x07\xc8\x00\x00
\x15glyf\x1dh\xa0\x00\x00\x ...
Object ID 119 contains compressed stream data: /CIDInit /ProcSet findresource begin
12 dict begin
begincmap
/CIDSystemInfo
<< /Registry (Adobe)
/Ordering (UCS) /Supplement 0 >> def
/CMapName /Adobe-Identity-UCS def
/CMapType 2 def
1 begincodespacerange
<0000> <FFFF>
endcodespace ...
Object ID 121 contains compressed stream data: true\x00
\x00\x80\x00\x03\x00POS/2\x00\x00\x00\x00\x00\x00\x7f\xac\x00\x00\x00`cmapgU\xe9\xd6\x00\x00Yh\x00\x00\x1f8cvt \x00\x00\x00\x00\x00\x00\x80?\x00\x00\x03lfpgm\x00\x00\x00\x00\x00\x00\x83x\x00\x00
\x1dglyfc)\xe6C\x00\x00\x00\xdc\x00\x0064head\x97\xc ...
Object ID 123 contains compressed stream data: /CIDInit /ProcSet findresource begin
12 dict begin
begincmap
/CIDSystemInfo
<< /Registry (Adobe)
/Ordering (UCS) /Supplement 0 >> def
/CMapName /Adobe-Identity-UCS def
/CMapType 2 def
1 begincodespacerange
<0000> <FFFF>
endcodespace ...
Object ID 125 contains compressed stream data: true\x00
\x00\x80\x00\x03\x00POS/2\x00\x00\x00\x00\x00\x00\x00\xdc\x00\x00\x00Ncmap\x89\xd3\xcb\xa1\x00\x00\x01*\x00\x00\x03Ncvt \x00\x00\x00\x00\x00\x00\x04x\x00\x00\x01\x8efpgm\x00\x00\x00\x00\x00\x00\x06\x06\x00\x00\x01\xd8glyf^\xf6y\xc8\x00\x00\x07\xde ...
Object ID 127 contains compressed stream data: /CIDInit /ProcSet findresource begin
12 dict begin
begincmap
/CIDSystemInfo
<< /Registry (Adobe)
/Ordering (UCS) /Supplement 0 >> def
/CMapName /Adobe-Identity-UCS def
/CMapType 2 def
1 begincodespacerange
<0000> <FFFF>
endcodespace ... - source
- Static Parser
- relevance
- 10/10
- ATT&CK ID
- T1207 (Show technique in the MITRE ATT&CK™ matrix)
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\Local\Acrobat Instance Mutex"
"\Sessions\1\BaseNamedObjects\DBWinMutex"
"DBWinMutex"
"Local\Acrobat Instance Mutex"
"com.adobe.acrobat.rna.RdrCefBrowserLock.DC"
"\Sessions\1\BaseNamedObjects\com.adobe.acrobat.rna.RdrCefBrowserLock.DC" - source
- Created Mutant
- relevance
- 3/10
-
PDF file has an embedded URL
- details
- "https://www.youtube.com/watch?v=YXS66E6Zqr8" (Based on: "d69f3cbb237cc24c9b6f78d733957ffd67c54218ea5ad7a105b23007b8afa474.bin")
- source
- File/Memory
- relevance
- 3/10
-
Process launched with changed environment
- details
-
Process "RdrCEF.exe" (Show Process) was launched with new environment variables: "PATH="%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\plug_ins;%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\;%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\test_tools""
Process "RdrCEF.exe" (Show Process) was launched with missing environment variables: "MEOW" - source
- Monitored Target
- relevance
- 10/10
-
Scanning for window names
- details
-
"AcroRd32.exe" searching for class "AdobeAcrobatSpeedLaunchCmdWnd"
"AcroRd32.exe" searching for class "AdobeReaderSpeedLaunchCmdWnd"
"AcroRd32.exe" searching for window "_AcroAppTimer"
"AcroRd32.exe" searching for class "Acrobat Instance Window Class"
"AcroRd32.exe" searching for class "ACROSEMAPHORE_R18"
"AcroRd32.exe" searching for class "JFWUI2" - source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1010 (Show technique in the MITRE ATT&CK™ matrix)
-
Spawns new processes
- details
-
Spawned process "RdrCEF.exe" with commandline "--backgroundcolor=16448250" (Show Process)
Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=4F2F8381F242281D95FEA6CC ..." (Show Process)
Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=2F19A802490060217F14331E ..." (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
Contains PDB pathways
-
Installation/Persistence
-
Creates new processes
- details
-
"RdrCEF.exe" is creating a new process (Name: "%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe", Handle: 1364), "RdrCEF.exe" is creating a new process (Name: "%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"
Handle: 1444) - source
- API Call
- relevance
- 8/10
-
Dropped files
- details
-
"GlobSettings" has type "ASCII text"
"SharedDataEvents-journal" has type "SQLite Rollback Journal"
"data_1" has type "data"
"A9Ra2zzxo_rvksqy_19c.tmp" has type "data"
"Visited Links" has type "data"
"0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl" has type "data"
"TMDocs.sav" has type "data"
"TMGrpPrm.sav" has type "data"
"SharedDataEvents" has type "SQLite 3.x database"
"A9R1ipv79o_rvksr2_19c.tmp" has type "Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)"
"CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl" has type "data"
"IconCacheRdr65536.dat" has type "data"
"urlref_httpswww.youtube.comwatchv_YXS66E6Zqr8" has type "HTML document ASCII text with very long lines" - source
- Binary File
- relevance
- 3/10
-
Touches files in the Windows directory
- details
-
"RdrCEF.exe" touched file "%WINDIR%\System32\spool\drivers\color\sRGB Color Space Profile.icm"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\ARIALN.TTF"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\arialbd.ttf"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\arialbi.ttf"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\ARIALNI.TTF"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\ariblk.ttf"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\ARIALNBI.TTF"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\times.ttf"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\segoeuil.ttf"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\SEGOEUISL.TTF"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\segoeui.ttf"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\segoeuii.ttf"
"RdrCEF.exe" touched file "%WINDIR%\Fonts\seguisb.ttf" - source
- API Call
- relevance
- 7/10
-
Creates new processes
-
Network Related
-
Found potential URL in binary/memory
- details
-
Pattern match: "www.cparityevent.com"
Pattern match: "https://www.youtube.com/watch?v=YXS66E6Zqr8"
Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#"
Heuristic match: "i:?4fQ.aX"
Pattern match: "www.youtube.com\//g"
Pattern match: "https://www.youtube.com/s/desktop/28fc88c9/img/favicon.ico"
Pattern match: "https://www.youtube.com/s/desktop/28fc88c9/jsbin/scheduler.vflset/scheduler.js"
Pattern match: "https://www.youtube.com,urlOverride"
Pattern match: "fonts.gstatic.com/s/roboto/v18/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2"
Pattern match: "fonts.googleapis.com/css?family=YT%20Sans%3A300%2C500%2C700"
Pattern match: "https://www.youtube.com/opensearch?locale=en_US"
Pattern match: "https://www.youtube.com/about/"
Pattern match: "https://www.youtube.com/about/press/"
Pattern match: "https://www.youtube.com/about/copyright/"
