Windows Analysis Report
HxesZl7bIx.exe

Overview

General Information

Sample name: HxesZl7bIx.exe
(renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name: 124edb48ce763a1b36c8e8736a865190c0e4928274acb617ce55e31e8c27c83f
Analysis ID: 1428503
MD5: 054664da74deb75df32022e644c197d0
SHA1: 398448ae19a22710cc848ff4c90b4a3599db5da1
SHA256: 124edb48ce763a1b36c8e8736a865190c0e4928274acb617ce55e31e8c27c83f
Infos:

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found iframes
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTML body contains password input but no form action
HTML title does not match URL
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: HxesZl7bIx.exe ReversingLabs: Detection: 58%
Source: HxesZl7bIx.exe Virustotal: Detection: 56% Perma Link
Machine Learning detection for sample
Source: HxesZl7bIx.exe Joe Sandbox ML: detected
Found iframes
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKJLIKz32uIgJ_XUijV6-eEWxbL7O4dV3kkBejnKnqjZuT15OnMI73XE9kLzLAgI-twNBImiAA&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1426224490%3A1713490837846023&theme=mn&ddm=0 HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-744840401&timestamp=1713490840509
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKJLIKz32uIgJ_XUijV6-eEWxbL7O4dV3kkBejnKnqjZuT15OnMI73XE9kLzLAgI-twNBImiAA&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1426224490%3A1713490837846023&theme=mn&ddm=0 HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKJLIKz32uIgJ_XUijV6-eEWxbL7O4dV3kkBejnKnqjZuT15OnMI73XE9kLzLAgI-twNBImiAA&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1426224490%3A1713490837846023&theme=mn&ddm=0 HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-744840401&timestamp=1713490840509
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKJLIKz32uIgJ_XUijV6-eEWxbL7O4dV3kkBejnKnqjZuT15OnMI73XE9kLzLAgI-twNBImiAA&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1426224490%3A1713490837846023&theme=mn&ddm=0 HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKJLIKz32uIgJ_XUijV6-eEWxbL7O4dV3kkBejnKnqjZuT15OnMI73XE9kLzLAgI-twNBImiAA&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1426224490%3A1713490837846023&theme=mn&ddm=0 HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-744840401&timestamp=1713490840509
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKJLIKz32uIgJ_XUijV6-eEWxbL7O4dV3kkBejnKnqjZuT15OnMI73XE9kLzLAgI-twNBImiAA&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1426224490%3A1713490837846023&theme=mn&ddm=0 HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKL0DVE35ds1FJrf8bmielkHjbMlqNt3A4cXeGJvW1xKqa9aG6HehzWNdNmxUN2QRhvG8r-77w&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2097916348%3A1713490837852387&theme=mn&ddm=0 HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1434896875&timestamp=1713490842131
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKL0DVE35ds1FJrf8bmielkHjbMlqNt3A4cXeGJvW1xKqa9aG6HehzWNdNmxUN2QRhvG8r-77w&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2097916348%3A1713490837852387&theme=mn&ddm=0 HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKL0DVE35ds1FJrf8bmielkHjbMlqNt3A4cXeGJvW1xKqa9aG6HehzWNdNmxUN2QRhvG8r-77w&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2097916348%3A1713490837852387&theme=mn&ddm=0 HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1434896875&timestamp=1713490842131
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKL0DVE35ds1FJrf8bmielkHjbMlqNt3A4cXeGJvW1xKqa9aG6HehzWNdNmxUN2QRhvG8r-77w&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2097916348%3A1713490837852387&theme=mn&ddm=0 HTTP Parser: Iframe src: /_/bscframe
HTML body contains password input but no form action
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKJLIKz32uIgJ_XUijV6-eEWxbL7O4dV3kkBejnKnqjZuT15OnMI73XE9kLzLAgI-twNBImiAA&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1426224490%3A1713490837846023&theme=mn&ddm=0 HTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKL0DVE35ds1FJrf8bmielkHjbMlqNt3A4cXeGJvW1xKqa9aG6HehzWNdNmxUN2QRhvG8r-77w&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2097916348%3A1713490837852387&theme=mn&ddm=0 HTTP Parser: <input type="password" .../> found but no <form action="...
HTML title does not match URL
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKL0DVE35ds1FJrf8bmielkHjbMlqNt3A4cXeGJvW1xKqa9aG6HehzWNdNmxUN2QRhvG8r-77w&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2097916348%3A1713490837852387&theme=mn&ddm=0 HTTP Parser: Title: YouTube does not match URL
Source: https://www.facebook.com/video HTTP Parser: <input type="password" .../> found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKJLIKz32uIgJ_XUijV6-eEWxbL7O4dV3kkBejnKnqjZuT15OnMI73XE9kLzLAgI-twNBImiAA&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1426224490%3A1713490837846023&theme=mn&ddm=0 HTTP Parser: <input type="password" .../> found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKL0DVE35ds1FJrf8bmielkHjbMlqNt3A4cXeGJvW1xKqa9aG6HehzWNdNmxUN2QRhvG8r-77w&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2097916348%3A1713490837852387&theme=mn&ddm=0 HTTP Parser: <input type="password" .../> found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKJLIKz32uIgJ_XUijV6-eEWxbL7O4dV3kkBejnKnqjZuT15OnMI73XE9kLzLAgI-twNBImiAA&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1426224490%3A1713490837846023&theme=mn&ddm=0 HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKJLIKz32uIgJ_XUijV6-eEWxbL7O4dV3kkBejnKnqjZuT15OnMI73XE9kLzLAgI-twNBImiAA&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1426224490%3A1713490837846023&theme=mn&ddm=0 HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKJLIKz32uIgJ_XUijV6-eEWxbL7O4dV3kkBejnKnqjZuT15OnMI73XE9kLzLAgI-twNBImiAA&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1426224490%3A1713490837846023&theme=mn&ddm=0 HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKL0DVE35ds1FJrf8bmielkHjbMlqNt3A4cXeGJvW1xKqa9aG6HehzWNdNmxUN2QRhvG8r-77w&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2097916348%3A1713490837852387&theme=mn&ddm=0 HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKL0DVE35ds1FJrf8bmielkHjbMlqNt3A4cXeGJvW1xKqa9aG6HehzWNdNmxUN2QRhvG8r-77w&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2097916348%3A1713490837852387&theme=mn&ddm=0 HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKL0DVE35ds1FJrf8bmielkHjbMlqNt3A4cXeGJvW1xKqa9aG6HehzWNdNmxUN2QRhvG8r-77w&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2097916348%3A1713490837852387&theme=mn&ddm=0 HTTP Parser: No favicon
Source: https://www.facebook.com/video HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/video HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/video HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKJLIKz32uIgJ_XUijV6-eEWxbL7O4dV3kkBejnKnqjZuT15OnMI73XE9kLzLAgI-twNBImiAA&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1426224490%3A1713490837846023&theme=mn&ddm=0 HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKJLIKz32uIgJ_XUijV6-eEWxbL7O4dV3kkBejnKnqjZuT15OnMI73XE9kLzLAgI-twNBImiAA&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1426224490%3A1713490837846023&theme=mn&ddm=0 HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKJLIKz32uIgJ_XUijV6-eEWxbL7O4dV3kkBejnKnqjZuT15OnMI73XE9kLzLAgI-twNBImiAA&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1426224490%3A1713490837846023&theme=mn&ddm=0 HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKL0DVE35ds1FJrf8bmielkHjbMlqNt3A4cXeGJvW1xKqa9aG6HehzWNdNmxUN2QRhvG8r-77w&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2097916348%3A1713490837852387&theme=mn&ddm=0 HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKL0DVE35ds1FJrf8bmielkHjbMlqNt3A4cXeGJvW1xKqa9aG6HehzWNdNmxUN2QRhvG8r-77w&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2097916348%3A1713490837852387&theme=mn&ddm=0 HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKL0DVE35ds1FJrf8bmielkHjbMlqNt3A4cXeGJvW1xKqa9aG6HehzWNdNmxUN2QRhvG8r-77w&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2097916348%3A1713490837852387&theme=mn&ddm=0 HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/video HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/video HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/video HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKJLIKz32uIgJ_XUijV6-eEWxbL7O4dV3kkBejnKnqjZuT15OnMI73XE9kLzLAgI-twNBImiAA&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1426224490%3A1713490837846023&theme=mn&ddm=0 HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKJLIKz32uIgJ_XUijV6-eEWxbL7O4dV3kkBejnKnqjZuT15OnMI73XE9kLzLAgI-twNBImiAA&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1426224490%3A1713490837846023&theme=mn&ddm=0 HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ARZ0qKJLIKz32uIgJ_XUijV6-eEWxbL7O4dV3kkBejnKnqjZuT15OnMI73XE9kLzLAgI-twNBImiAA&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1426224490%3A1713490837846023&theme=mn&ddm=0 HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKL0DVE35ds1FJrf8bmielkHjbMlqNt3A4cXeGJvW1xKqa9aG6HehzWNdNmxUN2QRhvG8r-77w&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2097916348%3A1713490837852387&theme=mn&ddm=0 HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKL0DVE35ds1FJrf8bmielkHjbMlqNt3A4cXeGJvW1xKqa9aG6HehzWNdNmxUN2QRhvG8r-77w&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2097916348%3A1713490837852387&theme=mn&ddm=0 HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=ARZ0qKL0DVE35ds1FJrf8bmielkHjbMlqNt3A4cXeGJvW1xKqa9aG6HehzWNdNmxUN2QRhvG8r-77w&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2097916348%3A1713490837852387&theme=mn&ddm=0 HTTP Parser: No <meta name="copyright".. found
Uses 32bit PE files
Source: HxesZl7bIx.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 23.33.136.127:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.33.136.127:443 -> 192.168.2.4:49797 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49916 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49940 version: TLS 1.2
