Windows Analysis Report
JI3Rv58g76.exe

Overview

General Information

Sample name: JI3Rv58g76.exe
renamed because original name is a hash value
Original sample name: 2f8912af892c160c1c24c9f38a60c1ab.exe
Analysis ID: 1417245
MD5: 2f8912af892c160c1c24c9f38a60c1ab
SHA1: d2deae508e262444a8f15c29ebcc7ebbe08a3fdb
SHA256: 59ff8e0aa665fbbf749c7548906a655cb1869bb58a3b7546efa5b416d19e6308
Tags: exe
Infos:

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found iframes
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTML body contains password input but no form action
HTML title does not match URL
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: JI3Rv58g76.exe ReversingLabs: Detection: 34%
Machine Learning detection for sample
Source: JI3Rv58g76.exe Joe Sandbox ML: detected
Found iframes
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKIuocJy9vCuaXZjqnZp-Rla20NkWAk2w_IuCWxTbox4wyWdR0ESkMZmyDuLe4ttEoiOPMsb_w&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-183574697%3A1711652770509580&theme=mn&ddm=0 HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1610832587&timestamp=1711652776511
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKIuocJy9vCuaXZjqnZp-Rla20NkWAk2w_IuCWxTbox4wyWdR0ESkMZmyDuLe4ttEoiOPMsb_w&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-183574697%3A1711652770509580&theme=mn&ddm=0 HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1610832587&timestamp=1711652776511
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKIuocJy9vCuaXZjqnZp-Rla20NkWAk2w_IuCWxTbox4wyWdR0ESkMZmyDuLe4ttEoiOPMsb_w&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-183574697%3A1711652770509580&theme=mn&ddm=0 HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKIuocJy9vCuaXZjqnZp-Rla20NkWAk2w_IuCWxTbox4wyWdR0ESkMZmyDuLe4ttEoiOPMsb_w&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-183574697%3A1711652770509580&theme=mn&ddm=0 HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1610832587&timestamp=1711652776511
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKIuocJy9vCuaXZjqnZp-Rla20NkWAk2w_IuCWxTbox4wyWdR0ESkMZmyDuLe4ttEoiOPMsb_w&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-183574697%3A1711652770509580&theme=mn&ddm=0 HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKJmEIrYNMyvdZoSqMiTebhW4lcpvlZ1_XLyg-U5cOm7OX5VTq2FetXLy21Rm1ES_qvkuOujhg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1392765822%3A1711652770627518&theme=mn&ddm=0 HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-422156678&timestamp=1711652778098
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKJmEIrYNMyvdZoSqMiTebhW4lcpvlZ1_XLyg-U5cOm7OX5VTq2FetXLy21Rm1ES_qvkuOujhg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1392765822%3A1711652770627518&theme=mn&ddm=0 HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKJmEIrYNMyvdZoSqMiTebhW4lcpvlZ1_XLyg-U5cOm7OX5VTq2FetXLy21Rm1ES_qvkuOujhg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1392765822%3A1711652770627518&theme=mn&ddm=0 HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-422156678&timestamp=1711652778098
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKJmEIrYNMyvdZoSqMiTebhW4lcpvlZ1_XLyg-U5cOm7OX5VTq2FetXLy21Rm1ES_qvkuOujhg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1392765822%3A1711652770627518&theme=mn&ddm=0 HTTP Parser: Iframe src: /_/bscframe
HTML body contains password input but no form action
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKIuocJy9vCuaXZjqnZp-Rla20NkWAk2w_IuCWxTbox4wyWdR0ESkMZmyDuLe4ttEoiOPMsb_w&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-183574697%3A1711652770509580&theme=mn&ddm=0 HTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKJmEIrYNMyvdZoSqMiTebhW4lcpvlZ1_XLyg-U5cOm7OX5VTq2FetXLy21Rm1ES_qvkuOujhg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1392765822%3A1711652770627518&theme=mn&ddm=0 HTTP Parser: <input type="password" .../> found but no <form action="...
HTML title does not match URL
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKJmEIrYNMyvdZoSqMiTebhW4lcpvlZ1_XLyg-U5cOm7OX5VTq2FetXLy21Rm1ES_qvkuOujhg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1392765822%3A1711652770627518&theme=mn&ddm=0 HTTP Parser: Title: YouTube does not match URL
Source: https://www.facebook.com/video HTTP Parser: <input type="password" .../> found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKIuocJy9vCuaXZjqnZp-Rla20NkWAk2w_IuCWxTbox4wyWdR0ESkMZmyDuLe4ttEoiOPMsb_w&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-183574697%3A1711652770509580&theme=mn&ddm=0 HTTP Parser: <input type="password" .../> found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKJmEIrYNMyvdZoSqMiTebhW4lcpvlZ1_XLyg-U5cOm7OX5VTq2FetXLy21Rm1ES_qvkuOujhg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1392765822%3A1711652770627518&theme=mn&ddm=0 HTTP Parser: <input type="password" .../> found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKIuocJy9vCuaXZjqnZp-Rla20NkWAk2w_IuCWxTbox4wyWdR0ESkMZmyDuLe4ttEoiOPMsb_w&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-183574697%3A1711652770509580&theme=mn&ddm=0 HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKIuocJy9vCuaXZjqnZp-Rla20NkWAk2w_IuCWxTbox4wyWdR0ESkMZmyDuLe4ttEoiOPMsb_w&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-183574697%3A1711652770509580&theme=mn&ddm=0 HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKIuocJy9vCuaXZjqnZp-Rla20NkWAk2w_IuCWxTbox4wyWdR0ESkMZmyDuLe4ttEoiOPMsb_w&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-183574697%3A1711652770509580&theme=mn&ddm=0 HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKJmEIrYNMyvdZoSqMiTebhW4lcpvlZ1_XLyg-U5cOm7OX5VTq2FetXLy21Rm1ES_qvkuOujhg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1392765822%3A1711652770627518&theme=mn&ddm=0 HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKJmEIrYNMyvdZoSqMiTebhW4lcpvlZ1_XLyg-U5cOm7OX5VTq2FetXLy21Rm1ES_qvkuOujhg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1392765822%3A1711652770627518&theme=mn&ddm=0 HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKJmEIrYNMyvdZoSqMiTebhW4lcpvlZ1_XLyg-U5cOm7OX5VTq2FetXLy21Rm1ES_qvkuOujhg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1392765822%3A1711652770627518&theme=mn&ddm=0 HTTP Parser: No favicon
Source: https://www.facebook.com/video HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/video HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/video HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/video HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKIuocJy9vCuaXZjqnZp-Rla20NkWAk2w_IuCWxTbox4wyWdR0ESkMZmyDuLe4ttEoiOPMsb_w&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-183574697%3A1711652770509580&theme=mn&ddm=0 HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKIuocJy9vCuaXZjqnZp-Rla20NkWAk2w_IuCWxTbox4wyWdR0ESkMZmyDuLe4ttEoiOPMsb_w&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-183574697%3A1711652770509580&theme=mn&ddm=0 HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKIuocJy9vCuaXZjqnZp-Rla20NkWAk2w_IuCWxTbox4wyWdR0ESkMZmyDuLe4ttEoiOPMsb_w&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-183574697%3A1711652770509580&theme=mn&ddm=0 HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKJmEIrYNMyvdZoSqMiTebhW4lcpvlZ1_XLyg-U5cOm7OX5VTq2FetXLy21Rm1ES_qvkuOujhg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1392765822%3A1711652770627518&theme=mn&ddm=0 HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKJmEIrYNMyvdZoSqMiTebhW4lcpvlZ1_XLyg-U5cOm7OX5VTq2FetXLy21Rm1ES_qvkuOujhg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1392765822%3A1711652770627518&theme=mn&ddm=0 HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKJmEIrYNMyvdZoSqMiTebhW4lcpvlZ1_XLyg-U5cOm7OX5VTq2FetXLy21Rm1ES_qvkuOujhg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1392765822%3A1711652770627518&theme=mn&ddm=0 HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/video HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/video HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/video HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/video HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKIuocJy9vCuaXZjqnZp-Rla20NkWAk2w_IuCWxTbox4wyWdR0ESkMZmyDuLe4ttEoiOPMsb_w&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-183574697%3A1711652770509580&theme=mn&ddm=0 HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKIuocJy9vCuaXZjqnZp-Rla20NkWAk2w_IuCWxTbox4wyWdR0ESkMZmyDuLe4ttEoiOPMsb_w&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-183574697%3A1711652770509580&theme=mn&ddm=0 HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKIuocJy9vCuaXZjqnZp-Rla20NkWAk2w_IuCWxTbox4wyWdR0ESkMZmyDuLe4ttEoiOPMsb_w&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-183574697%3A1711652770509580&theme=mn&ddm=0 HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKJmEIrYNMyvdZoSqMiTebhW4lcpvlZ1_XLyg-U5cOm7OX5VTq2FetXLy21Rm1ES_qvkuOujhg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1392765822%3A1711652770627518&theme=mn&ddm=0 HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKJmEIrYNMyvdZoSqMiTebhW4lcpvlZ1_XLyg-U5cOm7OX5VTq2FetXLy21Rm1ES_qvkuOujhg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1392765822%3A1711652770627518&theme=mn&ddm=0 HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKJmEIrYNMyvdZoSqMiTebhW4lcpvlZ1_XLyg-U5cOm7OX5VTq2FetXLy21Rm1ES_qvkuOujhg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1392765822%3A1711652770627518&theme=mn&ddm=0 HTTP Parser: No <meta name="copyright".. found