Pattern match: "https://www.youtube.com/creators/"
Pattern match: "https://www.youtube.com/ads/"
Pattern match: "https://developers.google.com/youtube"
Pattern match: "https://www.google.com/intl/en/policies/privacy/"
Pattern match: "https://www.youtube.com/about/policies/"
Pattern match: "https://www.youtube.com/howyoutubeworks?utm_campaign=ytgen&utm_source=ythp&utm_medium=LeftNav&utm_content=txt&u=https%3A%2F%2Fwww.youtube.com%2Fhowyoutubeworks%3Futm_source%3Dythp%26utm_medium%3DLeftNav%26utm_campaign%3Dytgen"
Pattern match: "https://www.youtube.com/s/desktop/28fc88c9/jsbin/spf.vflset/spf.js"
Pattern match: "https://www.youtube.com/s/desktop/28fc88c9/jsbin/network.vflset/network.js"
Pattern match: "https://www.youtube.com/s/desktop/28fc88c9/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js"
Pattern match: "https://www.youtube.com/s/desktop/28fc88c9/jsbin/webcomponents-lite-noPatch.vflset/webcomponents-lite-noPatch.js"
Pattern match: "https://www.youtube.com/s/desktop/28fc88c9/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js"
Pattern match: "https://www.youtube.com/s/desktop/28fc88c9/jsbin/desktop_polymer_inlined_html_polymer_flags_legacy_browsers.vflset/desktop_polymer_inlined_html_polymer_flags_legacy_browsers.js;document.body.appendChild(script);script.onload"
Pattern match: "https://m.youtube.com/watch?v=YXS66E6Zqr8"
Pattern match: "https://youtu.be/YXS66E6Zqr8"
Pattern match: "www.youtube.com/watch?v=YXS66E6Zqr8"
Pattern match: "http://www.youtube.com/oembed?format=json&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DYXS66E6Zqr8"
Pattern match: "http://www.youtube.com/oembed?format=xml&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DYXS66E6Zqr8"
Pattern match: "https://i.ytimg.com/vi/YXS66E6Zqr8/maxresdefault.jpg"
Pattern match: "www.youtube.com/watch?v=YXS66E6Zqr8&feature=applinks"
Pattern match: "https://www.youtube.com/watch?v=YXS66E6Zqr8&feature=applinks"
Pattern match: "https://www.youtube.com/embed/YXS66E6Zqr8"
Pattern match: "https://accounts.google.com/ServiceLogin?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26feature%3Dpassive%26hl%3Den%26next%3D%252Fsignin_passive&hl=en&passive=true&service=youtube&uilel=3"
Pattern match: "http://schema.org/VideoObject"
Pattern match: "http://schema.org/Person"
Pattern match: "http://www.youtube.com/channel/UCr43AoIEb6NdVyDaNBXN6vw"
Pattern match: "http://schema.org"
Pattern match: "www.youtube.com\/channel\/UCr43AoIEb6NdVyDaNBXN6vw"
Pattern match: "http://schema.org/ImageObject" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
-
Spyware/Information Retrieval
-
Found a reference to a known community page
- details
-
"https://www.youtube.com/watch?v=YXS66E6Zqr8" (Indicator: "youtube")
""client.params":"unhandled window error",file:c.fileName,line:e,stack:d.substr(0,500)};c="<anonymous>"===c.fileName;d=d.replace(/https:\/\/www.youtube.com\//g,"");d.match(/https?:\/\/[^/]+\//)&&(c=!0);c&&(b.level="WARNING");c=[window.ytcfg.get("EMERGENCY_BASE_URL","https://www.youtube.com/error_204?t=jserror&level=ERROR")];for(var f in b)(d=b[f])&&c.push(f+"="+encodeURIComponent(d));a.src=c.join("&")}};" (Indicator: "youtube")
"<script src="https://www.youtube.com/s/desktop/28fc88c9/jsbin/scheduler.vflset/scheduler.js" type="text/javascript" name="scheduler/scheduler" ></script>" (Indicator: "youtube")