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003B68EE FindFirstFileW,FindClose, 0_2_003B68EE
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003B698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, 0_2_003B698F
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003AD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_003AD076
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003AD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_003AD3A9
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003B9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_003B9642
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003B979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_003B979D
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003B9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, 0_2_003B9B2B
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003ADBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, 0_2_003ADBBE
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003B5C97 FindFirstFileW,FindNextFileW,FindClose, 0_2_003B5C97
Source: chrome.exe Memory has grown: Private usage: 6MB later: 41MB
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003BCE44 InternetReadFile,SetEvent,GetLastError,SetEvent, 0_2_003BCE44
Source: global traffic HTTP traffic detected: GET /video HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /account HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yb/l/0,cross/YevIHjTZjnO.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yb/r/G3Nm7rYDpD0.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3ifhN4/yX/l/en_US/nChwAUT1aUgDYvatkvPhoORf7s0WJvHMPn1wRO-dUcIoL9XF0wO0ej9ML-m_DiQrfXi0ByZrEbi6c-BC0lRf3kmQVAblIutlJuDu8FjJ2mAf5cwjSvgZCKCmXkp8GwrOMn7m1Rdzuzi16ygkVEIahZX1XqpI1Q50zl6ZBgWvsJpQFrYrGc1wa-Oq19cr_l1DuzAtWVDh4cn1CMxub3y91qmloYqXsrAa0b9bMzu_eJMlvvhSHqOL8xCqhxFHLp55HfXW__mMgFRlCsGN0FHzi95_wmB-51YxoStyBz2gE2pEQn4HVER6vHpPn3-WFWVy-GdB52bvQ0.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iwN74/yD/l/en_US/APoqa-iIOjvrn_I8kVuFfvi1Qie0qdVBFdoHo8RmQG6EroQ9FNgpiRhTLojQtsFNcs.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iHrB4/y-/l/en_US/Sd6LZm7F8MR.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yA/r/OMXgFqU76kP.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3ic_A4/yy/l/en_US/SV3JvfEjy-HECsg6rc0g3Q_nx0QPfkJnvo7kHHAR2WLloFvVgikQZOAlimUDEtcYdfpXFYHV90WF8xsw_y3zVOBS5r1v89-9txafWxL1rr0Obq.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iCjQ4/yT/l/en_US/-cuErFyZKsI.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iQbs4/yg/l/en_US/EX6jmVQkY6L.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yo/r/RBVykxDUbUn.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iFd24/yd/l/en_US/dj10Ym9OUFW.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iMBH4/ym/l/en_US/PM0yz8J0_9eatA4AbcUXJ_xGj4GgHf6uoyMXsyMcajeZkbHSqEKHvKE5vIR6Z6_fPD4wyD5Ym16tXudcxB4NWZK-0RNSBe8qSPG4UpY82FpGVUugonw1necxJMJfxNSBC0jRQvPTG6MYkFOrTRdkwmU8Y3mM84SfiWlvqtZjCyJ63My3zlOMrO0CLM5TVwEj1ba-rOSQb0hClwF360PJEynPfrjI.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3ifWF4/yt/l/en_US/3KWduJcmUWu.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yo/r/RBVykxDUbUn.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yR/r/4TRsPp18HYl.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3i7Vo4/y6/l/en_US/LznjGi-Mcyn.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fr=0vajiWcpM3izk77P7..BmIcuZ..AAA.0.0.BmIcuZ.AWXg241u3QQ
Source: global traffic HTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-744840401&timestamp=1713490840509 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: YSC=TISbAQ87lBo; VISITOR_INFO1_LIVE=Bm5Gpp9tStI; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgPg%3D%3D
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yR/r/4TRsPp18HYl.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yy/r/q9P8VRdD1Am.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iNTg4/yA/l/en_US/2obelxd4ucH.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/434846145_750354690635123_5825280892337708034_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=VY_PguNQYqkAb4vYZ4J&_nc_ht=scontent-atl3-2.xx&oh=00_AfAA-dZ2FVoVBFW58UvtffQQCH__zs3TaqlqaDmOBrIH9A&oe=66278A45 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/438043668_951275763118012_9085738709733793549_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=Ag36yU8NZ2YAb6DVjhK&_nc_oc=AdhGlZK-sKtqhfza7ml_SykynPBUSx2UizoL0jq-Q1WsBlq6hBHetpwRDqkENWqjVAg&_nc_ht=scontent-atl3-2.xx&oh=00_AfA66vG8Ma9yADhKUsRHkt3rFZiZhApEGqODDzKsb816Dw&oe=6627B1A4 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/437942529_992446696222628_1543467553494358279_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=AcwWWyFNr0wAb46GRke&_nc_ht=scontent-atl3-2.xx&oh=00_AfCufZFJTsYS1oCzs70XhJ1l36Gl75o7UJvA_kTMwh_8Eg&oe=6627949F HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/437105006_1102269597670542_4976784059220029358_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=Q8Y5BK9l_XIAb4Cr9pt&_nc_ht=scontent-atl3-2.xx&oh=00_AfB-I28Z40HUGosKs6OU1VaGQD7MbfRLpHLFa4by2T23cA&oe=6627854D HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/426704283_408014474976170_8736400465975078399_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=ld6EvftXIT0Ab47SqER&_nc_ht=scontent-atl3-2.xx&oh=00_AfAGwovxP7ofS8GVbz5awfT4XOcqHTKR7fDAa7B5m_KB7g&oe=6627A8C4 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/438193268_922912702947462_7506581556452730663_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=F1f1WyXRCfUAb5H7pg3&_nc_ht=scontent-atl3-2.xx&oh=00_AfDB1zgmFI527f9DlANisuRmydguLRC3xydmlEEaw4wURA&oe=6627B6C7 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/436859318_962909741584758_3870588264605380752_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=s7KXFq-dOKwAb6FUqMa&_nc_ht=scontent-atl3-2.xx&oh=00_AfB-GpW_tvCHQBURGYoJaXuwYk2uRI3TGoOELVJq2jzi8A&oe=6627A99F HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t51.29350-10/438882269_729999509341792_5681810228876178213_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=rx4uzBlOIl8Ab6ytXk7&_nc_ht=scontent-atl3-2.xx&oh=00_AfAvO6SJOH5Y80LRz1OMs2wXXZ5sp1gyOizIOTgXp7L6GA&oe=66279CD1 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/435585243_1336893433647196_6208832241633396260_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=elYzPYAIG9kAb6SZKEF&_nc_ht=scontent-atl3-2.xx&oh=00_AfCvf0SUTHuy36cSdF56yN534pHFsf_uSWdDHk8TaBveJA&oe=6627852B HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/435297039_1622642408563885_856096703543016407_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=GWAVaQ02VJ8Ab6-Thma&_nc_ht=scontent-atl3-2.xx&oh=00_AfAGNYDZ7rzrA5aOKLdOlSZvN9nxTDaGyE2PI0T-WhTcwA&oe=6627AC74 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1434896875&timestamp=1713490842131 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: YSC=TISbAQ87lBo; VISITOR_INFO1_LIVE=Bm5Gpp9tStI; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgPg%3D%3D
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/437942529_992446696222628_1543467553494358279_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=AcwWWyFNr0wAb46GRke&_nc_ht=scontent-atl3-2.xx&oh=00_AfCufZFJTsYS1oCzs70XhJ1l36Gl75o7UJvA_kTMwh_8Eg&oe=6627949F HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/426704283_408014474976170_8736400465975078399_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=ld6EvftXIT0Ab47SqER&_nc_ht=scontent-atl3-2.xx&oh=00_AfAGwovxP7ofS8GVbz5awfT4XOcqHTKR7fDAa7B5m_KB7g&oe=6627A8C4 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/434846145_750354690635123_5825280892337708034_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=VY_PguNQYqkAb4vYZ4J&_nc_ht=scontent-atl3-2.xx&oh=00_AfAA-dZ2FVoVBFW58UvtffQQCH__zs3TaqlqaDmOBrIH9A&oe=66278A45 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/438193268_922912702947462_7506581556452730663_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=F1f1WyXRCfUAb5H7pg3&_nc_ht=scontent-atl3-2.xx&oh=00_AfDB1zgmFI527f9DlANisuRmydguLRC3xydmlEEaw4wURA&oe=6627B6C7 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/438043668_951275763118012_9085738709733793549_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=Ag36yU8NZ2YAb6DVjhK&_nc_oc=AdhGlZK-sKtqhfza7ml_SykynPBUSx2UizoL0jq-Q1WsBlq6hBHetpwRDqkENWqjVAg&_nc_ht=scontent-atl3-2.xx&oh=00_AfA66vG8Ma9yADhKUsRHkt3rFZiZhApEGqODDzKsb816Dw&oe=6627B1A4 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/437105006_1102269597670542_4976784059220029358_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=Q8Y5BK9l_XIAb4Cr9pt&_nc_ht=scontent-atl3-2.xx&oh=00_AfB-I28Z40HUGosKs6OU1VaGQD7MbfRLpHLFa4by2T23cA&oe=6627854D HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yb/r/7NqDjYL3eb9.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3ivlb4/yn/l/en_US/5ZMgj96iLR9.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=MDfl99a8HcsWbttk4FFiiR8NDrBhCww36YdNj1uKpiso07eGcvsh2owHJl6xowzvUoQVtqEycGjE0idljTUJyPRZLMNalpMOXk5lH6nOUPYlliWBUGFfmgHcWUHYGp6eaRiCvQ79dDnqLT59unDyLvvBGoyMOOdIL4T1ogyTHxA