Uses 32bit PE files
Source: JI3Rv58g76.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 23.41.168.93:443 -> 192.168.2.4:49850 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.41.168.93:443 -> 192.168.2.4:49857 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49907 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49929 version: TLS 1.2
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006A68EE FindFirstFileW,FindClose, 0_2_006A68EE
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006A698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, 0_2_006A698F
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0069D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_0069D076
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0069D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_0069D3A9
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006A9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_006A9642
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006A979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_006A979D
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006A9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, 0_2_006A9B2B
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0069DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, 0_2_0069DBBE
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006A5C97 FindFirstFileW,FindNextFileW,FindClose, 0_2_006A5C97
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006ACE44 InternetReadFile,SetEvent,GetLastError,SetEvent, 0_2_006ACE44
Source: global traffic HTTP traffic detected: GET /video HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /account HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yt/l/0,cross/uSn2aRZO8ux.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yH/r/xhAcgB6kDqz.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iBjC4/yu/l/en_US/9Uu2qzjxEL9pHmFPqa9OByCCDspOAEJbk9lIfxjJhRGBlhD6MxEsg9iDYvatkvPhoOZd63bruQ0lYo66RdpHoPFZVlerAV3bwZ87Zc-ipmmdxV9L9ibrPrIkyMLy5NIM9adk1Rdzuzi16ygjmkqQLpu-_MGc1wa-Oq19c8UFGgncWcrTOmPobANp9KHpDnYRWx5vjUkRtJTwzy8snYF7ZNFZkrWl_eJMlvvhSHqVjNQVlYqt0Sp55HfXW__mMgFRlCsGN0FHzi95_wmB-51YxoStyBz2gE2pEQn4HVER6y-GdB52bvQ0.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iY1_4/yx/l/en_US/hr4wnrnGRHO.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iQh04/yZ/l/en_US/4OfVhVda111.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3idBq4/yv/l/en_US/v-SWhfFgyNF.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iTzS4/yC/l/en_US/jnw4PWi0NlAqCL2r601ymJkZjfeudyFuJEVQFXOpV-_qpXFYHV90WF8xsw_y3zVOBS5r1v89-9txafWxL1rr0Obq.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3i4nn4/yl/l/en_US/IOrr8Repg2I.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3ijbW4/yI/l/en_US/UGBCn2NiNkW.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yP/r/nqzi0HDP8Ry.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iZrM4/yc/l/en_US/0UUnBxXKBLzHZzYOywhSQryR0G3eX_GKmiWzguwnBmmPh9He6bSzT-PbFPu4Fv63rjHH6_9I7VzobEMDb4Q19xfas8XP9i4W3Y8pMvxMG_o0wGny8VebOOE-4HZH2fPczjodmM84SfiWlvqY3LVicV7Q8jYmyCqUFlTEFAg6yhFB7q7e.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3ifWF4/y9/l/en_US/8vog5P6fr2w.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iioC4/yw/l/en_US/pnJHkiZvaB5.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yS/r/YOJay7eN_PK.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yU/r/Gr1iFzLjuib.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/430970856_331678446558988_1462749360539672140_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=QWK2ESLKuj4AX_cJh7C&_nc_ht=scontent-lga3-2.xx&oh=00_AfAs4WoEPysc8_mRJH2bbJw6RfS2o3Kvd5-ioOc4tuPMpQ&oe=6609C887 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/422020184_881062810463376_3471601854030233187_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=spMqgmKdPvsAX-brW05&_nc_ht=scontent-lga3-2.xx&oh=00_AfD8xOKkOwKqF5XL0G8eUhYfqJNKsO3YHw8MKYo_7vG3vQ&oe=660A6C0F HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/432876663_934652351673809_5361458748257372154_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=vzrWLk-oeKAAX8zMSeK&_nc_ht=scontent-lga3-2.xx&oh=00_AfD2wOtLRTPuoG6hdjPBSCko2YaizyptWNnJp-8jirSE9w&oe=660B0FF2 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/432429050_1399404767363023_4440886140724773228_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=LVzP2PXcfjUAX_9x9-8&_nc_ht=scontent-lga3-2.xx&oh=00_AfDGCmD9mCzgyIv9jYbvKXVBHEVcAiPKtlWhiX-WDV2CFg&oe=660A0AB2 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/433339709_2523901647788735_6993229466412260938_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=v5nEIX6XKngAX-vCjKA&_nc_ht=scontent-lga3-2.xx&oh=00_AfCIlfoMX4FfaPy1iZwoWAbAAtudK2mx8UBpUaMgY9Z98w&oe=660A4383 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/430597876_736827948519071_8494938187567979547_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=w7CNIrf36ckAX8Npy8m&_nc_ht=scontent-lga3-2.xx&oh=00_AfCBblQtGV-FEe86BDtBjzDp_vtHbIWqbFFR927aSMo7yQ&oe=660B126D HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iNTg4/yQ/l/en_US/lCUnpCreVAL.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/y2/r/2UXBRrhCqJH.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t51.29350-10/434531290_716571817053734_2744064682005498208_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=XEPWGA-YjJgAX9KdlWl&_nc_ht=scontent-lga3-2.xx&oh=00_AfDvZi-4Z2LxMlzLOB5RwYUKy9TSVDvyW6A1MetKf84FFA&oe=6609D288 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/429872046_913521453854205_2559138308627109769_n.jpg?stp=dst-jpg_p370x247&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=bVe0bk5aNLIAX_VQDq1&_nc_ht=scontent-lga3-2.xx&oh=00_AfCUhJdPxdc1CP2UTC5JKJdkITq6XJ311ArtJsP4XYPfNQ&oe=660A349D HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t51.29350-10/427572185_312097688086382_4477104599171447976_n.jpg?stp=dst-jpg_p206x206&_nc_cat=100&ccb=1-7&_nc_sid=5f2048&_nc_ohc=hFgHZ5suS5EAX_5CsEj&_nc_ht=scontent-lga3-2.xx&oh=00_AfBn5lXBFcY5DsNgmlItA6DelkIrSph6WootA6Tt--Z4rQ&oe=660B19A0 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /hads-ak-prn2/1487645_6012475414660_1439393861_n.png HTTP/1.1Host: scontent.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/434191627_10168512814900504_883876520354233956_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=51-qX5zvjVMAX9CI3oS&_nc_ht=scontent-lga3-2.xx&oh=00_AfB3qFzx0z1X5x9MpYy7bNDyeHzGflfjlTQ_uNQ4x9XLwg&oe=660AC6BE HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/430619290_7430917230292290_4506400359726168837_n.jpg?stp=cp6_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=9ObXNmfieXgAX_ZJIGM&_nc_ht=scontent-lga3-2.xx&oh=00_AfAHYUvp3rqu8WDmEqP5rCihjgNjprCdKkIBwr9ETYlOXA&oe=660A27F7 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yb/r/7NqDjYL3eb9.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/431341873_364445046553921_3968847851229451111_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=auM5n4i72gkAX9Pwxr-&_nc_ht=scontent-lga3-2.xx&oh=00_AfCBJa93r8AgBrA3PZUHOy7usL36LveLxOUs_0ogttYq_Q&oe=660A9180 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/431095440_785215223111042_6790815809198763884_n.jpg?stp=dst-jpg_p206x206&_nc_cat=103&ccb=1-7&_nc_sid=5f2048&_nc_ohc=Mzrb63gyqMUAX8sj4xW&_nc_ht=scontent-lga3-1.xx&oh=00_AfAO4NhwqaaUlIB_mWYQDRDQeWmd-ZZY2Fw5ojca2AZ1hg&oe=660B93DE HTTP/1.1Host: scontent-lga3-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/433671510_916405506834087_3905724146057868703_n.jpg?stp=dst-jpg_p206x206&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=nG3nKZkXKiwAX_kxQPc&_nc_ht=scontent-lga3-1.xx&oh=00_AfBwLYKtX0_jIuJpbKb5tjITEEpnppNy4-WpiXV-VvVzJg&oe=660B0563 HTTP/1.1Host: scontent-lga3-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3it4v4/ya/l/en_US/c6X24_t9bV6.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3ieKI4/yR/l/en_US/X-4pD-JMb7T.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yY/r/YT7n1sgH1lv.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yO/r/q8Uic1K195T.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yx/r/CSZ_x_QuIAx.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yS/r/YOJay7eN_PK.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/430597876_736827948519071_8494938187567979547_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=w7CNIrf36ckAX8Npy8m&_nc_ht=scontent-lga3-2.xx&oh=00_AfCBblQtGV-FEe86BDtBjzDp_vtHbIWqbFFR927aSMo7yQ&oe=660B126D HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/422020184_881062810463376_3471601854030233187_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=spMqgmKdPvsAX-brW05&_nc_ht=scontent-lga3-2.xx&oh=00_AfD8xOKkOwKqF5XL0G8eUhYfqJNKsO3YHw8MKYo_7vG3vQ&oe=660A6C0F HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/y2/r/2UXBRrhCqJH.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_l=0; ps_n=0