"ytcfg.set({"INNERTUBE_CONTEXT":{"client":{"hl":"en","gl":"US","visitorData":"Cgt2RW9GZkRpQVg3OCiKtNr8BQ%3D%3D","userAgent":"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
gzip(gfe)","clientName":"WEB","clientVersion":"2.20201023.02.00","osName%WINDIR%\,"osVersion":"6.1","browserName":"Firefox","browserVersion":"39.0"},"request":{"sessionId":"6887862049815041001"},"adSignalsInfo":{"consentBumpParams":{"consentHostnameOverride":"https://www.youtube.com","urlOverride":""}}}});" (Indicator: "youtube")
"</style><link rel="search" type="application/opensearchdescription+xml" href="https://www.youtube.com/opensearch?locale=en_US" title="YouTube"><link rel="manifest" href="/s/notifications/manifest/manifest.json" crossorigin="use-credentials"> end of chunk --> <script >" (Indicator: "youtube")
"<g id="youtube-paths">" (Indicator: "youtube")
"<g id="youtube-red-paths">" (Indicator: "youtube")
"<a slot="guide-links-primary" href="https://www.youtube.com/about/" style="display: none;">About</a>" (Indicator: "youtube")
"<a slot="guide-links-primary" href="https://www.youtube.com/about/press/" style="display: none;">Press</a>" (Indicator: "youtube")
"<a slot="guide-links-primary" href="https://www.youtube.com/about/copyright/" style="display: none;">Copyright</a>" (Indicator: "youtube")
"<a slot="guide-links-primary" href="https://www.youtube.com/creators/" style="display: none;">Creators</a>" (Indicator: "youtube")
"<a slot="guide-links-primary" href="https://www.youtube.com/ads/" style="display: none;">Advertise</a>" (Indicator: "youtube")
"<a slot="guide-links-primary" href="https://developers.google.com/youtube" style="display: none;">Developers</a>" (Indicator: "youtube")
"<a slot="guide-links-secondary" href="https://www.youtube.com/about/policies/" style="display: none;">Policy & Safety</a>" (Indicator: "youtube")
"<a slot="guide-links-secondary" href="https://www.youtube.com/howyoutubeworks?utm_campaign=ytgen&utm_source=ythp&utm_medium=LeftNav&utm_content=txt&u=https%3A%2F%2Fwww.youtube.com%2Fhowyoutubeworks%3Futm_source%3Dythp%26utm_medium%3DLeftNav%26utm_campaign%3Dytgen" style="display: none;">How YouTube works</a>" (Indicator: "youtube")
"<script src="https://www.youtube.com/s/desktop/28fc88c9/jsbin/spf.vflset/spf.js" type="text/javascript" name="spf/spf" ></script>" (Indicator: "youtube")
"<script src="https://www.youtube.com/s/desktop/28fc88c9/jsbin/network.vflset/network.js" type="text/javascript" name="network/network" ></script>" (Indicator: "youtube")
"<script src="https://www.youtube.com/s/desktop/28fc88c9/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js" type="text/javascript" name="web-animations-next-lite.min/web-animations-next-lite.min" ></script>" (Indicator: "youtube")
"<script src="https://www.youtube.com/s/desktop/28fc88c9/jsbin/webcomponents-lite-noPatch.vflset/webcomponents-lite-noPatch.js" type="text/javascript" name="webcomponents-lite-noPatch/webcomponents-lite-noPatch" ></script>" (Indicator: "youtube")
"<script src="https://www.youtube.com/s/desktop/28fc88c9/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js" type="text/javascript" name="www-i18n-constants/www-i18n-constants" ></script>" (Indicator: "youtube") - source