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3ieKI4/yX/l/en_US/aia9_5MaGl8.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/436859318_962909741584758_3870588264605380752_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=s7KXFq-dOKwAb6FUqMa&_nc_ht=scontent-atl3-2.xx&oh=00_AfB-GpW_tvCHQBURGYoJaXuwYk2uRI3TGoOELVJq2jzi8A&oe=6627A99F HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/435585243_1336893433647196_6208832241633396260_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=elYzPYAIG9kAb6SZKEF&_nc_ht=scontent-atl3-2.xx&oh=00_AfCvf0SUTHuy36cSdF56yN534pHFsf_uSWdDHk8TaBveJA&oe=6627852B HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/435297039_1622642408563885_856096703543016407_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=GWAVaQ02VJ8Ab6-Thma&_nc_ht=scontent-atl3-2.xx&oh=00_AfAGNYDZ7rzrA5aOKLdOlSZvN9nxTDaGyE2PI0T-WhTcwA&oe=6627AC74 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yY/r/YT7n1sgH1lv.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t51.29350-10/438882269_729999509341792_5681810228876178213_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=rx4uzBlOIl8Ab6ytXk7&_nc_ht=scontent-atl3-2.xx&oh=00_AfAvO6SJOH5Y80LRz1OMs2wXXZ5sp1gyOizIOTgXp7L6GA&oe=66279CD1 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yb/r/7NqDjYL3eb9.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/430843272_438547758855568_3782525580529738461_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=ki7LIH_ntfYAb7lEcz4&_nc_ht=scontent-atl3-2.xx&oh=00_AfCIj5_yMIP5Es9E9YFuWRv8iLuRq49yvysp8vObeIcFQA&oe=66278DC5 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=MDfl99a8HcsWbttk4FFiiR8NDrBhCww36YdNj1uKpiso07eGcvsh2owHJl6xowzvUoQVtqEycGjE0idljTUJyPRZLMNalpMOXk5lH6nOUPYlliWBUGFfmgHcWUHYGp6eaRiCvQ79dDnqLT59unDyLvvBGoyMOOdIL4T1ogyTHxA
Source: global traffic HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fr=0vajiWcpM3izk77P7..BmIcuZ..AAA.0.0.BmIcua.AWVHWfgcJYQ
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/438091798_1180371333322580_3869440255780885829_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=xEMShP_qLFMAb55VT3m&_nc_ht=scontent-atl3-2.xx&oh=00_AfDWfJxHj0HZNwe-NDko3zvnYAmSYlIZukKiC1ty_egxkw&oe=6627908C HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/427423164_1136863804107170_2890424799444787669_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=B9Pc79yiemQAb6zBz4r&_nc_ht=scontent-atl3-2.xx&oh=00_AfCiWqDXjAXfVtRjlfSGhw15nEOc_vXUOs2xVTfr50viLg&oe=6627A6F7 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/430843272_438547758855568_3782525580529738461_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=ki7LIH_ntfYAb7lEcz4&_nc_ht=scontent-atl3-2.xx&oh=00_AfCIj5_yMIP5Es9E9YFuWRv8iLuRq49yvysp8vObeIcFQA&oe=66278DC5 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/438193634_720475476662614_5584509116371930153_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=-ExROFrTdmwAb5t0lBc&_nc_ht=scontent-atl3-2.xx&oh=00_AfDC4ORowz8xLhxbrweQGY8ubgpNS608cJQiE9HwjWJqyw&oe=66279C6D HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fr=0vajiWcpM3izk77P7..BmIcuZ..AAA.0.0.BmIcua.AWVHWfgcJYQ; wd=1280x907
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/438091798_1180371333322580_3869440255780885829_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=xEMShP_qLFMAb55VT3m&_nc_ht=scontent-atl3-2.xx&oh=00_AfDWfJxHj0HZNwe-NDko3zvnYAmSYlIZukKiC1ty_egxkw&oe=6627908C HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t51.29350-10/434466436_742991631307311_2684269917892696380_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=lEVRaVUhRrUAb6Mesom&_nc_ht=scontent-atl3-2.xx&oh=00_AfAGHE-qbLV-U2v08MXPZy2tIrgHciSRcQNZx7LxILUMmA&oe=6627AD2E HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19832.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7359387103923729254&__req=7&__rev=1012888762&__s=q3fhw7%3A2cd228%3Aqgd3o4&__spin_b=trunk&__spin_r=1012888762&__spin_t=1713490836&__user=0&dpr=1&jazoest=2903&lsd=AVq2Lh2l0hc&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; _js_datr=lMshZix5qPWRCJbLXT1BC9lU; fr=0vajiWcpM3izk77P7..BmIcuZ..AAA.0.0.BmIcuc.AWVYKvhM6i8
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/427755631_1521380321923283_7278901302032905672_n.jpg?stp=dst-jpg_p296x100&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=xJQH45NEw5sAb6WK0Xa&_nc_ht=scontent-atl3-2.xx&oh=00_AfDz4tA7Z9g7MaNQs3vhOnXqFfZweGTXP76ZT7aDiBvboA&oe=6627A761 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/427423164_1136863804107170_2890424799444787669_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=B9Pc79yiemQAb6zBz4r&_nc_ht=scontent-atl3-2.xx&oh=00_AfCiWqDXjAXfVtRjlfSGhw15nEOc_vXUOs2xVTfr50viLg&oe=6627A6F7 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19832.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7359387103923729254&__req=8&__rev=1012888762&__s=q3fhw7%3A2cd228%3Aqgd3o4&__spin_b=trunk&__spin_r=1012888762&__spin_t=1713490836&__user=0&dpr=1&jazoest=2903&lsd=AVq2Lh2l0hc&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; _js_datr=lMshZix5qPWRCJbLXT1BC9lU; fr=0vajiWcpM3izk77P7..BmIcuZ..AAA.0.0.BmIcuc.AWVYKvhM6i8
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yl/r/SDtEN57PJgl.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/438193634_720475476662614_5584509116371930153_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=-ExROFrTdmwAb5t0lBc&_nc_ht=scontent-atl3-2.xx&oh=00_AfDC4ORowz8xLhxbrweQGY8ubgpNS608cJQiE9HwjWJqyw&oe=66279C6D HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/294724701_110489671750480_988274315942354852_n.jpg?stp=cp6_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=CsDREyxMCqwAb6Zm1uF&_nc_ht=scontent-atl3-2.xx&oh=00_AfDUhmgSNym9P3hgORApjgvt5uZCr5vKPXDneN84pBy-xQ&oe=662798CE HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t51.29350-10/434466436_742991631307311_2684269917892696380_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=lEVRaVUhRrUAb6Mesom&_nc_ht=scontent-atl3-2.xx&oh=00_AfAGHE-qbLV-U2v08MXPZy2tIrgHciSRcQNZx7LxILUMmA&oe=6627AD2E HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/429682066_368649729457593_2210717644653039134_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=PCsmMolcaEYAb5liA2T&_nc_ht=scontent-atl3-2.xx&oh=00_AfAr3LnIIBAW4Oll3CfuMViVa6IZ_P_aBcdVZ1tFLfUJ0Q&oe=66278F81 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/427755631_1521380321923283_7278901302032905672_n.jpg?stp=dst-jpg_p296x100&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=xJQH45NEw5sAb6WK0Xa&_nc_ht=scontent-atl3-2.xx&oh=00_AfDz4tA7Z9g7MaNQs3vhOnXqFfZweGTXP76ZT7aDiBvboA&oe=6627A761 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/438331716_2765174076970236_1145479496426679813_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=obA5gIRYYUYAb7KFZz4&_nc_ht=scontent-atl3-2.xx&oh=00_AfDhyPAWHnsY26BikqP407np3qhXfYGR6avsj0inolkFDg&oe=6627A836 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t1.6435-1/166562961_289775365843871_1089544784969631943_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=gsiZqHemNI0Ab7xotOc&_nc_ht=scontent-atl3-2.xx&oh=00_AfCJ2y8PnGo5iYFIOIqkgTsp2QT4Magjkq-glreMKFQsPQ&oe=664932DC HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/294724701_110489671750480_988274315942354852_n.jpg?stp=cp6_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=CsDREyxMCqwAb6Zm1uF&_nc_ht=scontent-atl3-2.xx&oh=00_AfDUhmgSNym9P3hgORApjgvt5uZCr5vKPXDneN84pBy-xQ&oe=662798CE HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19832.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7359387103923729254&__req=9&__rev=1012888762&__s=q3fhw7%3A2cd228%3Aqgd3o4&__spin_b=trunk&__spin_r=1012888762&__spin_t=1713490836&__user=0&dpr=1&jazoest=2903&lsd=AVq2Lh2l0hc&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; _js_datr=lMshZix5qPWRCJbLXT1BC9lU; fr=0vajiWcpM3izk77P7..BmIcuZ..AAA.0.0.BmIcud.AWW5f6UkgfQ
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/414867464_7046595375378763_4861839573446109840_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=QVssM7vGW2oAb4BrMfp&_nc_ht=scontent-atl3-2.xx&oh=00_AfDu-H0r-6CfzXEJPa3gbJwso6VAEOgSMr--wRf3P1KcMw&oe=66279958 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/429682066_368649729457593_2210717644653039134_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=PCsmMolcaEYAb5liA2T&_nc_ht=scontent-atl3-2.xx&oh=00_AfAr3LnIIBAW4Oll3CfuMViVa6IZ_P_aBcdVZ1tFLfUJ0Q&oe=66278F81 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t1.6435-1/182862089_329809465171561_9124100968924750007_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=rbjHzLvzucEAb5bZn4H&_nc_ht=scontent-atl3-2.xx&oh=00_AfDvEfsbAQgrTPLx-opY6lSgCA3J3Ac-nhnwCNbY_jzosg&oe=664928B3 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/438331716_2765174076970236_1145479496426679813_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=obA5gIRYYUYAb7KFZz4&_nc_ht=scontent-atl3-2.xx&oh=00_AfDhyPAWHnsY26BikqP407np3qhXfYGR6avsj0inolkFDg&oe=6627A836 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t1.6435-1/166562961_289775365843871_1089544784969631943_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=gsiZqHemNI0Ab7xotOc&_nc_ht=scontent-atl3-2.xx&oh=00_AfCJ2y8PnGo5iYFIOIqkgTsp2QT4Magjkq-glreMKFQsPQ&oe=664932DC HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t51.29350-10/438844348_833636295261460_8820580507418716899_n.jpg?stp=dst-jpg_p206x206&_nc_cat=111&ccb=1-7&_nc_sid=5f2048&_nc_ohc=J7XdDp8SzdsAb7ozIpk&_nc_ht=scontent-atl3-2.xx&oh=00_AfCB8Q844RX1O_1OVOJ0GECUmomF3JgeZ_RWXRdhba-onA&oe=66278584 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/417843986_7077021149032703_7323956251606094932_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=LP1IcS8WNgkAb5jFRoV&_nc_ht=scontent-atl3-2.xx&oh=00_AfA70jyAe-1RiEXheUHVhxrne1KBbSQ7H9DEFsRhZDQbsQ&oe=6627932F HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/414867464_7046595375378763_4861839573446109840_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=QVssM7vGW2oAb4BrMfp&_nc_ht=scontent-atl3-2.xx&oh=00_AfDu-H0r-6CfzXEJPa3gbJwso6VAEOgSMr--wRf3P1KcMw&oe=66279958 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/429173328_1660370348130360_2791089032841410318_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=oTY5-d1wVVAAb4mnIdt&_nc_ht=scontent-atl3-2.xx&oh=00_AfDbm_PgkHfw_O7s22gOSLB_gTtS0owWxPY3tvmWzgR_aQ&oe=66278BDF HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t1.6435-1/182862089_329809465171561_9124100968924750007_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=rbjHzLvzucEAb5bZn4H&_nc_ht=scontent-atl3-2.xx&oh=00_AfDvEfsbAQgrTPLx-opY6lSgCA3J3Ac-nhnwCNbY_jzosg&oe=664928B3 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/297577919_10217274176765031_2994694822502324520_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=-3rUZ9jyX0wAb5bIv02&_nc_ht=scontent-atl3-2.xx&oh=00_AfCINx_mKEMbP48d8aI4g-TLfOU0Eri64MtOnKfkm9oufA&oe=6627AB82 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t51.29350-10/438844348_833636295261460_8820580507418716899_n.jpg?stp=dst-jpg_p206x206&_nc_cat=111&ccb=1-7&_nc_sid=5f2048&_nc_ohc=J7XdDp8SzdsAb7ozIpk&_nc_ht=scontent-atl3-2.xx&oh=00_AfCB8Q844RX1O_1OVOJ0GECUmomF3JgeZ_RWXRdhba-onA&oe=66278584 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/417843986_7077021149032703_7323956251606094932_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=LP1IcS8WNgkAb5jFRoV&_nc_ht=scontent-atl3-2.xx&oh=00_AfA70jyAe-1RiEXheUHVhxrne1KBbSQ7H9DEFsRhZDQbsQ&oe=6627932F HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yO/r/q8Uic1K195T.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19832.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7359387103923729254&__req=a&__rev=1012888762&__s=q3fhw7%3A2cd228%3Aqgd3o4&__spin_b=trunk&__spin_r=1012888762&__spin_t=1713490836&__user=0&dpr=1&jazoest=2903&lsd=AVq2Lh2l0hc&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; _js_datr=lMshZix5qPWRCJbLXT1BC9lU; fr=0vajiWcpM3izk77P7..BmIcuZ..AAA.0.0.BmIcud.AWW5f6UkgfQ