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/429226384_800219538822157_6664087838727453891_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=WasqvFZSzCMAX_yK8AA&_nc_oc=Adgnl7z1UWqR0yJ56bkGBxut_9Nx1b-cyOOkg_wC1jOkX4S-d739IaD5huGatljRadU&_nc_ht=scontent-lga3-2.xx&oh=00_AfA47l8EeL9acL5DV0VMl9Yo9i2D7enXidlMT-Y_Y1Ey-w&oe=660A7D89 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/430970856_331678446558988_1462749360539672140_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=QWK2ESLKuj4AX_cJh7C&_nc_ht=scontent-lga3-2.xx&oh=00_AfAs4WoEPysc8_mRJH2bbJw6RfS2o3Kvd5-ioOc4tuPMpQ&oe=6609C887 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/433339709_2523901647788735_6993229466412260938_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=v5nEIX6XKngAX-vCjKA&_nc_ht=scontent-lga3-2.xx&oh=00_AfCIlfoMX4FfaPy1iZwoWAbAAtudK2mx8UBpUaMgY9Z98w&oe=660A4383 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/432429050_1399404767363023_4440886140724773228_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=LVzP2PXcfjUAX_9x9-8&_nc_ht=scontent-lga3-2.xx&oh=00_AfDGCmD9mCzgyIv9jYbvKXVBHEVcAiPKtlWhiX-WDV2CFg&oe=660A0AB2 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/398021402_288073914198331_8114853194744639947_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=yZNnneb6a2gAX9fwmD9&_nc_ht=scontent-lga3-2.xx&oh=00_AfD0rzyDXTPKnpYOj7kle33M1y7-sHvLgzWWXIvS7ey6VQ&oe=660A2333 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/305039035_126456863482221_7637771635799875508_n.jpg?stp=c13.0.50.50a_cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=X2KNjylRF1IAX-u_W_C&_nc_ht=scontent-lga3-2.xx&oh=00_AfBHltmIVW1mlsGB1pUujiE_K4CjqrszVl3yd_IW7lprWA&oe=6609FB3A HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/432876663_934652351673809_5361458748257372154_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=vzrWLk-oeKAAX8zMSeK&_nc_ht=scontent-lga3-2.xx&oh=00_AfD2wOtLRTPuoG6hdjPBSCko2YaizyptWNnJp-8jirSE9w&oe=660B0FF2 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t1.6435-1/170258915_324019955749847_2023233154047754687_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=DAOthQOhxLQAX_AHjlQ&_nc_ht=scontent-lga3-2.xx&oh=00_AfAxLzMiupteV6qQMUzNm0Hj5Lk3lsq2Khzqhiz2pk3xOg&oe=662D3AE8 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/430970856_331678446558988_1462749360539672140_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=QWK2ESLKuj4AX_cJh7C&_nc_ht=scontent-lga3-2.xx&oh=00_AfDw2c3FnjTfeR6iM4EHE_tpjs5XiKC-g4FIR95CyOdh4Q&oe=6609C887 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/293474113_588444525983578_3802416932064405200_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=eFb7h36WtEQAX89gKoc&_nc_ht=scontent-lga3-2.xx&oh=00_AfCu-JtT9gPo-19367-klyv5R988tZq1x4dedpC_mEPGGw&oe=660B599A HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yb/r/7NqDjYL3eb9.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yO/r/q8Uic1K195T.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /hads-ak-prn2/1487645_6012475414660_1439393861_n.png HTTP/1.1Host: scontent.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/431095440_785215223111042_6790815809198763884_n.jpg?stp=dst-jpg_p206x206&_nc_cat=103&ccb=1-7&_nc_sid=5f2048&_nc_ohc=Mzrb63gyqMUAX8sj4xW&_nc_ht=scontent-lga3-1.xx&oh=00_AfAO4NhwqaaUlIB_mWYQDRDQeWmd-ZZY2Fw5ojca2AZ1hg&oe=660B93DE HTTP/1.1Host: scontent-lga3-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/433671510_916405506834087_3905724146057868703_n.jpg?stp=dst-jpg_p206x206&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=nG3nKZkXKiwAX_kxQPc&_nc_ht=scontent-lga3-1.xx&oh=00_AfBwLYKtX0_jIuJpbKb5tjITEEpnppNy4-WpiXV-VvVzJg&oe=660B0563 HTTP/1.1Host: scontent-lga3-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/402897250_657373783216841_8536430327970339612_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=jnUhgR33UywAX-YBD7H&_nc_ht=scontent-lga3-2.xx&oh=00_AfAFj5hqM6w5vyMXLbWgcqkzOCnYYCvbtGdAx0hq_LGRiA&oe=660A0E82 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/430222019_385989997554730_1938802334542240222_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=4sQCI3VgjWkAX8CNQN-&_nc_ht=scontent-lga3-2.xx&oh=00_AfAZeYALBJP47oUL2UjngG3pv2ETUbIQojWeAAFhBmdT2g&oe=660AD01C HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_l=0; ps_n=0
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/434191627_10168512814900504_883876520354233956_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=51-qX5zvjVMAX9CI3oS&_nc_ht=scontent-lga3-2.xx&oh=00_AfB3qFzx0z1X5x9MpYy7bNDyeHzGflfjlTQ_uNQ4x9XLwg&oe=660AC6BE HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t51.29350-10/427572185_312097688086382_4477104599171447976_n.jpg?stp=dst-jpg_p206x206&_nc_cat=100&ccb=1-7&_nc_sid=5f2048&_nc_ohc=hFgHZ5suS5EAX_5CsEj&_nc_ht=scontent-lga3-2.xx&oh=00_AfBn5lXBFcY5DsNgmlItA6DelkIrSph6WootA6Tt--Z4rQ&oe=660B19A0 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/430619290_7430917230292290_4506400359726168837_n.jpg?stp=cp6_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=9ObXNmfieXgAX_ZJIGM&_nc_ht=scontent-lga3-2.xx&oh=00_AfAHYUvp3rqu8WDmEqP5rCihjgNjprCdKkIBwr9ETYlOXA&oe=660A27F7 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/431341873_364445046553921_3968847851229451111_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=auM5n4i72gkAX9Pwxr-&_nc_ht=scontent-lga3-2.xx&oh=00_AfCBJa93r8AgBrA3PZUHOy7usL36LveLxOUs_0ogttYq_Q&oe=660A9180 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t51.29350-10/434531290_716571817053734_2744064682005498208_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=XEPWGA-YjJgAX9KdlWl&_nc_ht=scontent-lga3-2.xx&oh=00_AfDvZi-4Z2LxMlzLOB5RwYUKy9TSVDvyW6A1MetKf84FFA&oe=6609D288 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/429872046_913521453854205_2559138308627109769_n.jpg?stp=dst-jpg_p370x247&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=bVe0bk5aNLIAX_VQDq1&_nc_ht=scontent-lga3-2.xx&oh=00_AfCUhJdPxdc1CP2UTC5JKJdkITq6XJ311ArtJsP4XYPfNQ&oe=660A349D HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/305039035_126456863482221_7637771635799875508_n.jpg?stp=c13.0.50.50a_cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=X2KNjylRF1IAX-u_W_C&_nc_ht=scontent-lga3-2.xx&oh=00_AfBHltmIVW1mlsGB1pUujiE_K4CjqrszVl3yd_IW7lprWA&oe=6609FB3A HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /data/manifest/ HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36viewport-width: 1280sec-ch-ua-platform-version: "10.0.0"dpr: 1sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://www.facebook.com/videoAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_l=0; ps_n=0; fr=0o8AOsj9KjMAh385p..BmBb-k..AAA.0.0.BmBb-k.AWWDmHZ99Do; wd=1280x907; _js_datr=ob8FZiq_jM-o6KibYedtsiAS
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/398021402_288073914198331_8114853194744639947_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=yZNnneb6a2gAX9fwmD9&_nc_ht=scontent-lga3-2.xx&oh=00_AfD0rzyDXTPKnpYOj7kle33M1y7-sHvLgzWWXIvS7ey6VQ&oe=660A2333 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_l=0; ps_n=0
Source: global traffic HTTP traffic detected: GET /rsrc.php/yT/r/aGT3gskzWBf.ico HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t1.6435-1/170258915_324019955749847_2023233154047754687_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=DAOthQOhxLQAX_AHjlQ&_nc_ht=scontent-lga3-2.xx&oh=00_AfAxLzMiupteV6qQMUzNm0Hj5Lk3lsq2Khzqhiz2pk3xOg&oe=662D3AE8 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/429226384_800219538822157_6664087838727453891_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=WasqvFZSzCMAX_yK8AA&_nc_oc=Adgnl7z1UWqR0yJ56bkGBxut_9Nx1b-cyOOkg_wC1jOkX4S-d739IaD5huGatljRadU&_nc_ht=scontent-lga3-2.xx&oh=00_AfA47l8EeL9acL5DV0VMl9Yo9i2D7enXidlMT-Y_Y1Ey-w&oe=660A7D89 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/430970856_331678446558988_1462749360539672140_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=QWK2ESLKuj4AX_cJh7C&_nc_ht=scontent-lga3-2.xx&oh=00_AfDw2c3FnjTfeR6iM4EHE_tpjs5XiKC-g4FIR95CyOdh4Q&oe=6609C887 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/293474113_588444525983578_3802416932064405200_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=eFb7h36WtEQAX89gKoc&_nc_ht=scontent-lga3-2.xx&oh=00_AfCu-JtT9gPo-19367-klyv5R988tZq1x4dedpC_mEPGGw&oe=660B599A HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19810.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7351492666381830667&__req=9&__rev=1012382939&__s=myfl6d%3A2kawfo%3Almpu3z&__spin_b=trunk&__spin_r=1012382939&__spin_t=1711652769&__user=0&dpr=1&jazoest=2949&lsd=AVo7yTty41Y&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_l=0; ps_n=0; wd=1280x907; _js_datr=ob8FZiq_jM-o6KibYedtsiAS; fr=0xikJoozoLLi0vyCq..BmBb-l..AAA.0.0.BmBb-l.AWX9UMxHh9U
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19810.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7351492666381830667&__req=8&__rev=1012382939&__s=myfl6d%3A2kawfo%3Almpu3z&__spin_b=trunk&__spin_r=1012382939&__spin_t=1711652769&__user=0&dpr=1&jazoest=2949&lsd=AVo7yTty41Y&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_l=0; ps_n=0; wd=1280x907; _js_datr=ob8FZiq_jM-o6KibYedtsiAS; fr=0xikJoozoLLi0vyCq..BmBb-l..AAA.0.0.BmBb-l.AWX9UMxHh9U
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/402897250_657373783216841_8536430327970339612_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=jnUhgR33UywAX-YBD7H&_nc_ht=scontent-lga3-2.xx&oh=00_AfAFj5hqM6w5vyMXLbWgcqkzOCnYYCvbtGdAx0hq_LGRiA&oe=660A0E82 HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/430222019_385989997554730_1938802334542240222_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=4sQCI3VgjWkAX8CNQN-&_nc_ht=scontent-lga3-2.xx&oh=00_AfAZeYALBJP47oUL2UjngG3pv2ETUbIQojWeAAFhBmdT2g&oe=660AD01C HTTP/1.1Host: scontent-lga3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/y0/r/eFZD1KABzRA.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_l=0; ps_n=0