- File/Memory
- relevance
- 7/10
-
Found a reference to a known community page
-
Unusual Characteristics
-
Contains embedded objects that might be interesting to investigate
- details
-
Embedded object type "/ObjStm" (ID: 2, References: )
Embedded object type "/ObjStm" (ID: 4, References: 98 0 R,93 0 R,94 0 R,95 0 R,92 0 R,8 0 R,9 0 R,8 0 R,9 0 R,11 0 R,7 0 R,6 0 R,99 0 R,12 0 R,101 0 R,12 0 R,16 0 R,103 0 R,18 0 R,12 0 R,20 0 R,105 0 R,22 0 R,12 0 R,24 0 R,107 0 R,26 0 R,12 0 R,30 0 R,109 0 R,32 0 R,12 0 R,36 0 R,111 0 R,38 0 R,12 0 R,40 0 R,113 0 R,42 0 R,12 0 R,44 0 R,115 0 R,46 0 R,117 0 R,48 0 R,119 0 R,121 0 R,50 0 R,123 0 R,125 0 R,52 0 R,127 0 R,129 0 R,54 0 R,131 0 R,12 0 R,12 0 R,58 0 R,59 0 R,133 0 R,61 0 R,12 0 R,12 0 R,12 0 R,12 0 R,12 0 R,135 0 R,70 0 R,12 0 R,12 0 R,12 0 R,12 0 R,12 0 R,12 0 R,12 0 R,12 0 R)
Embedded object type "/ObjStm" (ID: 83, References: )
Embedded object type "/ObjStm" (ID: 85, References: 87 0 R,88 0 R,89 0 R,90 0 R,137 0 R,138 0 R,139 0 R,140 0 R,141 0 R,86 0 R,142 0 R,143 0 R,144 0 R,145 0 R,146 0 R,86 0 R,147 0 R,148 0 R,149 0 R,150 0 R,151 0 R,86 0 R,152 0 R,153 0 R,154 0 R,155 0 R,156 0 R,157 0 R,158 0 R,86 0 R)
Embedded object type "/ObjStm" (ID: 91, References: 249 0 R,254 0 R,245 0 R,251 0 R,258 0 R,255 0 R,246 0 R,250 0 R,252 0 R,257 0 R,247 0 R,253 0 R,248 0 R,256 0 R,261 0 R,262 0 R,259 0 R,264 0 R,265 0 R,266 0 R,267 0 R,224 0 R,242 0 R,238 0 R,239 0 R,243 0 R,244 0 R,240 0 R,241 0 R,237 0 R,236 0 R,235 0 R,234 0 R,233 0 R,232 0 R,231 0 R,225 0 R,230 0 R,229 0 R,227 0 R,219 0 R,218 0 R,215 0 R,216 0 R,222 0 R,217 0 R,221 0 R,220 0 R,211 0 R,208 0 R,210 0 R,209 0 R,213 0 R,206 0 R,207 0 R,214 0 R,212 0 R,205 0 R,263 0 R,192 0 R,200 0 R,201 0 R,204 0 R,202 0 R,203 0 R,199 0 R,194 0 R,195 0 R,196 0 R,198 0 R,193 0 R,197 0 R,377 0 R,378 0 R,98 0 R,96 0 R,97 0 R)
Embedded object type "/ObjStm" (ID: 159, References: 291 0 R,1045 0 R,271 0 R,7 0 R,158 0 R,1047 0 R,1049 0 R,274 0 R,7 0 R,158 0 R,1051 0 R,280 0 R,7 0 R,158 0 R,1053 0 R,270 0 R,7 0 R,158 0 R,1055 0 R,1057 0 R,278 0 R,7 0 R,158 0 R,1059 0 R,1061 0 R,275 0 R,7 0 R,158 0 R,1063 0 R,1065 0 R,282 0 R,7 0 R,158 0 R,1067 0 R,285 0 R,7 0 R,158 0 R,1069 0 R,290 0 R,7 0 R,158 0 R,1071 0 R,284 0 R,7 0 R,158 0 R,1073 0 R,288 0 R,7 0 R,158 0 R,1075 0 R,272 0 R,7 0 R,158 0 R,1077 0 R,277 0 R,7 0 R,158 0 R,1079 0 R,1081 0 R,161 0 R,7 0 R,158 0 R,1083 0 R,169 0 R,7 0 R,158 0 R,1085 0 R,168 0 R,7 0 R,158 0 R,1087 0 R,172 0 R,7 0 R,158 0 R,1089 0 R,167 0 R,7 0 R,158 0 R,1091 0 R,171 0 R,7 0 R,158 0 R,1093 0 R,162 0 R,7 0 R,158 0 R,1095 0 R,170 0 R,7 0 R,158 0 R,1097 0 R,175 0 R,7 0 R,158 0 R,1099 0 R,389 0 R,7 0 R,158 0 R,1101 0 R,176 0 R,7 0 R,158 0 R,1103 0 R,1105 0 R,173 0 R,7 0 R,158 0 R,1107 0 R,1109 0 R,391 0 R,7 0 R,158 0 R,1111 0 R,160 0 R,7 0 R,158 0 R,1113 0 R,164 0 R,7 0 R,158 0 R,1115 0 R,163 0 R,7 0 R,158 0 R,1117 0 R,390 0 R,7 0 R,158 0 R,1119 0 R,1121 0 R,174 0 R,7 0 R,158 0 R,228 0 R,1123 0 R,1125 0 R,386 0 R,7 0 R,158 0 R,1127 0 R,178 0 R,7 0 R,158 0 R,228 0 R,1129 0 R,1131 0 R,177 0 R,7 0 R,158 0 R,1133 0 R,1135 0 R,165 0 R,7 0 R,158 0 R,1137 0 R,166 0 R,7 0 R,158 0 R,1139 0 R,182 0 R,7 0 R,158 0 R,1141 0 R,180 0 R,7 0 R,158 0 R,1143 0 R,179 0 R,7 0 R,158 0 R,1145 0 