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/429173328_1660370348130360_2791089032841410318_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=oTY5-d1wVVAAb4mnIdt&_nc_ht=scontent-atl3-2.xx&oh=00_AfDbm_PgkHfw_O7s22gOSLB_gTtS0owWxPY3tvmWzgR_aQ&oe=66278BDF HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /hads-ak-prn2/1487645_6012475414660_1439393861_n.png HTTP/1.1Host: scontent.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/297577919_10217274176765031_2994694822502324520_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=-3rUZ9jyX0wAb5bIv02&_nc_ht=scontent-atl3-2.xx&oh=00_AfCINx_mKEMbP48d8aI4g-TLfOU0Eri64MtOnKfkm9oufA&oe=6627AB82 HTTP/1.1Host: scontent-atl3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yO/r/q8Uic1K195T.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /data/manifest/ HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"dpr: 1sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://www.facebook.com/videoAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; _js_datr=lMshZix5qPWRCJbLXT1BC9lU; fr=0vajiWcpM3izk77P7..BmIcuZ..AAA.0.0.BmIcud.AWW5f6UkgfQ
Source: global traffic HTTP traffic detected: GET /rsrc.php/yT/r/aGT3gskzWBf.ico HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /hads-ak-prn2/1487645_6012475414660_1439393861_n.png HTTP/1.1Host: scontent.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/yT/r/aGT3gskzWBf.ico HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/y0/r/eFZD1KABzRA.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/y0/r/eFZD1KABzRA.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19832.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7359387103923729254&__req=b&__rev=1012888762&__s=q3fhw7%3A2cd228%3Aqgd3o4&__spin_b=trunk&__spin_r=1012888762&__spin_t=1713490836&__user=0&dpr=1&jazoest=2903&lsd=AVq2Lh2l0hc&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; fr=0vajiWcpM3izk77P7..BmIcuZ..AAA.0.0.BmIcud.AWW5f6UkgfQ; datr=lMshZix5qPWRCJbLXT1BC9lU
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=d+yvfuDOyXFdawd&MD=Th7e1MAM HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19832.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7359387103923729254&__req=e&__rev=1012888762&__s=q3fhw7%3A2cd228%3Aqgd3o4&__spin_b=trunk&__spin_r=1012888762&__spin_t=1713490836&__user=0&dpr=1&jazoest=2903&lsd=AVq2Lh2l0hc&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; fr=0vajiWcpM3izk77P7..BmIcuZ..AAA.0.0.BmIcud.AWW5f6UkgfQ; datr=lMshZix5qPWRCJbLXT1BC9lU
Source: global traffic HTTP traffic detected: GET /ajax/webstorage/process_keys/?state=1 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; fr=0vajiWcpM3izk77P7..BmIcuZ..AAA.0.0.BmIcud.AWW5f6UkgfQ; datr=lMshZix5qPWRCJbLXT1BC9lU
Source: global traffic HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=XFUFNTJjIRNiaBvITfRsB5ZN0yRAm1u7DWYT0bKBC9KLUtL-GaKo5kKnfLsAeKQRMqSBWkLdCKblXKkn7qvM-clWYtx-K1jiyX1DdV7oCHABjdkkDPMA0nZ4TO7Dxr8ud6YQYfqAbXisJF689hmjuGfPmXn2XrV0OZwhQGXRPYI
Source: global traffic HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=XFUFNTJjIRNiaBvITfRsB5ZN0yRAm1u7DWYT0bKBC9KLUtL-GaKo5kKnfLsAeKQRMqSBWkLdCKblXKkn7qvM-clWYtx-K1jiyX1DdV7oCHABjdkkDPMA0nZ4TO7Dxr8ud6YQYfqAbXisJF689hmjuGfPmXn2XrV0OZwhQGXRPYI
Source: global traffic HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=XFUFNTJjIRNiaBvITfRsB5ZN0yRAm1u7DWYT0bKBC9KLUtL-GaKo5kKnfLsAeKQRMqSBWkLdCKblXKkn7qvM-clWYtx-K1jiyX1DdV7oCHABjdkkDPMA0nZ4TO7Dxr8ud6YQYfqAbXisJF689hmjuGfPmXn2XrV0OZwhQGXRPYI
Source: global traffic HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=XFUFNTJjIRNiaBvITfRsB5ZN0yRAm1u7DWYT0bKBC9KLUtL-GaKo5kKnfLsAeKQRMqSBWkLdCKblXKkn7qvM-clWYtx-K1jiyX1DdV7oCHABjdkkDPMA0nZ4TO7Dxr8ud6YQYfqAbXisJF689hmjuGfPmXn2XrV0OZwhQGXRPYI
Source: global traffic HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=XFUFNTJjIRNiaBvITfRsB5ZN0yRAm1u7DWYT0bKBC9KLUtL-GaKo5kKnfLsAeKQRMqSBWkLdCKblXKkn7qvM-clWYtx-K1jiyX1DdV7oCHABjdkkDPMA0nZ4TO7Dxr8ud6YQYfqAbXisJF689hmjuGfPmXn2XrV0OZwhQGXRPYI
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19832.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7359387103923729254&__req=g&__rev=1012888762&__s=q3fhw7%3A2cd228%3Aqgd3o4&__spin_b=trunk&__spin_r=1012888762&__spin_t=1713490836&__user=0&dpr=1&jazoest=2903&lsd=AVq2Lh2l0hc&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; datr=lMshZix5qPWRCJbLXT1BC9lU; fr=0vajiWcpM3izk77P7..BmIcuZ..AAA.0.0.BmIcuz.AWWlN6Ji0Is
Source: global traffic HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=XFUFNTJjIRNiaBvITfRsB5ZN0yRAm1u7DWYT0bKBC9KLUtL-GaKo5kKnfLsAeKQRMqSBWkLdCKblXKkn7qvM-clWYtx-K1jiyX1DdV7oCHABjdkkDPMA0nZ4TO7Dxr8ud6YQYfqAbXisJF689hmjuGfPmXn2XrV0OZwhQGXRPYI
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=d+yvfuDOyXFdawd&MD=Th7e1MAM HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19832.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7359387103923729254&__req=h&__rev=1012888762&__s=%3A2cd228%3Aqgd3o4&__spin_b=trunk&__spin_r=1012888762&__spin_t=1713490836&__user=0&dpr=1&jazoest=2903&lsd=AVq2Lh2l0hc&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; datr=lMshZix5qPWRCJbLXT1BC9lU; fr=0vajiWcpM3izk77P7..BmIcuZ..AAA.0.0.BmIcuz.AWWlN6Ji0Is
Source: global traffic HTTP traffic detected: GET /ajax/webstorage/process_keys/?state=1 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; datr=lMshZix5qPWRCJbLXT1BC9lU; fr=0vajiWcpM3izk77P7..BmIcuZ..AAA.0.0.BmIcuz.AWWlN6Ji0Is
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19832.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7359387103923729254&__req=j&__rev=1012888762&__s=%3A2cd228%3Aqgd3o4&__spin_b=trunk&__spin_r=1012888762&__spin_t=1713490836&__user=0&dpr=1&jazoest=2903&lsd=AVq2Lh2l0hc&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; datr=lMshZix5qPWRCJbLXT1BC9lU; fr=0vajiWcpM3izk77P7..BmIcuZ..AAA.0.0.BmIcvm.AWUVYGdJSe8
Source: chromecache_223.6.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/A4tfXiHOGrs/ equals www.facebook.com (Facebook)
Source: chromecache_232.6.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/CCT5pM3qiNk/ equals www.facebook.com (Facebook)
Source: chromecache_223.6.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/Ga6vBwdwgUx/ equals www.facebook.com (Facebook)
Source: chromecache_232.6.dr, chromecache_153.6.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/MDzNl_j9yvg/ equals www.facebook.com (Facebook)
Source: chromecache_133.6.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/OKBVmODmb-W/ equals www.facebook.com (Facebook)
Source: chromecache_232.6.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/V9vdYColc4k/ equals www.facebook.com (Facebook)
Source: chromecache_133.6.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/WRsJ32R7YJG/ equals www.facebook.com (Facebook)
Source: chromecache_232.6.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/aJoeSHn7XcN/ equals www.facebook.com (Facebook)
Source: chromecache_232.6.dr, chromecache_153.6.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/t3hOLs8wlXy/ equals www.facebook.com (Facebook)
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: <https://www.facebook.com/video1-1-0C equals www.facebook.com (Facebook)
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: >https://www.youtube.com/accountrosoft\WindowsINetCookiesOl equals www.youtube.com (Youtube)
Source: chromecache_173.6.dr String found in binary or memory: _.Jw(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.Jw(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.Jw(_.Sw(c))+"&hl="+_.Jw(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.Jw(m)+"/chromebook/termsofservice.html?languageCode="+_.Jw(d)+"&regionCode="+_.Jw(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded":"")+"?hl="+_.Jw(d)+"&gl="+_.Jw(c)+(h?"&color_scheme="+ equals www.youtube.com (Youtube)