Source: global traffic HTTP traffic detected: GET /rsrc.php/yT/r/aGT3gskzWBf.ico HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/y0/r/eFZD1KABzRA.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_l=0; ps_n=0
Source: global traffic HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_l=0; ps_n=0
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_l=0; ps_n=0; fr=0o8AOsj9KjMAh385p..BmBb-k..AAA.0.0.BmBb-k.AWWDmHZ99Do
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19810.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7351492666381830667&__req=a&__rev=1012382939&__s=myfl6d%3A2kawfo%3Almpu3z&__spin_b=trunk&__spin_r=1012382939&__spin_t=1711652769&__user=0&dpr=1&jazoest=2949&lsd=AVo7yTty41Y&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_l=0; ps_n=0; wd=1280x907; datr=ob8FZiq_jM-o6KibYedtsiAS; fr=0iS7p08UF5w5kMSRZ..BmBb-n..AAA.0.0.BmBb-n.AWUqTB_ez-s
Source: global traffic HTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1610832587&timestamp=1711652776511 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: YSC=NuRD_3IiF-I; VISITOR_INFO1_LIVE=6xHVq1eL2aw; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgVw%3D%3D
Source: global traffic HTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-422156678&timestamp=1711652778098 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: YSC=NuRD_3IiF-I; VISITOR_INFO1_LIVE=6xHVq1eL2aw; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgVw%3D%3D
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=512=D_2ILC4mrwtYqqlSmTjonkiSCFaBRv8iMipm7UgSFeZtkVN-wIOnyAYx5N0CxnVi8scoPWm45m3mbXP6ashEd5gbOirQHyc0V2mrvsKe17Hu86CsrbuTFk5uX0baFSZDVkfs-jpLkQtKKWqXk-4LJxiEPbNfuYCUqkAB39ZrGzFr0Mvzhtxhl6k
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=512=D_2ILC4mrwtYqqlSmTjonkiSCFaBRv8iMipm7UgSFeZtkVN-wIOnyAYx5N0CxnVi8scoPWm45m3mbXP6ashEd5gbOirQHyc0V2mrvsKe17Hu86CsrbuTFk5uX0baFSZDVkfs-jpLkQtKKWqXk-4LJxiEPbNfuYCUqkAB39ZrGzFr0Mvzhtxhl6k
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=NFyc7LPZOlLCs3w&MD=1lrfV2vw HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19810.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7351492666381830667&__req=e&__rev=1012382939&__s=myfl6d%3A2kawfo%3Almpu3z&__spin_b=trunk&__spin_r=1012382939&__spin_t=1711652769&__user=0&dpr=1&jazoest=2949&lsd=AVo7yTty41Y&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_l=0; ps_n=0; wd=1280x907; datr=ob8FZiq_jM-o6KibYedtsiAS; fr=0o8AOsj9KjMAh385p..BmBb-k..AAA.0.0.BmBb-o.AWV0GrQdRCY
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=NFyc7LPZOlLCs3w&MD=1lrfV2vw HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19810.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7351492666381830667&__req=f&__rev=1012382939&__s=myfl6d%3A2kawfo%3Almpu3z&__spin_b=trunk&__spin_r=1012382939&__spin_t=1711652769&__user=0&dpr=1&jazoest=2949&lsd=AVo7yTty41Y&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_l=0; ps_n=0; wd=1280x907; datr=ob8FZiq_jM-o6KibYedtsiAS; fr=0o8AOsj9KjMAh385p..BmBb-k..AAA.0.0.BmBb-o.AWV0GrQdRCY
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19810.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7351492666381830667&__req=g&__rev=1012382939&__s=myfl6d%3A2kawfo%3Almpu3z&__spin_b=trunk&__spin_r=1012382939&__spin_t=1711652769&__user=0&dpr=1&jazoest=2949&lsd=AVo7yTty41Y&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_l=0; ps_n=0; wd=1280x907; datr=ob8FZiq_jM-o6KibYedtsiAS; fr=0o8AOsj9KjMAh385p..BmBb-k..AAA.0.0.BmBb-o.AWV0GrQdRCY
Source: chromecache_212.5.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/A4tfXiHOGrs/ equals www.facebook.com (Facebook)
Source: chromecache_144.5.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/CCT5pM3qiNk/ equals www.facebook.com (Facebook)
Source: chromecache_212.5.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/Ga6vBwdwgUx/ equals www.facebook.com (Facebook)
Source: chromecache_152.5.dr, chromecache_144.5.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/MDzNl_j9yvg/ equals www.facebook.com (Facebook)
Source: chromecache_130.5.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/OKBVmODmb-W/ equals www.facebook.com (Facebook)
Source: chromecache_144.5.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/V9vdYColc4k/ equals www.facebook.com (Facebook)
Source: chromecache_144.5.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/WRsJ32R7YJG/ equals www.facebook.com (Facebook)
Source: chromecache_144.5.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/aJoeSHn7XcN/ equals www.facebook.com (Facebook)
Source: chromecache_152.5.dr, chromecache_144.5.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/t3hOLs8wlXy/ equals www.facebook.com (Facebook)
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: >https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: chromecache_170.5.dr String found in binary or memory: _.Yw(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.Yw(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.Yw(_.gx(c))+"&hl="+_.Yw(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.Yw(m)+"/chromebook/termsofservice.html?languageCode="+_.Yw(d)+"&regionCode="+_.Yw(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded":"")+"?hl="+_.Yw(d)+"&gl="+_.Yw(c)+(h?"&color_scheme="+ equals www.youtube.com (Youtube)
Source: chromecache_198.5.dr String found in binary or memory: __d("Chromedome",["fbt"],(function(a,b,c,d,e,f,g,h){function i(){if(document.domain==null)return null;var a=document.domain,b=/^intern\./.test(a);if(b)return null;b=/(^|\.)facebook\.(com|sg)$/.test(a);if(b)return"facebook";b=/(^|\.)instagram\.com$/.test(a);if(b)return"instagram";b=/(^|\.)threads\.net$/.test(a);if(b)return"threads";b=/(^|\.)messenger\.com$/.test(a);return b?"messenger":null}function j(a){if(a==="instagram")return h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable an Instagram feature or \"hack\" someone's account, it is a scam and will give them access to your Instagram account.");return a==="threads"?h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable a Threads feature or \"hack\" someone's account, it is a scam and will give them access to your Threads account."):h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable a Facebook feature or \"hack\" someone's account, it is a scam and will give them access to your Facebook account.")}function a(a){if(top!==window)return;a=i();if(a==null)return;var b=h._("Stop!");a=j(a);var c=h._("See {url} for more information.",[h._param("url","https://www.facebook.com/selfxss")]);if(window.chrome||window.safari){var d="font-family:helvetica; font-size:20px; ";[[b,d+"font-size:50px; font-weight:bold; color:red; -webkit-text-stroke:1px black;"],[a,d],[c,d],["",""]].map(function(a){window.setTimeout(console.log.bind(console,"\n%c"+a[0].toString(),a[1]))})}else{b=[""," .d8888b. 888 888","d88P Y88b 888 888","Y88b. 888 888",' "Y888b. 888888 .d88b. 88888b. 888',' "Y88b. 888 d88""88b 888 "88b 888',' "888 888 888 888 888 888 Y8P',"Y88b d88P Y88b. Y88..88P 888 d88P",' "Y8888P" "Y888 "Y88P" 88888P" 888'," 888"," 888"," 888"];d=(""+a.toString()).match(/.{35}.+?\s+|.+$/g);if(d!=null){a=Math.floor(Math.max(0,(b.length-d.length)/2));for(var e=0;e<b.length||e<d.length;e++){var f=b[e];b[e]=f+new Array(45-f.length).join(" ")+(d[e-a]||"")}}console.log("\n\n\n"+b.join("\n")+"\n\n"+c.toString()+"\n");return}}g.start=a}),98); equals www.facebook.com (Facebook)
Source: chromecache_130.5.dr String found in binary or memory: __d("CometCookieConsent2023Q1OtherCompanies.react",["CometCookieConsentModalStringsUpdated","CometCookieConsentSectionAccordion.react","CometCookieConsentUtils.react","CometListCellText.react","TetraText.react","react"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||d("react");function a(){return i.jsxs("div",{className:"x1nb4dca x1q0q8m5 xso031l xx6bls6",children:[i.jsx("div",{className:"x9orja2",children:i.jsx(c("TetraText.react"),{type:"headlineEmphasized2",children:d("CometCookieConsentModalStringsUpdated").COOKIES_FROM_OTHER_COMPANIES_SECTION_HEADER})}),i.jsx("div",{className:"x1cnzs8",children:i.jsx(c("TetraText.react"),{type:"body3",children:d("CometCookieConsentModalStringsUpdated").getCookiesFromOtherCompaniesSubHeader(p)})}),i.jsx("div",{className:"x1cnzs8",children:i.jsx(c("CometCookieConsentSectionAccordion.react"),{content:k,sectionTitle:j})}),i.jsx("div",{children:i.jsx(c("CometCookieConsentSectionAccordion.react"),{content:m,sectionTitle:l})}),i.jsx("div",{children:i.jsx(c("CometCookieConsentSectionAccordion.react"),{content:o,sectionTitle:n})})]})}a.displayName=a.name+" [from "+f.id+"]";var j=i.jsx(c("CometListCellText.react"),{headline:i.jsx(c("TetraText.react"),{type:"headlineEmphasized3",children:d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES})}),k=i.jsxs("div",{style:{marginLeft:10},children:[i.jsx("div",{style:{paddingBottom:10,paddingTop:10},children:i.jsx(c("TetraText.react"),{type:"body3",children:d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES_INTRO})}),i.jsx(d("CometCookieConsentUtils.react").CometConsentListBullets,{list:[d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES_ITEM_1,d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES_ITEM_2,d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES_ITEM_3]})]}),l=i.jsx(c("CometListCellText.react"),{headline:i.jsx(c("TetraText.react"),{type:"headlineEmphasized3",children:d("CometCookieConsentModalStringsUpdated").IF_ALLOW_THESE_COOKIES})}),m=i.jsx("div",{style:{marginLeft:10},children:i.jsx(d("CometCookieConsentUtils.react").CometConsentListBullets,{list:[d("CometCookieConsentModalStringsUpdated").IF_ALLOW_THESE_COOKIES_ITEM_1,d("CometCookieConsentModalStringsUpdated").IF_ALLOW_THESE_COOKIES_ITEM_2,d("CometCookieConsentModalStringsUpdated").IF_ALLOW_THESE_COOKIES_ITEM_3]})}),n=i.jsx(c("CometListCellText.react"),{headline:i.jsx(c("TetraText.react"),{type:"headlineEmphasized3",children:d("CometCookieConsentModalStringsUpdated").IF_DONT_ALLOW_THESE_COOKIES})}),o=i.jsx("div",{style:{marginLeft:10},children:i.jsx(d("CometCookieConsentUtils.react").CometConsentListBullets,{list:[d("CometCookieConsentModalStringsUpdated").IF_DONT_ALLOW_THESE_COOKIES_ITEM_1,d("CometCookieConsentModalStringsUpdated").IF_DONT_ALLOW_THESE_COOKIES_ITEM_2]})}),p="https://www.facebook.com/privacy/policies/cookies/?annotations[0]=explanation%2F3_companies_list";g.CometCookieConsent2023Q1OtherCompanies=a}),98); equals www.f