R,181 0 R,7 0 R,158 0 R,384 0 R,1147 0 R,1147 0 R,7 0 R,158 0 R,385 0 R,1149 0 R,1149 0 R,7 0 R,158 0 R,1151 0 R,183 0 R,7 0 R,158 0 R,1153 0 R,383 0 R,7 0 R,158 0 R,1155 0 R,382 0 R,7 0 R,158 0 R,1157 0 R,185 0 R,7 0 R,158 0 R,1159 0 R,187 0 R,7 0 R,158 0 R,1161 0 R,381 0 R,7 0 R,158 0 R,1163 0 R,380 0 R,7 0 R,158 0 R,1165 0 R,184 0 R,7 0 R,158 0 R,1167 0 R,370 0 R,7 0 R,158 0 R,1169 0 R,189 0 R,7 0 R,158 0 R,1171 0 R,369 0 R,7 0 R,158 0 R,1173 0 R,1175 0 R,365 0 R,7 0 R,158 0 R,1177 0 R,188 0 R,7 0 R,158 0 R,1179 0 R,191 0 R,7 0 R,158 0 R,1181 0 R,371 0 R,7 0 R,158 0 R,1183 0 R,367 0 R,7 0 R,158 0 R,1185 0 R,366 0 R,7 0 R,158 0 R,1187 0 R,186 0 R,7 0 R,158 0 R,1189 0 R,190 0 R,7 0 R,158 0 R,1191 0 R,1193 0 R,387 0 R,7 0 R,158 0 R,1195 0 R,368 0 R,7 0 R,158 0 R,1197 0 R,372 0 R,7 0 R,158 0 R,1199 0 R,1201 0 R,273 0 R,7 0 R,158 0 R)
Embedded object type "/ObjStm" (ID: 260, References: 291 0 R,1203 0 R,1205 0 R,281 0 R,7 0 R,158 0 R,1207 0 R,1209 0 R,268 0 R,7 0 R,158 0 R,1211 0 R,287 0 R,7 0 R,158 0 R,1213 0 R,1215 0 R,279 0 R,7 0 R,158 0 R,1217 0 R,1219 0 R,289 0 R,7 0 R,158 0 R,1221 0 R,1223 0 R,286 0 R,7 0 R,158 0 R,1225 0 R,1227 0 R,269 0 R,7 0 R,158 0 R)
Embedded object type "/ObjStm" (ID: 291, References: 1229 0 R,294 0 R,294 0 R,293 0 R,1231 0 R,1233 0 R,298 0 R,294 0 R,309 0 R,12 0 R,312 0 R,1235 0 R,1237 0 R,307 0 R,304 0 R,1239 0 R,311 0 R,303 0 R,315 0 R,1241 0 R,300 0 R,296 0 R,299 0 R,1243 0 R,301 0 R,12 0 R,316 0 R,1245 0 R,306 0 R,314 0 R,319 0 R,317 0 R,322 0 R,324 0 R,1247 0 R,318 0 R,1249 0 R,1251 0 R,1253 0 R,1255 0 R,1257 0 R,1259 0 R,323 0 R,325 0 R,483 0 R,1261 0 R,329 0 R,1263 0 R,326 0 R,557 0 R,1265 0 R,334 0 R,1267 0 R,336 0 R,1269 0 R,1271 0 R,333 0 R,335 0 R,558 0 R,1273 0 R,1275 0 R,338 0 R,1277 0 R,1279 0 R,1281 0 R,341 0 R,1283 0 R,342 0 R,1285 0 R,12 0 R,50 0 R,1287 0 R,12 0 R,50 0 R,1289 0 R,354 0 R,1291 0 R,1293 0 R,12 0 R,1295 0 R,1297 0 R,1299 0 R,362 0 R,360 0 R,1301 0 R,364 0 R,359 0 R,358 0 R,1303 0 R,1023 0 R,1305 0 R,1024 0 R,1307 0 R,1025 0 R,1309 0 R,228 0 R,1311 0 R,1313 0 R,1315 0 R,276 0 R,7 0 R,158 0 R,1317 0 R,1319 0 R,283 0 R,7 0 R,158 0 R,1019 0 R,1321 0 R,1026 0 R,1323 0 R)
Embedded object type "/ObjStm" (ID: 452, References: 1345 0 R,454 0 R,1347 0 R,457 0 R)
Embedded object type "/ObjStm" (ID: 461, References: 463 0 R,503 0 R,7 0 R,12 0 R,464 0 R,1349 0 R,466 0 R,12 0 R,468 0 R,1351 0 R,470 0 R,12 0 R,472 0 R,1353 0 R,474 0 R,294 0 R,294 0 R,294 0 R,294 0 R,294 0 R,294 0 R,479 0 R,1355 0 R,481 0 R,1357 0 R,484 0 R,485 0 R,486 0 R,487 0 R,488 0 R,489 0 R,12 0 R,490 0 R,12 0 R,12 0 R,12 0 R,12 0 R,12 0 R,1359 0 R,499 0 R,12 0 R,12 0 R,12 0 R)
Embedded object type "/ObjStm" (ID: 521, References: 523 0 R,524 0 R,7 0 R,7 0 R,12 0 R,526 0 R,1367 0 R,528 0 R,12 0 R,530 0 R,1369 0 R,532 0 R,12 0 R,534 0 R,1371 0 R,536 0 R,12 0 R,538 0 R,1373 0 R,540 0 R,12 0 R,542 0 R,1375 0 R,544 0 R,12 0 R,546 0 R,1377 0 R,548 0 R,12 0 R,550 0 R,1379 0 R,552 0 R,1381 0 R,1383 0 R,554 0 R,555 0 R,556 0 R,1385 0 R,12 0 R,12 0 R,1387 0 R,561 0 R,12 0 R,12 0 R,1389 0 R,565 0 R,12 0 R,12 0 R,568 0 R,1391 0 R,570 0 R,12 0 R,12 0 R,12 0 R,12 0 R,12 0 R,12 0 R,12 0 R,12 0 R,12 0 R,12 0 R)