Source: chromecache_191.6.dr String found in binary or memory: __d("Chromedome",["fbt"],(function(a,b,c,d,e,f,g,h){function i(){if(document.domain==null)return null;var a=document.domain,b=/^intern\./.test(a);if(b)return null;b=/(^|\.)facebook\.(com|sg)$/.test(a);if(b)return"facebook";b=/(^|\.)instagram\.com$/.test(a);if(b)return"instagram";b=/(^|\.)threads\.net$/.test(a);if(b)return"threads";b=/(^|\.)messenger\.com$/.test(a);return b?"messenger":null}function j(a){if(a==="instagram")return h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable an Instagram feature or \"hack\" someone's account, it is a scam and will give them access to your Instagram account.");return a==="threads"?h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable a Threads feature or \"hack\" someone's account, it is a scam and will give them access to your Threads account."):h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable a Facebook feature or \"hack\" someone's account, it is a scam and will give them access to your Facebook account.")}function a(a){if(top!==window)return;a=i();if(a==null)return;var b=h._("Stop!");a=j(a);var c=h._("See {url} for more information.",[h._param("url","https://www.facebook.com/selfxss")]);if(window.chrome||window.safari){var d="font-family:helvetica; font-size:20px; ";[[b,d+"font-size:50px; font-weight:bold; color:red; -webkit-text-stroke:1px black;"],[a,d],[c,d],["",""]].map(function(a){window.setTimeout(console.log.bind(console,"\n%c"+a[0].toString(),a[1]))})}else{b=[""," .d8888b. 888 888","d88P Y88b 888 888","Y88b. 888 888",' "Y888b. 888888 .d88b. 88888b. 888',' "Y88b. 888 d88""88b 888 "88b 888',' "888 888 888 888 888 888 Y8P',"Y88b d88P Y88b. Y88..88P 888 d88P",' "Y8888P" "Y888 "Y88P" 88888P" 888'," 888"," 888"," 888"];d=(""+a.toString()).match(/.{35}.+?\s+|.+$/g);if(d!=null){a=Math.floor(Math.max(0,(b.length-d.length)/2));for(var e=0;e<b.length||e<d.length;e++){var f=b[e];b[e]=f+new Array(45-f.length).join(" ")+(d[e-a]||"")}}console.log("\n\n\n"+b.join("\n")+"\n\n"+c.toString()+"\n");return}}g.start=a}),226); equals www.facebook.com (Facebook)
Source: chromecache_133.6.dr String found in binary or memory: __d("CometCookieConsent2023Q1OtherCompanies.react",["fbt","CometCookieConsentModalStringsUpdated","CometCookieConsentSectionAccordion.react","CometCookieConsentUtils.react","CometListCell.react","CometListCellPressable.react","CometListCellText.react","CometSwitch.react","DisclosureAddOn.react","TetraText.react","gkx","react"],(function(a,b,c,d,e,f,g,h){"use strict";var i,j=i||(i=d("react")),k=i.useState;function a(){var a=k(!1),b=a[0],e=a[1];a=c("gkx")("1834");return j.jsxs("div",{className:"x1nb4dca x1q0q8m5 xso031l xx6bls6",children:[j.jsx("div",{className:"x9orja2",children:j.jsx(c("TetraText.react"),{type:"headlineEmphasized2",children:d("CometCookieConsentModalStringsUpdated").COOKIES_FROM_OTHER_COMPANIES_SECTION_HEADER})}),a?j.jsxs(j.Fragment,{children:[j.jsx(c("CometListCell.react"),{addOnEnd:j.jsx(c("CometSwitch.react"),{onValueChange:function(){e(!b)},value:b,children:h._("Toggle")}),content:j.jsx(c("CometListCellText.react"),{body:j.jsx(c("TetraText.react"),{type:"body3",children:d("CometCookieConsentModalStringsUpdated").getCookiesFromOtherCompaniesSubHeader(r)})}),hasBottomDivider:!1}),j.jsx(c("CometListCellPressable.react"),{addOnEnd:j.jsx(c("DisclosureAddOn.react"),{}),content:j.jsx(c("CometListCellText.react"),{headline:j.jsx(c("TetraText.react"),{type:"headline3",children:d("CometCookieConsentModalStringsUpdated").CATEGORY_CONTROLS_ENTRY_TEXT})}),onPress:function(){}})]}):j.jsx("div",{className:"xx6bls6 x1cnzs8",children:j.jsx(c("TetraText.react"),{type:"body3",children:d("CometCookieConsentModalStringsUpdated").getCookiesFromOtherCompaniesSubHeader(r)})}),j.jsx(c("CometCookieConsentSectionAccordion.react"),{content:m,sectionTitle:l}),j.jsx(c("CometCookieConsentSectionAccordion.react"),{content:o,sectionTitle:n}),j.jsx(c("CometCookieConsentSectionAccordion.react"),{content:q,sectionTitle:p})]})}a.displayName=a.name+" [from "+f.id+"]";var l=j.jsx(c("CometListCellText.react"),{headline:j.jsx(c("TetraText.react"),{type:"headlineEmphasized3",children:d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES})}),m=j.jsxs("div",{style:{marginLeft:10},children:[j.jsx("div",{style:{paddingBottom:10,paddingTop:10},children:j.jsx(c("TetraText.react"),{type:"body3",children:d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES_INTRO})}),j.jsx(d("CometCookieConsentUtils.react").CometConsentListBullets,{list:[d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES_ITEM_1,d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES_ITEM_2,d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES_ITEM_3]})]}),n=j.jsx(c("CometListCellText.react"),{headline:j.jsx(c("TetraText.react"),{type:"headlineEmphasized3",children:d("CometCookieConsentModalStringsUpdated").IF_ALLOW_THESE_COOKIES})}),o=j.jsx("div",{style:{marginLeft:10},children:j.jsx(d("CometCookieConsentUtils.react").CometConsentListBullets,{list:[d("CometCookieConsentModalStringsUpdated").IF_ALLOW_THESE_COOKIES_ITEM_1,d("CometCookieCons
Source: chromecache_124.6.dr String found in binary or memory: __d("CometLegalFooter.react",["fbt","ix","BaseMiddot.react","CometErrorBoundary.react","CometLazyPopoverTrigger.react","CometLink.react","CometPressable.react","FBCookieSettingsLoggedOutConfig","JSResourceForInteraction","ServerTime","TetraIcon.react","TetraText.react","XHealthPolicyCometControllerRouteBuilder","XPrivacyPolicyCometControllerRouteBuilder","fbicon","gkx","react","useCurrentRoute"],(function(a,b,c,d,e,f,g,h,i){"use strict";var j,k=j||d("react"),l=c("JSResourceForInteraction")("CometLegalFooterMoreMenu.react").__setRef("CometLegalFooter.react");function m(){try{var a;return(a=new Date(d("ServerTime").getMillis()))==null?void 0:a.getFullYear()}catch(a){return null}}function a(a){var b=a.isHelpCenter;b=b===void 0?!1:b;var e=a.isPage;e=e===void 0?!1:e;var f=a.onClick;a=d("FBCookieSettingsLoggedOutConfig").should_show_cookie_settings;var g=c("useCurrentRoute")(),j=m(),n=c("XPrivacyPolicyCometControllerRouteBuilder").buildUri({entry_point:"comet_dropdown"}),o=c("XHealthPolicyCometControllerRouteBuilder").buildUri({});e=[{href:"https://www.facebook.com/legal/terms/information_about_page_insights_data",label:h._("Information about Page Insights Data"),render:e&&c("gkx")("22806")},{href:n.toString(),label:h._("Privacy"),testid:"CometDropdownPrivacy"},{href:o.toString(),label:h._("Consumer Health Privacy"),render:c("gkx")("2828"),testid:"CometDropdownHealthPrivacy"},{href:"/terms?ref=pf",label:"Impressum/Terms/NetzDG/UrhDaG",render:c("gkx")("22807")&&!c("gkx")("22808")},{href:"/terms?ref=pf",label:h._("Imprint\/Terms"),render:c("gkx")("22808")},{href:"/legal/germany/",label:"UrhDaG/MStV",render:c("gkx")("22808")},{href:"/policies?ref=pf",label:h._("Terms"),render:!c("gkx")("22807")&&!c("gkx")("22808"),testid:"CometDropdownTerms"},{href:"/business/",label:h._("Advertising")},{href:"/help/568137493302217",label:k.jsxs(k.Fragment,{children:[h._("Ad Choices")," ",k.jsx(c("CometErrorBoundary.react"),{children:k.jsx("span",{className:"x1n2onr6 x1qiirwl",children:k.jsx(c("TetraIcon.react"),{color:"secondary",icon:d("fbicon")._(i("871692"),12)})})})]})},{href:"/policies/cookies/",label:h._("Cookies"),testid:"CometDropdownCookies"},{href:"/privacy/cookie_settings/",label:h._("Cookie Settings"),render:a}].filter(function(a){return a.render==null||a.render===!0});var p=[];if((g==null?void 0:(n=g.rootView.props)==null?void 0:n.seoCrawlingPool)&&(g==null?void 0:(o=g.rootView.props)==null?void 0:o.seoCrawlingPool.url)){Array.from(Array((g==null?void 0:(a=g.rootView.props)==null?void 0:a.seoCrawlingPool.multiple_links)||0)).forEach(function(a,b){p.push(k.jsxs("li",{className:"xt0psk2",children:[k.jsx(c("CometLink.react"),{color:"secondary",href:g==null?void 0:(a=g.rootView.props)==null?void 0:a.seoCrawlingPool.url,onClick:f,weight:"normal",children:g==null?void 0:(a=g.rootView.props)==null?void 0:a.seoCrawlingPool.link_string}),k.jsx(c("BaseMiddot.react"),{})]},b))})}if((g==null?void 0:(n=g.rootView.props)==null?void 0:n.seoGrowthAutomationCrawlingPool)&&(g
Source: chromecache_133.6.dr String found in binary or memory: __d("FacebookCookieConsentCustomization",["fbt","ix","JSResourceForInteraction","XCookiesPolicyControllerRouteBuilder","isBaseline4EnabledForLoggedOut","isCNILEnabledForLoggedOut","lazyLoadComponent"],(function(a,b,c,d,e,f,g,h,i){"use strict";var j=c("lazyLoadComponent")(c("JSResourceForInteraction")("FacebookCometCookieConsentDialogDataSettings.react").__setRef("FacebookCookieConsentCustomization"));a=function(){var a,b,d,e=null;c("isBaseline4EnabledForLoggedOut")()||c("isCNILEnabledForLoggedOut")()?(b=i("1954651"),d=i("1954649"),e=h._("More options")):(b=i("856481"),d=i("856481"),e=h._("Manage Data Settings"));a=(a=(a=c("XCookiesPolicyControllerRouteBuilder").buildUri({}).getQualifiedUri())==null?void 0:(a=a.setDomain("www.facebook.com"))==null?void 0:a.toString())!=null?a:"";return{essentialCookiesOnly:!1,faviconDark:d,faviconLight:b,policyUrl:a,productName:"FACEBOOK",secondaryAction:{label:e,viewReference:j}}};b=a;g["default"]=b}),226); equals www.facebook.com (Facebook)
Source: chromecache_132.6.dr String found in binary or memory: __d("RealtimeGraphQLRequest",["invariant","RequestStreamCommonRequestStreamCommonTypes","TransportSelectingClientSingleton","nullthrows","regeneratorRuntime"],(function(a,b,c,d,e,f,g,h){"use strict";a=function(){function a(a){var b=this,e=a.method,f=a.doc_id,g=a.is_intern,i=a.extra_headers,j=a.body,k=a.instrumentation_data;a=a.sandbox;this.$12=function(a){switch(a){case d("RequestStreamCommonRequestStreamCommonTypes").FlowStatus.Started:if(b.$10){b.$9!=null||h(0,13576);a=Date.now()-c("nullthrows")(b.$9);b.$7!=null&&b.$7(a)}else b.$10=!0,b.$5!=null&&b.$5();break;case d("RequestStreamCommonRequestStreamCommonTypes").FlowStatus.Stopped:b.$9=Date.now();b.$6!=null&&b.$6(!1,!1);break;default:break}};this.$10=!1;e={method:e,doc_id:f};g===!0&&(e=babelHelpers["extends"]({},e,{www_tier:"intern"}));a!=null&&(e=babelHelpers["extends"]({},e,{www_sandbox:a.replace(/^not-www\.(\d+)\.(od|sb)\.internalfb\.com$/,"www.$1.$2.facebook.com")}));i!=null&&(e=babelHelpers["extends"]({},e,i));this.$1=e;this.$2=JSON.stringify(j);this.$11=k}var e=a.prototype;e.onResponse=function(a){this.$3=a;return this};e.onError=function(a){this.$4=a;return this};e.onActive=function(a){this.$5=a;return this};e.onPause=function(a){this.$6=a;return this};e.onResume=function(a){this.$7=a;return this};e.onRetryUpdateRequestBody=function(a){this.$8=a;this.$1=babelHelpers["extends"]({},this.$1,{request_stream_retry:"false"});return this};e.send=function(){var a,d;return b("regeneratorRuntime").async(function(e){while(1)switch(e.prev=e.next){case 0:this.$3!=null||h(0,33593);a={onData:c("nullthrows")(this.$3)};this.$4!=null&&(a=babelHelpers["extends"]({},a,{onTermination:this.$4}));a=babelHelpers["extends"]({},a,{onFlowStatus:this.$12});this.$8!=null&&(a=babelHelpers["extends"]({},a,{onRetryUpdateRequestBody:this.$8}));e.next=7;return b("regeneratorRuntime").awrap(c("TransportSelectingClientSingleton").requestStream(this.$1,this.$2,a,this.$11));case 7:d=e.sent;return e.abrupt("return",{cancel:function(){d.cancel()},amendExperimental:function(a){try{d.amendWithoutAck(JSON.stringify(a));return!0}catch(a){return!1}}});case 9:case"end":return e.stop()}},null,this)};return a}();g["default"]=a}),98); equals www.facebook.com (Facebook)