Source: chromecache_144.5.dr String found in binary or memory: __d("CometLegalFooter.react",["fbt","ix","BaseMiddot.react","CometErrorBoundary.react","CometLazyPopoverTrigger.react","CometLink.react","CometPressable.react","FBCookieSettingsLoggedOutConfig","JSResourceForInteraction","ServerTime","TetraIcon.react","TetraText.react","XHealthPolicyCometControllerRouteBuilder","XPrivacyPolicyCometControllerRouteBuilder","fbicon","gkx","react","useCurrentRoute"],(function(a,b,c,d,e,f,g,h,i){"use strict";var j,k=j||d("react"),l=c("JSResourceForInteraction")("CometLegalFooterMoreMenu.react").__setRef("CometLegalFooter.react");function m(){try{var a;return(a=new Date(d("ServerTime").getMillis()))==null?void 0:a.getFullYear()}catch(a){return null}}function a(a){var b=a.isHelpCenter;b=b===void 0?!1:b;var e=a.isPage;e=e===void 0?!1:e;var f=a.onClick;a=d("FBCookieSettingsLoggedOutConfig").should_show_cookie_settings;var g=c("useCurrentRoute")(),j=m(),n=c("XPrivacyPolicyCometControllerRouteBuilder").buildUri({entry_point:"comet_dropdown"}),o=c("XHealthPolicyCometControllerRouteBuilder").buildUri({});e=[{href:"https://www.facebook.com/legal/terms/information_about_page_insights_data",label:h._("Information about Page Insights Data"),render:e&&c("gkx")("22806")},{href:n.toString(),label:h._("Privacy"),testid:"CometDropdownPrivacy"},{href:o.toString(),label:h._("Consumer Health Privacy"),render:c("gkx")("2828"),testid:"CometDropdownHealthPrivacy"},{href:"/terms?ref=pf",label:"Impressum/Terms/NetzDG/UrhDaG",render:c("gkx")("22807")&&!c("gkx")("22808")},{href:"/terms?ref=pf",label:h._("Imprint\/Terms"),render:c("gkx")("22808")},{href:"/legal/germany/",label:"UrhDaG/MStV",render:c("gkx")("22808")},{href:"/policies?ref=pf",label:h._("Terms"),render:!c("gkx")("22807")&&!c("gkx")("22808"),testid:"CometDropdownTerms"},{href:"/business/",label:h._("Advertising")},{href:"/help/568137493302217",label:k.jsxs(k.Fragment,{children:[h._("Ad Choices")," ",k.jsx(c("CometErrorBoundary.react"),{children:k.jsx("span",{className:"x1n2onr6 x1qiirwl",children:k.jsx(c("TetraIcon.react"),{color:"secondary",icon:d("fbicon")._(i("871692"),12)})})})]})},{href:"/policies/cookies/",label:h._("Cookies"),testid:"CometDropdownCookies"},{href:"/privacy/cookie_settings/",label:h._("Cookie Settings"),render:a}].filter(function(a){return a.render==null||a.render===!0});var p=[];if((g==null?void 0:(n=g.rootView.props)==null?void 0:n.seoCrawlingPool)&&(g==null?void 0:(o=g.rootView.props)==null?void 0:o.seoCrawlingPool.url)){Array.from(Array((g==null?void 0:(a=g.rootView.props)==null?void 0:a.seoCrawlingPool.multiple_links)||0)).forEach(function(a,b){p.push(k.jsxs("li",{className:"xt0psk2",children:[k.jsx(c("CometLink.react"),{color:"secondary",href:g==null?void 0:(a=g.rootView.props)==null?void 0:a.seoCrawlingPool.url,onClick:f,weight:"normal",children:g==null?void 0:(a=g.rootView.props)==null?void 0:a.seoCrawlingPool.link_string}),k.jsx(c("BaseMiddot.react"),{})]},b))})}if((g==null?void 0:(n=g.rootView.props)==null?void 0:n.seoGrowthAutomationCrawlingPool)&&(g
Source: chromecache_189.5.dr String found in binary or memory: __d("FBReelsURLUtils",["ConstUriUtils","XCometFBReelControllerRouteBuilder","gkx"],(function(a,b,c,d,e,f,g){"use strict";function h(a,b,d,e,f,g){b=(b=b)!=null?b:"UNKNOWN";var h="group_other",i=void 0;if(Boolean(e)){switch(d){case"group":case"group_mall":h="group";i=f==null?void 0:f;break;case"groups_tab":h="groups_tab";break;default:break}b=h}e={group_id:i,s:b,stack_idx:g==null?void 0:g,video_id:a==null?void 0:a};return c("XCometFBReelControllerRouteBuilder").buildURL(e)}function a(a,b,c,e,f,g){a=h(a,b,c,e,f,g);if(i()){f=(b=d("ConstUriUtils").getUri(a))==null?void 0:(c=b.getQualifiedUri())==null?void 0:(e=c.setDomain("www.facebook.com"))==null?void 0:e.toString();if(f!=null)return f}return a}function b(a){return["fb_shorts_video_deep_dive","fb_shorts_profile_video_deep_dive"].includes(a)}function i(){return c("gkx")("22564")||c("gkx")("24206")}g.getReelsURL=h;g.getReelsAbsoluteURL=a;g.isReelsRenderLocationVDD=b;g.isBizSurface=i}),98); equals www.facebook.com (Facebook)
Source: chromecache_144.5.dr String found in binary or memory: __d("FacebookCookieConsentCustomization",["fbt","ix","JSResourceForInteraction","XCookiesPolicyControllerRouteBuilder","isBaseline4EnabledForLoggedOut","isCNILEnabledForLoggedOut","lazyLoadComponent"],(function(a,b,c,d,e,f,g,h,i){"use strict";var j=c("lazyLoadComponent")(c("JSResourceForInteraction")("FacebookCometCookieConsentDialogDataSettings.react").__setRef("FacebookCookieConsentCustomization"));a=function(){var a,b,d,e=null;c("isBaseline4EnabledForLoggedOut")()||c("isCNILEnabledForLoggedOut")()?(b=i("1954651"),d=i("1954649"),e=h._("More options")):(b=i("856481"),d=i("856481"),e=h._("Manage Data Settings"));a=(a=(a=c("XCookiesPolicyControllerRouteBuilder").buildUri({}).getQualifiedUri())==null?void 0:(a=a.setDomain("www.facebook.com"))==null?void 0:a.toString())!=null?a:"";return{essentialCookiesOnly:!1,faviconDark:d,faviconLight:b,policyUrl:a,productName:"FACEBOOK",secondaryAction:{label:e,viewReference:j}}};b=a;g["default"]=b}),98); equals www.facebook.com (Facebook)
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: aps://www.youtube.com/account equals www.youtube.com (Youtube)
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.facebook.com/video equals www.facebook.com (Facebook)
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.facebook.com/video| equals www.facebook.com (Facebook)
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FCE000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FCE000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/accountA1 equals www.youtube.com (Youtube)
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/accounts equals www.youtube.com (Youtube)
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FCE000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FCE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/accountu equals www.youtube.com (Youtube)
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: us://www.youtube.com/account equals www.youtube.com (Youtube)
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: www.facebook.com?Q equals www.facebook.com (Facebook)
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: www.facebook.com]Ql equals www.facebook.com (Facebook)
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: www.youtube.comn equals www.youtube.com (Youtube)
Source: unknown DNS traffic detected: queries for: www.youtube.com
Source: unknown HTTP traffic detected: POST /ajax/qm/?__a=1&__user=0&__comet_req=15&jazoest=2949 HTTP/1.1Host: www.facebook.comConnection: keep-aliveContent-Length: 124sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36viewport-width: 1280Content-Type: application/x-www-form-urlencodedsec-ch-ua-platform-version: "10.0.0"dpr: 1sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/videoAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0o8AOsj9KjMAh385p..BmBb-k..AAA.0.0.BmBb-k.AWWDmHZ99Do; expires=Wed, 26-Jun-2024 19:06:12 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0xikJoozoLLi0vyCq..BmBb-l..AAA.0.0.BmBb-l.AWX9UMxHh9U; expires=Wed, 26-Jun-2024 19:06:13 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0aQ1PlOXZNg5nuW4j..BmBb-l..AAA.0.0.BmBb-l.AWWNBLhc8eU; expires=Wed, 26-Jun-2024 19:06:13 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0SBBxpY3PuxriWiAU..BmBb-m..AAA.0.0.BmBb-m.AWUqCXT7vvA; expires=Wed, 26-Jun-2024 19:06:14 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=08LLocm4Ta1BRHdSL..BmBb-n..AAA.0.0.BmBb-n.AWXsW7UO8Oc; expires=Wed, 26-Jun-2024 19:06:15 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0iS7p08UF5w5kMSRZ..BmBb-n..AAA.0.0.BmBb-n.AWUqTB_ez-s; expires=Wed, 26-Jun-2024 19:06:15 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0o8AOsj9KjMAh385p..BmBb-k..AAA.0.0.BmBb-o.AWV0GrQdRCY; expires=Wed, 26-Jun-2024 19:06:16 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: chromecache_133.5.dr, chromecache_229.5.dr String found in binary or memory: http://rachelrodgersphotography.pic-time.com/www
Source: chromecache_170.5.dr String found in binary or memory: https://accounts.google.com
Source: JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/2U
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/2o
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/D
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/LS?