Embedded object type "/ObjStm" (ID: 617, References: 12 0 R,622 0 R,1405 0 R,624 0 R,626 0 R,1407 0 R,628 0 R,12 0 R,1409 0 R,631 0 R,12 0 R,12 0 R,12 0 R,12 0 R,1411 0 R,637 0 R,12 0 R,12 0 R,12 0 R,1413 0 R,642 0 R,12 0 R,12 0 R,12 0 R,1415 0 R,647 0 R,12 0 R,12 0 R,12 0 R,1417 0 R,652 0 R,12 0 R,12 0 R,12 0 R,657 0 R,1419 0 R,659 0 R,12 0 R,661 0 R,1421 0 R,663 0 R,12 0 R,665 0 R,1423 0 R,667 0 R,12 0 R,12 0 R)
Embedded object type "/ObjStm" (ID: 691, References: 12 0 R,1437 0 R,693 0 R,12 0 R,12 0 R,12 0 R,1439 0 R,698 0 R,12 0 R,12 0 R,12 0 R)
Embedded object type "/ObjStm" (ID: 711, References: 12 0 R,1445 0 R,714 0 R,12 0 R,12 0 R,1447 0 R,718 0 R,12 0 R,12 0 R,12 0 R,12 0 R,1449 0 R,724 0 R,12 0 R,12 0 R,12 0 R)
Embedded object type "/ObjStm" (ID: 739, References: 12 0 R,12 0 R,1457 0 R,742 0 R,12 0 R,12 0 R,12 0 R,12 0 R,1459 0 R,748 0 R,12 0 R,12 0 R)
Embedded object type "/ObjStm" (ID: 762, References: 12 0 R,12 0 R,1465 0 R,765 0 R,12 0 R,12 0 R,12 0 R,12 0 R,1467 0 R,771 0 R,12 0 R,12 0 R)
Embedded object type "/ObjStm" (ID: 785, References: 12 0 R,12 0 R,1473 0 R,788 0 R,12 0 R,12 0 R,12 0 R)
Embedded object type "/ObjStm" (ID: 803, References: 12 0 R,1477 0 R,805 0 R,12 0 R,1479 0 R,808 0 R,12 0 R,12 0 R,12 0 R,12 0 R,1481 0 R,814 0 R,12 0 R,12 0 R,12 0 R)
Embedded object type "/ObjStm" (ID: 829, References: 12 0 R,1489 0 R,831 0 R,12 0 R,12 0 R,12 0 R,1491 0 R,836 0 R,12 0 R,12 0 R,12 0 R)
Embedded object type "/ObjStm" (ID: 847, References: 12 0 R,12 0 R,1497 0 R,850 0 R,12 0 R,12 0 R,12 0 R) - source
- Static Parser
- relevance
- 5/10
-
Contains embedded objects that might be interesting to investigate
File Details
AGENDA Opex Amsterdam 2021.pdf
- Filename
- AGENDA Opex Amsterdam 2021.pdf
- Size
- 2.8MiB (2898562 bytes)
- Type
- Description
- PDF document, version 1.7
- Document creator
- Adobe InDesign 15.1 (Macintosh)
- Document producer
- Adobe PDF Library 15.0
- Document pages
- 22
- Architecture
- WINDOWS
- SHA256
- d69f3cbb237cc24c9b6f78d733957ffd67c54218ea5ad7a105b23007b8afa474
- MD5
- c86e8ce69bb4528117bd0fb6de3a0d82
- SHA1
- 02f6c625369f8f69daef551199f5053923912e77
- ssdeep
- 24576:OkYHD6sOYJs4scneEXVd0uqvil/XKL6xHShutphsry5xR:OkUaLgBGilvKmYWRB
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 4 processes in total.
-
AcroRd32.exe
"C:\AGENDAOpexAmsterdam2021.pdf"
(PID: 1632)
-
RdrCEF.exe
--backgroundcolor=16448250
(PID: 3716)
- RdrCEF.exe --type=renderer --primordial-pipe-token=4F2F8381F242281D95FEA6CCAE795170 --lang=en-US --disable-pack-loading --lang=en-US --log-file="%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/18.9.20044 Chrome/59.0.3071.15" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=4F2F8381F242281D95FEA6CCAE795170 --renderer-client-id=2 --mojo-platform-channel-handle=1300 --allow-no-sandbox-job /prefetch:1 (PID: 1252)
- RdrCEF.exe --type=renderer --primordial-pipe-token=2F19A802490060217F14331EE04173A9 --lang=en-US --disable-pack-loading --lang=en-US --log-file="%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/18.9.20044 Chrome/59.0.3071.15" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=2F19A802490060217F14331EE04173A9 --renderer-client-id=3 --mojo-platform-channel-handle=1356 --allow-no-sandbox-job /prefetch:1 (PID: 3796)
-
RdrCEF.exe
--backgroundcolor=16448250
(PID: 3716)
Network Analysis
DNS Requests
No relevant DNS requests were made.