Source: HxesZl7bIx.exe, 00000000.00000002.1651698087.0000000001068000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: bts://www.youtube.com/account equals www.youtube.com (Youtube)
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651698087.0000000001068000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.facebook.com/video equals www.facebook.com (Facebook)
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651698087.0000000001068000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001088000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/account"% equals www.youtube.com (Youtube)
Source: HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001088000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000003.1650965775.0000000001087000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/accountC equals www.youtube.com (Youtube)
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: www.facebook.com/video)" equals www.facebook.com (Facebook)
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: www.facebook.com; equals www.facebook.com (Facebook)
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: www.facebook.comA equals www.facebook.com (Facebook)
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: www.youtube.comp\ equals www.youtube.com (Youtube)
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: www.youtube.comu\ equals www.youtube.com (Youtube)
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: www.youtube.com|d equals www.youtube.com (Youtube)
Source: unknown DNS traffic detected: queries for: www.youtube.com
Source: unknown HTTP traffic detected: POST /ajax/qm/?__a=1&__user=0&__comet_req=15&jazoest=2903 HTTP/1.1Host: www.facebook.comConnection: keep-aliveContent-Length: 124sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedsec-ch-ua-platform-version: "10.0.0"dpr: 1sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/videoAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0vajiWcpM3izk77P7..BmIcuZ..AAA.0.0.BmIcuZ.AWXg241u3QQ; expires=Thu, 18-Jul-2024 01:40:41 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=08tYrEllOTxZIgVIa..BmIcuZ..AAA.0.0.BmIcuZ.AWVIsZslkTc; expires=Thu, 18-Jul-2024 01:40:41 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0vajiWcpM3izk77P7..BmIcuZ..AAA.0.0.BmIcua.AWVHWfgcJYQ; expires=Thu, 18-Jul-2024 01:40:42 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0vajiWcpM3izk77P7..BmIcuZ..AAA.0.0.BmIcuc.AWVYKvhM6i8; expires=Thu, 18-Jul-2024 01:40:44 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0vajiWcpM3izk77P7..BmIcuZ..AAA.0.0.BmIcud.AWW5f6UkgfQ; expires=Thu, 18-Jul-2024 01:40:45 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0vajiWcpM3izk77P7..BmIcuZ..AAA.0.0.BmIcuz.AWWlN6Ji0Is; expires=Thu, 18-Jul-2024 01:41:07 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0vajiWcpM3izk77P7..BmIcuZ..AAA.0.0.BmIcvm.AWUVYGdJSe8; expires=Thu, 18-Jul-2024 01:41:58 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: chromecache_173.6.dr String found in binary or memory: https://accounts.google.com
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com#v
Source: HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/0
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/2
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/2x
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/66
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/9
Source: chromecache_173.6.dr String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/UserWdtH
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Y
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/bu
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/me
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ne
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o&
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/pe
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/u
Source: HxesZl7bIx.exe, 00000000.00000002.1651698087.0000000001068000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.coms
Source: chromecache_224.6.dr, chromecache_149.6.dr String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: chromecache_173.6.dr String found in binary or memory: https://families.google.com/intl/
Source: chromecache_132.6.dr String found in binary or memory: https://fburl.com/comet_preloading
Source: chromecache_132.6.dr String found in binary or memory: https://fburl.com/dialog-provider).
Source: chromecache_132.6.dr String found in binary or memory: https://fburl.com/wiki/m19zmtlh
Source: chromecache_227.6.dr, chromecache_235.6.dr String found in binary or memory: https://fburl.com/wiki/xrzohrqb
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://g.co/recover
Source: chromecache_167.6.dr String found in binary or memory: https://lexical.dev/docs/error?
Source: chromecache_133.6.dr String found in binary or memory: https://optout.aboutads.info/
Source: chromecache_173.6.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://play.google/intl/
Source: chromecache_173.6.dr String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://policies.google.com/privacy/additional/embedded?gl=kr
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://policies.google.com/terms
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://policies.google.com/terms/location/embedded
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_124.6.dr String found in binary or memory: https://scontent.xx.fbcdn.net/hads-ak-prn2/1487645_6012475414660_1439393861_n.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_v1.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/get_family_link_2.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_0.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_0.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/alreadyinstalledfamilylink.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/installfamilylink.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://support.google.com/accounts?hl=
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://support.google.com/accounts?p=new-si-ui
Source: chromecache_133.6.dr String found in binary or memory: https://support.google.com/chrome/answer/95647
Source: chromecache_173.6.dr String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: chromecache_224.6.dr, chromecache_149.6.dr String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://www.google.com
Source: chromecache_173.6.dr String found in binary or memory: https://www.google.com/intl/
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
Source: chromecache_223.6.dr String found in binary or memory: https://www.internalfb.com/intern/invariant/
Source: chromecache_133.6.dr String found in binary or memory: https://www.youronlinechoices.com/
Source: HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/account
Source: HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001088000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000003.1650965775.0000000001087000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/accountC
Source: HxesZl7bIx.exe, 00000000.00000003.1650742948.0000000001094000.00000004.00000020.00020000.00000000.sdmp, HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/accountrosoft
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: chromecache_133.6.dr String found in binary or memory: https://youradchoices.ca/
Source: chromecache_218.6.dr, chromecache_173.6.dr String found in binary or memory: https://youtube.com/t/terms?gl=
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown HTTPS traffic detected: 23.33.136.127:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.33.136.127:443 -> 192.168.2.4:49797 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49916 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49940 version: TLS 1.2
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003BEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard, 0_2_003BEAFF
Contains functionality to modify clipboard data
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003BED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard, 0_2_003BED6A
Contains functionality to read the clipboard data
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003BEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard, 0_2_003BEAFF
Contains functionality to retrieve information about pressed keystrokes
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003AAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput, 0_2_003AAA57
Potential key logger detected (key state polling based)
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003D9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, 0_2_003D9576

System Summary
barindex
Binary is likely a compiled AutoIt script file
Source: HxesZl7bIx.exe String found in binary or memory: This is a third-party compiled AutoIt script.