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/R
Source: chromecache_170.5.dr String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/buUS
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/dd2
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/pS
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/yS
Source: chromecache_148.5.dr, chromecache_196.5.dr String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: chromecache_170.5.dr String found in binary or memory: https://families.google.com/intl/
Source: chromecache_225.5.dr String found in binary or memory: https://fburl.com/comet_preloading
Source: chromecache_225.5.dr String found in binary or memory: https://fburl.com/dialog-provider).
Source: chromecache_225.5.dr String found in binary or memory: https://fburl.com/wiki/m19zmtlh
Source: chromecache_126.5.dr, chromecache_138.5.dr String found in binary or memory: https://fburl.com/wiki/xrzohrqb
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://g.co/recover
Source: chromecache_129.5.dr String found in binary or memory: https://lexical.dev/docs/error?
Source: chromecache_144.5.dr String found in binary or memory: https://optout.aboutads.info/
Source: chromecache_170.5.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://play.google/intl/
Source: chromecache_170.5.dr String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://policies.google.com/privacy/additional/embedded?gl=kr
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://policies.google.com/terms
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://policies.google.com/terms/location/embedded
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_179.5.dr String found in binary or memory: https://scontent.xx.fbcdn.net/hads-ak-prn2/1487645_6012475414660_1439393861_n.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_updated.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/get_family_link_1.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_1.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_1.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_1.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_1.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_1.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_0.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_1.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/alreadyinstalledfamilylink.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/installfamilylink.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://support.google.com/accounts?hl=
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://support.google.com/accounts?p=new-si-ui
Source: chromecache_144.5.dr String found in binary or memory: https://support.google.com/chrome/answer/95647
Source: chromecache_170.5.dr String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: chromecache_148.5.dr, chromecache_196.5.dr String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://www.google.com
Source: chromecache_170.5.dr String found in binary or memory: https://www.google.com/intl/
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
Source: chromecache_212.5.dr String found in binary or memory: https://www.internalfb.com/intern/invariant/
Source: chromecache_144.5.dr String found in binary or memory: https://www.youronlinechoices.com/
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/account
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/accountA1
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/accounts
Source: JI3Rv58g76.exe, 00000000.00000002.1650193398.0000000000FCE000.00000004.00000020.00020000.00000000.sdmp, JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FCE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/accountu
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: chromecache_144.5.dr String found in binary or memory: https://youradchoices.ca/
Source: chromecache_136.5.dr, chromecache_170.5.dr String found in binary or memory: https://youtube.com/t/terms?gl=
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown HTTPS traffic detected: 23.41.168.93:443 -> 192.168.2.4:49850 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.41.168.93:443 -> 192.168.2.4:49857 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49907 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49929 version: TLS 1.2
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006AEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard, 0_2_006AEAFF
Contains functionality to modify clipboard data
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006AED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard, 0_2_006AED6A
Contains functionality to read the clipboard data
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006AEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard, 0_2_006AEAFF
Contains functionality to retrieve information about pressed keystrokes
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0069AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput, 0_2_0069AA57
Potential key logger detected (key state polling based)
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006C9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, 0_2_006C9576

System Summary
barindex
Binary is likely a compiled AutoIt script file
Source: JI3Rv58g76.exe String found in binary or memory: This is a third-party compiled AutoIt script.
Source: JI3Rv58g76.exe, 00000000.00000000.1643548400.00000000006F2000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: This is a third-party compiled AutoIt script. memstr_7c13c7c5-3
Source: JI3Rv58g76.exe, 00000000.00000000.1643548400.00000000006F2000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer memstr_633ca0e5-5
Source: JI3Rv58g76.exe String found in binary or memory: This is a third-party compiled AutoIt script. memstr_c39fa275-f
Source: JI3Rv58g76.exe String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer memstr_888d7d56-a
Contains functionality to communicate with device drivers
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0069D5EB: CreateFileW,DeviceIoControl,CloseHandle, 0_2_0069D5EB
Contains functionality to launch a process as a different user
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00691201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock, 0_2_00691201
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0069E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState, 0_2_0069E8F6
Detected potential crypto function
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00638060 0_2_00638060
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006A2046 0_2_006A2046
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00698298 0_2_00698298
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0066E4FF 0_2_0066E4FF
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0066676B 0_2_0066676B
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006C4873 0_2_006C4873
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0063CAF0 0_2_0063CAF0
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0065CAA0 0_2_0065CAA0
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0064CC39 0_2_0064CC39
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00666DD9 0_2_00666DD9
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0064D07D 0_2_0064D07D
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0064B119 0_2_0064B119
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006391C0 0_2_006391C0
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00651394 0_2_00651394
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00651706 0_2_00651706
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0065781B 0_2_0065781B
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0064997D 0_2_0064997D
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00637920 0_2_00637920
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006519B0 0_2_006519B0
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00657A4A 0_2_00657A4A
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00651C77 0_2_00651C77
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00657CA7 0_2_00657CA7
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006BBE44 0_2_006BBE44
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00669EEE 0_2_00669EEE
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0063BF40 0_2_0063BF40
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00651F32 0_2_00651F32
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: String function: 0064F9F2 appears 31 times
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: String function: 00650A30 appears 46 times
Tries to load missing DLLs
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: windows.shell.servicehostbuilder.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Section loaded: wkscli.dll Jump to behavior
Uses 32bit PE files
Source: JI3Rv58g76.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engine Classification label: mal60.evad.winEXE@36/192@40/15
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006A37B5 GetLastError,FormatMessageW, 0_2_006A37B5
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006910BF AdjustTokenPrivileges,CloseHandle, 0_2_006910BF
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006916C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError, 0_2_006916C3
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006A51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode, 0_2_006A51CD
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006BA67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle, 0_2_006BA67C
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006A648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize, 0_2_006A648E
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006342A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource, 0_2_006342A2
Source: JI3Rv58g76.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: JI3Rv58g76.exe ReversingLabs: Detection: 34%
Source: unknown Process created: C:\Users\user\Desktop\JI3Rv58g76.exe "C:\Users\user\Desktop\JI3Rv58g76.exe"
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/account
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2176,i,5335908566335043068,871797015528746593,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1900,i,18057302422028516478,15824854805036457767,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1984,i,11974095337585701289,14380826044233319254,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4132 --field-trial-handle=2176,i,5335908566335043068,871797015528746593,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3100 --field-trial-handle=2176,i,5335908566335043068,871797015528746593,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/account Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/ Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2176,i,5335908566335043068,871797015528746593,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4132 --field-trial-handle=2176,i,5335908566335043068,871797015528746593,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3100 --field-trial-handle=2176,i,5335908566335043068,871797015528746593,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1984,i,11974095337585701289,14380826044233319254,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1900,i,18057302422028516478,15824854805036457767,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A66AEDC-93C3-4ACC-BA96-08F5716429F7}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: JI3Rv58g76.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: JI3Rv58g76.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: JI3Rv58g76.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: JI3Rv58g76.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: JI3Rv58g76.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: JI3Rv58g76.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: JI3Rv58g76.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: JI3Rv58g76.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: JI3Rv58g76.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: JI3Rv58g76.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: JI3Rv58g76.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: JI3Rv58g76.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_006342DE
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00650A76 push ecx; ret 0_2_00650A89
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0064F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput, 0_2_0064F98E
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006C1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, 0_2_006C1C41
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\JI3Rv58g76.exe API coverage: 3.0 %
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006A68EE FindFirstFileW,FindClose, 0_2_006A68EE
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006A698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, 0_2_006A698F
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0069D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_0069D076
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0069D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_0069D3A9
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006A9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_006A9642