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
-
Informative 13
-
-
GlobSettings
- Size
- 24B (24 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- AcroRd32.exe (PID: 1632)
- MD5
- dd4a3bd8b9ff61628346391ea9987e1d
- SHA1
- 474076c122cacaaf112469fc62976bb69187aa2b
- SHA256
- 7c22c759ca704106556bbc4fc10b7f53404ca1f8b40f01038d3f7c4b8183f486
-
data_1
- Size
- 264KiB (270336 bytes)
- Type
- data
- Runtime Process
- RdrCEF.exe (PID: 3716)
- MD5
- 81c8414df2e29341080463d9e2fe14f5
- SHA1
- b2edd6ff77f17fb664a8da8c11a8d6fab3f987c3
- SHA256
- f55cb65289cf59f3828ca486af60bc450b1988492edafe0c18373fe5e06855bc
-
Visited Links
- Size
- 128KiB (131072 bytes)
- Type
- data
- Runtime Process
- RdrCEF.exe (PID: 3716)
- MD5
- 81a284a2b84dde3230ff339415b0112f
- SHA1
- f61be0648fe365bc7d398aa4907c097a06739384
- SHA256
- cdb94563c99017ea9eb34642740794033fb48257f3f06df0ab5af0da5f7cbf6c
-
IconCacheRdr65536.dat
- Size
- 258KiB (264002 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 1632)
- MD5
- 60bece02ae0582fa59e017e25a899309
- SHA1
- fa1bb047b798f4b91499425700a1f7ee9f1a2188
- SHA256
- ae354272c9089bd22ae38b01547f1107c877a93ffae9aa26cd3e6b8c5ff48650
-
SharedDataEvents
- Size
- 5KiB (5120 bytes)
- Type
- data
- Description
- SQLite 3.x database
- Runtime Process
- AcroRd32.exe (PID: 1632)
- MD5
- d2b926dd3fcb8086ace662494c3b88a9
- SHA1
- 40e62af76d69433d9c8e0533091a0729d81f281b
- SHA256
- 197a014cd7528edfe8f12349520028a051b4f8426973efa527bc6cf99be6bdfe
-
A9Ra2zzxo_rvksqy_19c.tmp
- Size
- 2B (2 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 1632)
- MD5
- c4103f122d27677c9db144cae1394a66
- SHA1
- 1489f923c4dca729178b3e3233458550d8dddf29
- SHA256
- 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
-
SharedDataEvents-journal
- Size
- 2.5KiB (2576 bytes)
- Type
- data
- Description
- SQLite Rollback Journal
- Runtime Process
- AcroRd32.exe (PID: 1632)
- MD5
- 175e8f6ff830734e221040f67d247417
- SHA1
- 710f233980f445fe0070f57376b60bca9f36f8c9
- SHA256
- 8db7b46e451c6cbce5322323ad7d45b8f5b1c11041e3e434a075fe4d1123f7be
-
0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl
- Size
- 637B (637 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 1632)
- MD5
- 974e8536b8767ac5be204f35d16f73e8
- SHA1
- e847897947a3db26e35cb7d490c688e8c410dfb7
- SHA256
- d1bb4b163fe01acc368a92b385bb0bd3a9fc2340b6d485b77a20553a713166d3
-
TMDocs.sav
- Size
- 36B (36 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 1632)
- MD5
- 5c6b932a79952b4b27833691305e61db
- SHA1
- 09804db0986a989c2c49cdcea563567fb4c7b1a0
- SHA256
- dee5a5925227b125f4ac6d9b70a277e6ec8494ffc73d1cce9e08cc7a78d6208a
-
TMGrpPrm.sav
- Size
- 54B (54 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 1632)
- MD5
- 6a614a7743b0c781aaeca60448e861d6
- SHA1
- 67b7df5ebeb4527e4c31f3f9b7e52a0581dc4b6d
- SHA256
- 9703120dc62c2c3f843bad5b1e77594682ca7820f0345ae0bbd73021c1427146
-
A9R1ipv79o_rvksr2_19c.tmp
- Size
- 9.5KiB (9737 bytes)
- Type
- data
- Description
- Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
- Runtime Process
- AcroRd32.exe (PID: 1632)
- MD5
- 4112fbc70ea3a37f64de226ea646979a
- SHA1
- 04135085477108dfd0693090b54227cc493025a3
- SHA256
- 42a850147cf596396bede5dab89e19580c09b58b610ece5e525b37618b4826d0
-
CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl
- Size
- 425B (425 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 1632)
- MD5
- b1783b97d2072e141e12e8911e151704
- SHA1
- e3a9fe0da15be51286f39d6092e9126443669e49
- SHA256
- 9009ab7605c35a2b5121b8b5c966b3c893edba9966925268c45ad05b348671c8
-
urlref_httpswww.youtube.comwatchv_YXS66E6Zqr8
- Size
- 407KiB (416260 bytes)
- Type
- html
- Description
- HTML document, ASCII text, with very long lines
- Runtime Process
- AcroRd32.exe (PID: 1632)
- Context
- https://www.youtube.com/watch?v=YXS66E6Zqr8
- MD5
- 43f9214272513d15b4b3dd55383fdbb1
- SHA1
- 0d5c7a560444708aa0b79a62dd60ece3fef466b5
- SHA256
- 6ee7d2d764cc88f64546e8d14933ac45c48bc554d2e79966cd7906ac0d5f0c2a
-
Notifications
-
Runtime
- Network whitenoise filtering was applied
- Not all Falcon MalQuery lookups completed in time
- Not all IP/URL string resources were checked online
- Not all sources for indicator ID "api-55" are available in the report
- Not all sources for indicator ID "static-10" are available in the report
- Not all sources for indicator ID "static-66" are available in the report
- Not all sources for indicator ID "string-10" are available in the report
- Some low-level data is hidden, as this is only a slim report