Source: HxesZl7bIx.exe, 00000000.00000000.1646659099.0000000000402000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: This is a third-party compiled AutoIt script. memstr_b230da33-c
Source: HxesZl7bIx.exe, 00000000.00000000.1646659099.0000000000402000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer memstr_029e8069-1
Source: HxesZl7bIx.exe String found in binary or memory: This is a third-party compiled AutoIt script. memstr_d58b49ed-6
Source: HxesZl7bIx.exe String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer memstr_7fec1754-0
Contains functionality to communicate with device drivers
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003AD5EB: CreateFileW,DeviceIoControl,CloseHandle, 0_2_003AD5EB
Contains functionality to launch a process as a different user
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003A1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock, 0_2_003A1201
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003AE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState, 0_2_003AE8F6
Detected potential crypto function
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_00348060 0_2_00348060
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003B2046 0_2_003B2046
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003A8298 0_2_003A8298
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_0037E4FF 0_2_0037E4FF
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_0037676B 0_2_0037676B
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003D4873 0_2_003D4873
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_0036CAA0 0_2_0036CAA0
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_0034CAF0 0_2_0034CAF0
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_0035CC39 0_2_0035CC39
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_00376DD9 0_2_00376DD9
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_0035B119 0_2_0035B119
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003491C0 0_2_003491C0
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_00361394 0_2_00361394
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_00361706 0_2_00361706
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_0036781B 0_2_0036781B
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_00347920 0_2_00347920
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_0035997D 0_2_0035997D
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003619B0 0_2_003619B0
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_00367A4A 0_2_00367A4A
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_00361C77 0_2_00361C77
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_00367CA7 0_2_00367CA7
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003CBE44 0_2_003CBE44
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_00379EEE 0_2_00379EEE
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_00361F32 0_2_00361F32
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_0034BF40 0_2_0034BF40
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: String function: 00360A30 appears 46 times
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: String function: 0035F9F2 appears 31 times
Uses 32bit PE files
Source: HxesZl7bIx.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engine Classification label: mal60.evad.winEXE@36/204@32/12
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003B37B5 GetLastError,FormatMessageW, 0_2_003B37B5
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003A10BF AdjustTokenPrivileges,CloseHandle, 0_2_003A10BF
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003A16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError, 0_2_003A16C3
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003B51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode, 0_2_003B51CD
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003CA67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle, 0_2_003CA67C
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003B648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize, 0_2_003B648E
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003442A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource, 0_2_003442A2
Source: HxesZl7bIx.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: HxesZl7bIx.exe ReversingLabs: Detection: 58%
Source: HxesZl7bIx.exe Virustotal: Detection: 56%
Source: unknown Process created: C:\Users\user\Desktop\HxesZl7bIx.exe "C:\Users\user\Desktop\HxesZl7bIx.exe"
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/account
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1948,i,11509186462824718599,1135908042397387967,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2384,i,589836651291773641,6998480296126428136,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1852,i,4759629210035678805,3371975258739190933,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4948 --field-trial-handle=2384,i,589836651291773641,6998480296126428136,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=2384,i,589836651291773641,6998480296126428136,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/account Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/ Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2384,i,589836651291773641,6998480296126428136,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4948 --field-trial-handle=2384,i,589836651291773641,6998480296126428136,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=2384,i,589836651291773641,6998480296126428136,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1948,i,11509186462824718599,1135908042397387967,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1852,i,4759629210035678805,3371975258739190933,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: windows.shell.servicehostbuilder.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A66AEDC-93C3-4ACC-BA96-08F5716429F7}\InProcServer32 Jump to behavior
Source: HxesZl7bIx.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: HxesZl7bIx.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: HxesZl7bIx.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: HxesZl7bIx.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: HxesZl7bIx.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: HxesZl7bIx.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: HxesZl7bIx.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: HxesZl7bIx.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: HxesZl7bIx.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: HxesZl7bIx.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: HxesZl7bIx.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: HxesZl7bIx.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_003442DE
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_00360A76 push ecx; ret 0_2_00360A89
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_0035F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput, 0_2_0035F98E
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003D1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, 0_2_003D1C41
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\HxesZl7bIx.exe API coverage: 3.0 %
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003B68EE FindFirstFileW,FindClose, 0_2_003B68EE
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003B698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, 0_2_003B698F
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003AD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_003AD076
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003AD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_003AD3A9
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003B9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_003B9642
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003B979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_003B979D
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003B9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, 0_2_003B9B2B
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003ADBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, 0_2_003ADBBE
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003B5C97 FindFirstFileW,FindNextFileW,FindClose, 0_2_003B5C97
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_003442DE
Source: HxesZl7bIx.exe, 00000000.00000002.1651746451.0000000001094000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003BEAA2 BlockInput, 0_2_003BEAA2
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_00372622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00372622
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_003442DE
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_00364CE8 mov eax, dword ptr fs:[00000030h] 0_2_00364CE8
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003A0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, 0_2_003A0B62
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_00372622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00372622
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_0036083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_0036083F
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003609D5 SetUnhandledExceptionFilter, 0_2_003609D5
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_00360C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00360C21
Contains functionality to execute programs as a different user
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003A1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock, 0_2_003A1201
Contains functionality to launch a program with higher privileges
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_00382BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW, 0_2_00382BA5
Contains functionality to simulate keystroke presses
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003AB226 SendInput,keybd_event, 0_2_003AB226
Contains functionality to simulate mouse events
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003C22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event, 0_2_003C22DA
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/account Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/ Jump to behavior
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003A0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, 0_2_003A0B62
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003A1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid, 0_2_003A1663
Source: HxesZl7bIx.exe Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: HxesZl7bIx.exe Binary or memory string: Shell_TrayWnd
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_00360698 cpuid 0_2_00360698
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003B8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW, 0_2_003B8195
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_0039D27A GetUserNameW, 0_2_0039D27A
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_0037BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte, 0_2_0037BB6F
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_003442DE
OS version to string mapping found (often used in BOTs)
Source: HxesZl7bIx.exe Binary or memory string: WIN_81
Source: HxesZl7bIx.exe Binary or memory string: WIN_XP
Source: HxesZl7bIx.exe Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: HxesZl7bIx.exe Binary or memory string: WIN_XPe
Source: HxesZl7bIx.exe Binary or memory string: WIN_VISTA
Source: HxesZl7bIx.exe Binary or memory string: WIN_7
Source: HxesZl7bIx.exe Binary or memory string: WIN_8
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003C1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket, 0_2_003C1204
Source: C:\Users\user\Desktop\HxesZl7bIx.exe Code function: 0_2_003C1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket, 0_2_003C1806
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1428503 Sample: HxesZl7bIx Startdate: 19/04/2024 Architecture: WINDOWS Score: 60 38 Multi AV Scanner detection for submitted file 2->38 40 Binary is likely a compiled AutoIt script file 2->40 42 Machine Learning detection for sample 2->42 7 HxesZl7bIx.exe 12 2->7         started        process3 signatures4 44 Binary is likely a compiled AutoIt script file 7->44 46 Found API chain indicative of sandbox detection 7->46 10 chrome.exe 1 7->10         started        13 chrome.exe 7->13         started        15 chrome.exe 7->15         started        process5 dnsIp6 34 192.168.2.4, 443, 49731, 49735 unknown unknown 10->34 36 239.255.255.250 unknown Reserved 10->36 17 chrome.exe 10->17         started        20 chrome.exe 10->20         started        22 chrome.exe 6 10->22         started        24 chrome.exe 13->24         started        26 chrome.exe 15->26         started        process7 dnsIp8 28 youtube-ui.l.google.com 108.177.122.93, 443, 49735 GOOGLEUS United States 17->28 30 www3.l.google.com 142.250.9.139, 443, 49792, 49820 GOOGLEUS United States 17->30 32 12 other IPs or domains 17->32
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
31.13.65.36
 star-mini.c10r.facebook.com Ireland
32934 FACEBOOKUS false
142.250.9.139
 www3.l.google.com United States
15169 GOOGLEUS false
31.13.65.7
 scontent.xx.fbcdn.net Ireland
32934 FACEBOOKUS false
239.255.255.250
 unknown Reserved
unknown unknown false
64.233.177.101
 play.google.com United States
15169 GOOGLEUS false
108.177.122.93
 youtube-ui.l.google.com United States
15169 GOOGLEUS false
64.233.176.147
 www.google.com United States
15169 GOOGLEUS false
31.13.88.35
 unknown Ireland
32934 FACEBOOKUS false
31.13.88.13
 scontent-atl3-2.xx.fbcdn.net Ireland
32934 FACEBOOKUS false
142.251.15.105
 unknown United States