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006A979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_006A979D
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006A9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, 0_2_006A9B2B
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0069DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, 0_2_0069DBBE
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006A5C97 FindFirstFileW,FindNextFileW,FindClose, 0_2_006A5C97
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_006342DE
Source: JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\v
Source: JI3Rv58g76.exe, 00000000.00000003.1648915626.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\+
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006AEAA2 BlockInput, 0_2_006AEAA2
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00662622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00662622
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_006342DE
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00654CE8 mov eax, dword ptr fs:[00000030h] 0_2_00654CE8
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00690B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, 0_2_00690B62
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00662622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00662622
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0065083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_0065083F
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006509D5 SetUnhandledExceptionFilter, 0_2_006509D5
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00650C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00650C21
Contains functionality to execute programs as a different user
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00691201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock, 0_2_00691201
Contains functionality to launch a program with higher privileges
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00672BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW, 0_2_00672BA5
Contains functionality to simulate keystroke presses
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0069B226 SendInput,keybd_event, 0_2_0069B226
Contains functionality to simulate mouse events
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006B22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event, 0_2_006B22DA
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/account Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/ Jump to behavior
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00690B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, 0_2_00690B62
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00691663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid, 0_2_00691663
Source: JI3Rv58g76.exe Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: JI3Rv58g76.exe Binary or memory string: Shell_TrayWnd
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_00650698 cpuid 0_2_00650698
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006A8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW, 0_2_006A8195
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0068D27A GetUserNameW, 0_2_0068D27A
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_0066BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte, 0_2_0066BB6F
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_006342DE
OS version to string mapping found (often used in BOTs)
Source: JI3Rv58g76.exe Binary or memory string: WIN_81
Source: JI3Rv58g76.exe Binary or memory string: WIN_XP
Source: JI3Rv58g76.exe Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: JI3Rv58g76.exe Binary or memory string: WIN_XPe
Source: JI3Rv58g76.exe Binary or memory string: WIN_VISTA
Source: JI3Rv58g76.exe Binary or memory string: WIN_7
Source: JI3Rv58g76.exe Binary or memory string: WIN_8
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006B1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket, 0_2_006B1204
Source: C:\Users\user\Desktop\JI3Rv58g76.exe Code function: 0_2_006B1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket, 0_2_006B1806
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1417245 Sample: JI3Rv58g76.exe Startdate: 28/03/2024 Architecture: WINDOWS Score: 60 40 Multi AV Scanner detection for submitted file 2->40 42 Binary is likely a compiled AutoIt script file 2->42 44 Machine Learning detection for sample 2->44 7 JI3Rv58g76.exe 12 2->7         started        process3 signatures4 46 Binary is likely a compiled AutoIt script file 7->46 48 Found API chain indicative of sandbox detection 7->48 10 chrome.exe 1 7->10         started        13 chrome.exe 7->13         started        15 chrome.exe 7->15         started        process5 dnsIp6 34 192.168.2.4, 138, 443, 49172 unknown unknown 10->34 36 192.168.2.5 unknown unknown 10->36 38 239.255.255.250 unknown Reserved 10->38 17 chrome.exe 10->17         started        20 chrome.exe 10->20         started        22 chrome.exe 6 10->22         started        24 chrome.exe 13->24         started        26 chrome.exe 15->26         started        process7 dnsIp8 28 www3.l.google.com 142.250.31.113, 443, 49869, 49886 GOOGLEUS United States 17->28 30 youtube-ui.l.google.com 142.251.167.190, 443, 49730 GOOGLEUS United States 17->30 32 15 other IPs or domains 17->32
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
172.253.115.106
 unknown United States
15169 GOOGLEUS false
157.240.241.1
 scontent-lga3-2.xx.fbcdn.net United States
32934 FACEBOOKUS false
172.253.62.105
 unknown United States
15169 GOOGLEUS false
172.253.122.104
 www.google.com United States
15169 GOOGLEUS false
31.13.66.35
 unknown Ireland
32934 FACEBOOKUS false
142.250.31.113
 www3.l.google.com United States
15169 GOOGLEUS false
31.13.66.19
 scontent.xx.fbcdn.net Ireland
32934 FACEBOOKUS false
157.240.229.35
 star-mini.c10r.facebook.com United States
32934 FACEBOOKUS false
157.240.229.1
 unknown United States
32934 FACEBOOKUS false
239.255.255.250
 unknown Reserved
unknown unknown false
31.13.71.7
 scontent-lga3-1.xx.fbcdn.net Ireland
32934 FACEBOOKUS false
142.251.167.190
 youtube-ui.l.google.com United States
15169 GOOGLEUS false
142.251.179.138
 play.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.4
192.168.2.5

Contacted Domains

Name IP Active
star-mini.c10r.facebook.com 157.240.229.35 true
youtube-ui.l.google.com 142.251.167.190 true
scontent.xx.fbcdn.net 31.13.66.19 true
www3.l.google.com 142.250.31.113 true
play.google.com 142.251.179.138 true
video.xx.fbcdn.net 31.13.66.28 true
scontent-lga3-1.xx.fbcdn.net 31.13.71.7 true
www.google.com 172.253.122.104 true
scontent-lga3-2.xx.fbcdn.net 157.240.241.1 true
www.facebook.com unknown unknown
accounts.youtube.com unknown unknown
www.youtube.com unknown unknown
static.xx.fbcdn.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://static.xx.fbcdn.net/rsrc.php/v3/yP/r/nqzi0HDP8Ry.js?_nc_x=Ij3Wp8lg5Kz false
    		high
    https://scontent-lga3-1.xx.fbcdn.net/v/t15.5256-10/433671510_916405506834087_3905724146057868703_n.jpg?stp=dst-jpg_p206x206&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=nG3nKZkXKiwAX_kxQPc&_nc_ht=scontent-lga3-1.xx&oh=00_AfBwLYKtX0_jIuJpbKb5tjITEEpnppNy4-WpiXV-VvVzJg&oe=660B0563 false
      		high
      https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/430597876_736827948519071_8494938187567979547_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=w7CNIrf36ckAX8Npy8m&_nc_ht=scontent-lga3-2.xx&oh=00_AfCBblQtGV-FEe86BDtBjzDp_vtHbIWqbFFR927aSMo7yQ&oe=660B126D false
        		high
        https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/433339709_2523901647788735_6993229466412260938_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=v5nEIX6XKngAX-vCjKA&_nc_ht=scontent-lga3-2.xx&oh=00_AfCIlfoMX4FfaPy1iZwoWAbAAtudK2mx8UBpUaMgY9Z98w&oe=660A4383 false
          		high
          https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19810.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7351492666381830667&__req=8&__rev=1012382939&__s=myfl6d%3A2kawfo%3Almpu3z&__spin_b=trunk&__spin_r=1012382939&__spin_t=1711652769&__user=0&dpr=1&jazoest=2949&lsd=AVo7yTty41Y&ph=C3 false
            		high
            https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/430222019_385989997554730_1938802334542240222_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=4sQCI3VgjWkAX8CNQN-&_nc_ht=scontent-lga3-2.xx&oh=00_AfAZeYALBJP47oUL2UjngG3pv2ETUbIQojWeAAFhBmdT2g&oe=660AD01C false
              		high
              https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19810.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7351492666381830667&__req=c&__rev=1012382939&__s=myfl6d%3A2kawfo%3Almpu3z&__spin_b=trunk&__spin_r=1012382939&__spin_t=1711652769&__user=0&dpr=1&jazoest=2949&lsd=AVo7yTty41Y&ph=C3 false
                		high
                https://www.facebook.com/video false
                  		high
                  https://static.xx.fbcdn.net/rsrc.php/v3i4nn4/yl/l/en_US/IOrr8Repg2I.js?_nc_x=Ij3Wp8lg5Kz false
                    		high
                    https://static.xx.fbcdn.net/rsrc.php/v3/y2/r/2UXBRrhCqJH.png false
                      		high
                      https://scontent-lga3-2.xx.fbcdn.net/v/t51.29350-10/427572185_312097688086382_4477104599171447976_n.jpg?stp=dst-jpg_p206x206&_nc_cat=100&ccb=1-7&_nc_sid=5f2048&_nc_ohc=hFgHZ5suS5EAX_5CsEj&_nc_ht=scontent-lga3-2.xx&oh=00_AfBn5lXBFcY5DsNgmlItA6DelkIrSph6WootA6Tt--Z4rQ&oe=660B19A0 false
                        		high
                        https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/434191627_10168512814900504_883876520354233956_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=51-qX5zvjVMAX9CI3oS&_nc_ht=scontent-lga3-2.xx&oh=00_AfB3qFzx0z1X5x9MpYy7bNDyeHzGflfjlTQ_uNQ4x9XLwg&oe=660AC6BE false
                          		high
                          https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19810.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7351492666381830667&__req=a&__rev=1012382939&__s=myfl6d%3A2kawfo%3Almpu3z&__spin_b=trunk&__spin_r=1012382939&__spin_t=1711652769&__user=0&dpr=1&jazoest=2949&lsd=AVo7yTty41Y&ph=C3 false
                            		high
                            https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/429872046_913521453854205_2559138308627109769_n.jpg?stp=dst-jpg_p370x247&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=bVe0bk5aNLIAX_VQDq1&_nc_ht=scontent-lga3-2.xx&oh=00_AfCUhJdPxdc1CP2UTC5JKJdkITq6XJ311ArtJsP4XYPfNQ&oe=660A349D false
                              		high
                              https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/402897250_657373783216841_8536430327970339612_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=jnUhgR33UywAX-YBD7H&_nc_ht=scontent-lga3-2.xx&oh=00_AfAFj5hqM6w5vyMXLbWgcqkzOCnYYCvbtGdAx0hq_LGRiA&oe=660A0E82 false
                                		high
                                https://static.xx.fbcdn.net/rsrc.php/v3ifWF4/y9/l/en_US/8vog5P6fr2w.js?_nc_x=Ij3Wp8lg5Kz false
                                  		high
                                  https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/429226384_800219538822157_6664087838727453891_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=WasqvFZSzCMAX_yK8AA&_nc_oc=Adgnl7z1UWqR0yJ56bkGBxut_9Nx1b-cyOOkg_wC1jOkX4S-d739IaD5huGatljRadU&_nc_ht=scontent-lga3-2.xx&oh=00_AfA47l8EeL9acL5DV0VMl9Yo9i2D7enXidlMT-Y_Y1Ey-w&oe=660A7D89 false
                                    		high
                                    https://www.youtube.com/account false
                                      		high
                                      https://www.google.com/favicon.ico false
                                        		high
                                        https://www.facebook.com/data/manifest/ false
                                          		high
                                          https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19810.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7351492666381830667&__req=f&__rev=1012382939&__s=myfl6d%3A2kawfo%3Almpu3z&__spin_b=trunk&__spin_r=1012382939&__spin_t=1711652769&__user=0&dpr=1&jazoest=2949&lsd=AVo7yTty41Y&ph=C3 false
                                            		high
                                            https://static.xx.fbcdn.net/rsrc.php/v3/yY/r/YT7n1sgH1lv.js?_nc_x=Ij3Wp8lg5Kz false
                                              		high
                                              https://static.xx.fbcdn.net/rsrc.php/yT/r/aGT3gskzWBf.ico false
                                                		high
                                                https://static.xx.fbcdn.net/rsrc.php/v3iTzS4/yC/l/en_US/jnw4PWi0NlAqCL2r601ymJkZjfeudyFuJEVQFXOpV-_qpXFYHV90WF8xsw_y3zVOBS5r1v89-9txafWxL1rr0Obq.js?_nc_x=Ij3Wp8lg5Kz false
                                                  		high
                                                  https://static.xx.fbcdn.net/rsrc.php/v3iNTg4/yQ/l/en_US/lCUnpCreVAL.js?_nc_x=Ij3Wp8lg5Kz false
                                                    		high
                                                    https://scontent.xx.fbcdn.net/hads-ak-prn2/1487645_6012475414660_1439393861_n.png false
                                                      		high
                                                      https://static.xx.fbcdn.net/rsrc.php/v3/yH/r/xhAcgB6kDqz.js?_nc_x=Ij3Wp8lg5Kz false
                                                        		high
                                                        https://static.xx.fbcdn.net/rsrc.php/v3/yb/r/7NqDjYL3eb9.png false
                                                          		high
                                                          https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/305039035_126456863482221_7637771635799875508_n.jpg?stp=c13.0.50.50a_cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=X2KNjylRF1IAX-u_W_C&_nc_ht=scontent-lga3-2.xx&oh=00_AfBHltmIVW1mlsGB1pUujiE_K4CjqrszVl3yd_IW7lprWA&oe=6609FB3A false
                                                            		high
                                                            https://static.xx.fbcdn.net/rsrc.php/v3/y0/r/eFZD1KABzRA.png false
                                                              		high
                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/q8Uic1K195T.png false
                                                                		high
                                                                https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/430619290_7430917230292290_4506400359726168837_n.jpg?stp=cp6_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=9ObXNmfieXgAX_ZJIGM&_nc_ht=scontent-lga3-2.xx&oh=00_AfAHYUvp3rqu8WDmEqP5rCihjgNjprCdKkIBwr9ETYlOXA&oe=660A27F7 false
                                                                  		high
                                                                  https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19810.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7351492666381830667&__req=9&__rev=1012382939&__s=myfl6d%3A2kawfo%3Almpu3z&__spin_b=trunk&__spin_r=1012382939&__spin_t=1711652769&__user=0&dpr=1&jazoest=2949&lsd=AVo7yTty41Y&ph=C3 false
                                                                    		high
                                                                    https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19810.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7351492666381830667&__req=b&__rev=1012382939&__s=myfl6d%3A2kawfo%3Almpu3z&__spin_b=trunk&__spin_r=1012382939&__spin_t=1711652769&__user=0&dpr=1&jazoest=2949&lsd=AVo7yTty41Y&ph=C3 false
                                                                      		high
                                                                      https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/Gr1iFzLjuib.js?_nc_x=Ij3Wp8lg5Kz false
                                                                        		high
                                                                        https://scontent-lga3-2.xx.fbcdn.net/v/t51.29350-10/434531290_716571817053734_2744064682005498208_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=XEPWGA-YjJgAX9KdlWl&_nc_ht=scontent-lga3-2.xx&oh=00_AfDvZi-4Z2LxMlzLOB5RwYUKy9TSVDvyW6A1MetKf84FFA&oe=6609D288 false
                                                                          		high
                                                                          https://static.xx.fbcdn.net/rsrc.php/v3iBjC4/yu/l/en_US/9Uu2qzjxEL9pHmFPqa9OByCCDspOAEJbk9lIfxjJhRGBlhD6MxEsg9iDYvatkvPhoOZd63bruQ0lYo66RdpHoPFZVlerAV3bwZ87Zc-ipmmdxV9L9ibrPrIkyMLy5NIM9adk1Rdzuzi16ygjmkqQLpu-_MGc1wa-Oq19c8UFGgncWcrTOmPobANp9KHpDnYRWx5vjUkRtJTwzy8snYF7ZNFZkrWl_eJMlvvhSHqVjNQVlYqt0Sp55HfXW__mMgFRlCsGN0FHzi95_wmB-51YxoStyBz2gE2pEQn4HVER6y-GdB52bvQ0.js?_nc_x=Ij3Wp8lg5Kz false
                                                                            		high
                                                                            https://www.facebook.com/ajax/qm/?__a=1&__user=0&__comet_req=15&jazoest=2949 false
                                                                              		high
                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yx/r/CSZ_x_QuIAx.js?_nc_x=Ij3Wp8lg5Kz false
                                                                                		high
                                                                                https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19810.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7351492666381830667&__req=g&__rev=1012382939&__s=myfl6d%3A2kawfo%3Almpu3z&__spin_b=trunk&__spin_r=1012382939&__spin_t=1711652769&__user=0&dpr=1&jazoest=2949&lsd=AVo7yTty41Y&ph=C3 false
                                                                                  		high
                                                                                  https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19810.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7351492666381830667&__req=d&__rev=1012382939&__s=myfl6d%3A2kawfo%3Almpu3z&__spin_b=trunk&__spin_r=1012382939&__spin_t=1711652769&__user=0&dpr=1&jazoest=2949&lsd=AVo7yTty41Y&ph=C3 false
                                                                                    		high
                                                                                    https://static.xx.fbcdn.net/rsrc.php/v3/yt/l/0,cross/uSn2aRZO8ux.css?_nc_x=Ij3Wp8lg5Kz false
                                                                                      		high
                                                                                      https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/432429050_1399404767363023_4440886140724773228_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=LVzP2PXcfjUAX_9x9-8&_nc_ht=scontent-lga3-2.xx&oh=00_AfDGCmD9mCzgyIv9jYbvKXVBHEVcAiPKtlWhiX-WDV2CFg&oe=660A0AB2 false
                                                                                        		high
                                                                                        https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19810.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7351492666381830667&__req=e&__rev=1012382939&__s=myfl6d%3A2kawfo%3Almpu3z&__spin_b=trunk&__spin_r=1012382939&__spin_t=1711652769&__user=0&dpr=1&jazoest=2949&lsd=AVo7yTty41Y&ph=C3 false
                                                                                          		high
                                                                                          https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/431341873_364445046553921_3968847851229451111_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=auM5n4i72gkAX9Pwxr-&_nc_ht=scontent-lga3-2.xx&oh=00_AfCBJa93r8AgBrA3PZUHOy7usL36LveLxOUs_0ogttYq_Q&oe=660A9180 false
                                                                                            		high
                                                                                            https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/293474113_588444525983578_3802416932064405200_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=eFb7h36WtEQAX89gKoc&_nc_ht=scontent-lga3-2.xx&oh=00_AfCu-JtT9gPo-19367-klyv5R988tZq1x4dedpC_mEPGGw&oe=660B599A false
                                                                                              		high
                                                                                              https://play.google.com/log?format=json&hasfast=true&authuser=0 false
                                                                                                		high
                                                                                                https://static.xx.fbcdn.net/rsrc.php/v3idBq4/yv/l/en_US/v-SWhfFgyNF.js?_nc_x=Ij3Wp8lg5Kz false
                                                                                                  		high
                                                                                                  https://static.xx.fbcdn.net/rsrc.php/v3iioC4/yw/l/en_US/pnJHkiZvaB5.js?_nc_x=Ij3Wp8lg5Kz false
                                                                                                    		high
                                                                                                    https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/YOJay7eN_PK.png false
                                                                                                      		high
                                                                                                      https://play.google.com/log?hasfast=true&authuser=0&format=json false
                                                                                                        		high
                                                                                                        https://scontent-lga3-1.xx.fbcdn.net/v/t15.5256-10/431095440_785215223111042_6790815809198763884_n.jpg?stp=dst-jpg_p206x206&_nc_cat=103&ccb=1-7&_nc_sid=5f2048&_nc_ohc=Mzrb63gyqMUAX8sj4xW&_nc_ht=scontent-lga3-1.xx&oh=00_AfAO4NhwqaaUlIB_mWYQDRDQeWmd-ZZY2Fw5ojca2AZ1hg&oe=660B93DE false
                                                                                                          		high
                                                                                                          https://static.xx.fbcdn.net/rsrc.php/v3ieKI4/yR/l/en_US/X-4pD-JMb7T.js?_nc_x=Ij3Wp8lg5Kz false
                                                                                                            		high
                                                                                                            https://static.xx.fbcdn.net/rsrc.php/v3it4v4/ya/l/en_US/c6X24_t9bV6.js?_nc_x=Ij3Wp8lg5Kz false
                                                                                                              		high
                                                                                                              https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/430970856_331678446558988_1462749360539672140_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=QWK2ESLKuj4AX_cJh7C&_nc_ht=scontent-lga3-2.xx&oh=00_AfAs4WoEPysc8_mRJH2bbJw6RfS2o3Kvd5-ioOc4tuPMpQ&oe=6609C887 false
                                                                                                                		high
                                                                                                                https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/430970856_331678446558988_1462749360539672140_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=QWK2ESLKuj4AX_cJh7C&_nc_ht=scontent-lga3-2.xx&oh=00_AfDw2c3FnjTfeR6iM4EHE_tpjs5XiKC-g4FIR95CyOdh4Q&oe=6609C887 false
                                                                                                                  		high
                                                                                                                  https://static.xx.fbcdn.net/rsrc.php/v3iY1_4/yx/l/en_US/hr4wnrnGRHO.js?_nc_x=Ij3Wp8lg5Kz false
                                                                                                                    		high
                                                                                                                    https://www.facebook.com/ajax/bulk-route-definitions/ false
                                                                                                                      		high
                                                                                                                      https://static.xx.fbcdn.net/rsrc.php/v3ijbW4/yI/l/en_US/UGBCn2NiNkW.js?_nc_x=Ij3Wp8lg5Kz false
                                                                                                                        		high
                                                                                                                        https://static.xx.fbcdn.net/rsrc.php/v3iQh04/yZ/l/en_US/4OfVhVda111.js?_nc_x=Ij3Wp8lg5Kz false
                                                                                                                          		high
                                                                                                                          https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/432876663_934652351673809_5361458748257372154_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=vzrWLk-oeKAAX8zMSeK&_nc_ht=scontent-lga3-2.xx&oh=00_AfD2wOtLRTPuoG6hdjPBSCko2YaizyptWNnJp-8jirSE9w&oe=660B0FF2 false
                                                                                                                            		high
                                                                                                                            https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/398021402_288073914198331_8114853194744639947_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=yZNnneb6a2gAX9fwmD9&_nc_ht=scontent-lga3-2.xx&oh=00_AfD0rzyDXTPKnpYOj7kle33M1y7-sHvLgzWWXIvS7ey6VQ&oe=660A2333 false
                                                                                                                              		high