15169 GOOGLEUS false
142.251.15.138
 unknown United States
15169 GOOGLEUS false

Private

IP
192.168.2.4

Contacted Domains

Name IP Active
star-mini.c10r.facebook.com 31.13.65.36 true
youtube-ui.l.google.com 108.177.122.93 true
scontent.xx.fbcdn.net 31.13.65.7 true
play.google.com 64.233.177.101 true
www3.l.google.com 142.250.9.139 true
www.google.com 64.233.176.147 true
scontent-atl3-2.xx.fbcdn.net 31.13.88.13 true
www.facebook.com unknown unknown
accounts.youtube.com unknown unknown
www.youtube.com unknown unknown
static.xx.fbcdn.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://scontent-atl3-2.xx.fbcdn.net/v/t15.5256-10/438193268_922912702947462_7506581556452730663_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=F1f1WyXRCfUAb5H7pg3&_nc_ht=scontent-atl3-2.xx&oh=00_AfDB1zgmFI527f9DlANisuRmydguLRC3xydmlEEaw4wURA&oe=6627B6C7 false
    		high
    https://static.xx.fbcdn.net/rsrc.php/v3ic_A4/yy/l/en_US/SV3JvfEjy-HECsg6rc0g3Q_nx0QPfkJnvo7kHHAR2WLloFvVgikQZOAlimUDEtcYdfpXFYHV90WF8xsw_y3zVOBS5r1v89-9txafWxL1rr0Obq.js?_nc_x=Ij3Wp8lg5Kz false
      		high
      https://www.facebook.com/video false
        		high
        https://static.xx.fbcdn.net/rsrc.php/v3ieKI4/yX/l/en_US/aia9_5MaGl8.js?_nc_x=Ij3Wp8lg5Kz false
          		high
          https://static.xx.fbcdn.net/rsrc.php/v3/yA/r/OMXgFqU76kP.js?_nc_x=Ij3Wp8lg5Kz false
            		high
            https://static.xx.fbcdn.net/rsrc.php/v3/yb/l/0,cross/YevIHjTZjnO.css?_nc_x=Ij3Wp8lg5Kz false
              		high
              https://scontent-atl3-2.xx.fbcdn.net/v/t39.30808-1/294724701_110489671750480_988274315942354852_n.jpg?stp=cp6_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=CsDREyxMCqwAb6Zm1uF&_nc_ht=scontent-atl3-2.xx&oh=00_AfDUhmgSNym9P3hgORApjgvt5uZCr5vKPXDneN84pBy-xQ&oe=662798CE false
                		high
                https://scontent-atl3-2.xx.fbcdn.net/v/t15.5256-10/430843272_438547758855568_3782525580529738461_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=ki7LIH_ntfYAb7lEcz4&_nc_ht=scontent-atl3-2.xx&oh=00_AfCIj5_yMIP5Es9E9YFuWRv8iLuRq49yvysp8vObeIcFQA&oe=66278DC5 false
                  		high
                  https://www.facebook.com/ajax/qm/?__a=1&__user=0&__comet_req=15&jazoest=2903 false
                    		high
                    https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19832.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7359387103923729254&__req=a&__rev=1012888762&__s=q3fhw7%3A2cd228%3Aqgd3o4&__spin_b=trunk&__spin_r=1012888762&__spin_t=1713490836&__user=0&dpr=1&jazoest=2903&lsd=AVq2Lh2l0hc&ph=C3 false
                      		high
                      https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19832.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7359387103923729254&__req=d&__rev=1012888762&__s=q3fhw7%3A2cd228%3Aqgd3o4&__spin_b=trunk&__spin_r=1012888762&__spin_t=1713490836&__user=0&dpr=1&jazoest=2903&lsd=AVq2Lh2l0hc&ph=C3 false
                        		high
                        https://static.xx.fbcdn.net/rsrc.php/v3/yb/r/G3Nm7rYDpD0.js?_nc_x=Ij3Wp8lg5Kz false
                          		high
                          https://scontent-atl3-2.xx.fbcdn.net/v/t15.5256-10/438091798_1180371333322580_3869440255780885829_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=xEMShP_qLFMAb55VT3m&_nc_ht=scontent-atl3-2.xx&oh=00_AfDWfJxHj0HZNwe-NDko3zvnYAmSYlIZukKiC1ty_egxkw&oe=6627908C false
                            		high
                            https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19832.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7359387103923729254&__req=9&__rev=1012888762&__s=q3fhw7%3A2cd228%3Aqgd3o4&__spin_b=trunk&__spin_r=1012888762&__spin_t=1713490836&__user=0&dpr=1&jazoest=2903&lsd=AVq2Lh2l0hc&ph=C3 false
                              		high
                              https://scontent-atl3-2.xx.fbcdn.net/v/t39.30808-1/417843986_7077021149032703_7323956251606094932_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=LP1IcS8WNgkAb5jFRoV&_nc_ht=scontent-atl3-2.xx&oh=00_AfA70jyAe-1RiEXheUHVhxrne1KBbSQ7H9DEFsRhZDQbsQ&oe=6627932F false
                                		high
                                https://www.facebook.com/ajax/webstorage/process_keys/?state=1 false
                                  		high
                                  https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19832.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7359387103923729254&__req=b&__rev=1012888762&__s=q3fhw7%3A2cd228%3Aqgd3o4&__spin_b=trunk&__spin_r=1012888762&__spin_t=1713490836&__user=0&dpr=1&jazoest=2903&lsd=AVq2Lh2l0hc&ph=C3 false
                                    		high
                                    https://scontent-atl3-2.xx.fbcdn.net/v/t15.5256-10/437942529_992446696222628_1543467553494358279_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=AcwWWyFNr0wAb46GRke&_nc_ht=scontent-atl3-2.xx&oh=00_AfCufZFJTsYS1oCzs70XhJ1l36Gl75o7UJvA_kTMwh_8Eg&oe=6627949F false
                                      		high
                                      https://static.xx.fbcdn.net/rsrc.php/v3ifhN4/yX/l/en_US/nChwAUT1aUgDYvatkvPhoORf7s0WJvHMPn1wRO-dUcIoL9XF0wO0ej9ML-m_DiQrfXi0ByZrEbi6c-BC0lRf3kmQVAblIutlJuDu8FjJ2mAf5cwjSvgZCKCmXkp8GwrOMn7m1Rdzuzi16ygkVEIahZX1XqpI1Q50zl6ZBgWvsJpQFrYrGc1wa-Oq19cr_l1DuzAtWVDh4cn1CMxub3y91qmloYqXsrAa0b9bMzu_eJMlvvhSHqOL8xCqhxFHLp55HfXW__mMgFRlCsGN0FHzi95_wmB-51YxoStyBz2gE2pEQn4HVER6vHpPn3-WFWVy-GdB52bvQ0.js?_nc_x=Ij3Wp8lg5Kz false
                                        		high
                                        https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19832.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7359387103923729254&__req=j&__rev=1012888762&__s=%3A2cd228%3Aqgd3o4&__spin_b=trunk&__spin_r=1012888762&__spin_t=1713490836&__user=0&dpr=1&jazoest=2903&lsd=AVq2Lh2l0hc&ph=C3 false
                                          		high
                                          https://scontent-atl3-2.xx.fbcdn.net/v/t39.30808-1/414867464_7046595375378763_4861839573446109840_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=QVssM7vGW2oAb4BrMfp&_nc_ht=scontent-atl3-2.xx&oh=00_AfDu-H0r-6CfzXEJPa3gbJwso6VAEOgSMr--wRf3P1KcMw&oe=66279958 false
                                            		high
                                            https://scontent-atl3-2.xx.fbcdn.net/v/t39.30808-1/297577919_10217274176765031_2994694822502324520_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=-3rUZ9jyX0wAb5bIv02&_nc_ht=scontent-atl3-2.xx&oh=00_AfCINx_mKEMbP48d8aI4g-TLfOU0Eri64MtOnKfkm9oufA&oe=6627AB82 false
                                              		high
                                              https://scontent-atl3-2.xx.fbcdn.net/v/t1.6435-1/182862089_329809465171561_9124100968924750007_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=rbjHzLvzucEAb5bZn4H&_nc_ht=scontent-atl3-2.xx&oh=00_AfDvEfsbAQgrTPLx-opY6lSgCA3J3Ac-nhnwCNbY_jzosg&oe=664928B3 false
                                                		high
                                                https://www.youtube.com/account false
                                                  		high
                                                  https://www.google.com/favicon.ico false
                                                    		high
                                                    https://www.facebook.com/data/manifest/ false
                                                      		high
                                                      https://static.xx.fbcdn.net/rsrc.php/v3ifWF4/yt/l/en_US/3KWduJcmUWu.js?_nc_x=Ij3Wp8lg5Kz false
                                                        		high
                                                        https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19832.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7359387103923729254&__req=4&__rev=1012888762&__s=q3fhw7%3A2cd228%3Aqgd3o4&__spin_b=trunk&__spin_r=1012888762&__spin_t=1713490836&__user=0&dpr=1&jazoest=2903&lsd=AVq2Lh2l0hc&ph=C3 false
                                                          		high
                                                          https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19832.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7359387103923729254&__req=7&__rev=1012888762&__s=q3fhw7%3A2cd228%3Aqgd3o4&__spin_b=trunk&__spin_r=1012888762&__spin_t=1713490836&__user=0&dpr=1&jazoest=2903&lsd=AVq2Lh2l0hc&ph=C3 false
                                                            		high
                                                            https://static.xx.fbcdn.net/rsrc.php/v3/yY/r/YT7n1sgH1lv.js?_nc_x=Ij3Wp8lg5Kz false
                                                              		high
                                                              https://static.xx.fbcdn.net/rsrc.php/yT/r/aGT3gskzWBf.ico false
                                                                		high
                                                                https://static.xx.fbcdn.net/rsrc.php/v3iQbs4/yg/l/en_US/EX6jmVQkY6L.js?_nc_x=Ij3Wp8lg5Kz false
                                                                  		high
                                                                  https://static.xx.fbcdn.net/rsrc.php/v3i7Vo4/y6/l/en_US/LznjGi-Mcyn.js?_nc_x=Ij3Wp8lg5Kz false
                                                                    		high
                                                                    https://scontent.xx.fbcdn.net/hads-ak-prn2/1487645_6012475414660_1439393861_n.png false
                                                                      		high
                                                                      https://scontent-atl3-2.xx.fbcdn.net/v/t15.5256-10/434846145_750354690635123_5825280892337708034_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=VY_PguNQYqkAb4vYZ4J&_nc_ht=scontent-atl3-2.xx&oh=00_AfAA-dZ2FVoVBFW58UvtffQQCH__zs3TaqlqaDmOBrIH9A&oe=66278A45 false
                                                                        		high
                                                                        https://static.xx.fbcdn.net/rsrc.php/v3/yb/r/7NqDjYL3eb9.png false
                                                                          		high
                                                                          https://static.xx.fbcdn.net/rsrc.php/v3/y0/r/eFZD1KABzRA.png false
                                                                            		high
                                                                            https://static.xx.fbcdn.net/rsrc.php/v3/yR/r/4TRsPp18HYl.png false
                                                                              		high
                                                                              https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19832.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7359387103923729254&__req=e&__rev=1012888762&__s=q3fhw7%3A2cd228%3Aqgd3o4&__spin_b=trunk&__spin_r=1012888762&__spin_t=1713490836&__user=0&dpr=1&jazoest=2903&lsd=AVq2Lh2l0hc&ph=C3 false
                                                                                		high
                                                                                https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/q8Uic1K195T.png false
                                                                                  		high
                                                                                  https://static.xx.fbcdn.net/rsrc.php/v3ivlb4/yn/l/en_US/5ZMgj96iLR9.js?_nc_x=Ij3Wp8lg5Kz false
                                                                                    		high
                                                                                    https://static.xx.fbcdn.net/rsrc.php/v3/yo/r/RBVykxDUbUn.png false
                                                                                      		high
                                                                                      https://scontent-atl3-2.xx.fbcdn.net/v/t15.5256-10/436859318_962909741584758_3870588264605380752_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=s7KXFq-dOKwAb6FUqMa&_nc_ht=scontent-atl3-2.xx&oh=00_AfB-GpW_tvCHQBURGYoJaXuwYk2uRI3TGoOELVJq2jzi8A&oe=6627A99F false
                                                                                        		high
                                                                                        https://scontent-atl3-2.xx.fbcdn.net/v/t1.6435-1/166562961_289775365843871_1089544784969631943_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=gsiZqHemNI0Ab7xotOc&_nc_ht=scontent-atl3-2.xx&oh=00_AfCJ2y8PnGo5iYFIOIqkgTsp2QT4Magjkq-glreMKFQsPQ&oe=664932DC false
                                                                                          		high
                                                                                          https://static.xx.fbcdn.net/rsrc.php/v3iMBH4/ym/l/en_US/PM0yz8J0_9eatA4AbcUXJ_xGj4GgHf6uoyMXsyMcajeZkbHSqEKHvKE5vIR6Z6_fPD4wyD5Ym16tXudcxB4NWZK-0RNSBe8qSPG4UpY82FpGVUugonw1necxJMJfxNSBC0jRQvPTG6MYkFOrTRdkwmU8Y3mM84SfiWlvqtZjCyJ63My3zlOMrO0CLM5TVwEj1ba-rOSQb0hClwF360PJEynPfrjI.js?_nc_x=Ij3Wp8lg5Kz false
                                                                                            		high
                                                                                            https://scontent-atl3-2.xx.fbcdn.net/v/t51.29350-10/438844348_833636295261460_8820580507418716899_n.jpg?stp=dst-jpg_p206x206&_nc_cat=111&ccb=1-7&_nc_sid=5f2048&_nc_ohc=J7XdDp8SzdsAb7ozIpk&_nc_ht=scontent-atl3-2.xx&oh=00_AfCB8Q844RX1O_1OVOJ0GECUmomF3JgeZ_RWXRdhba-onA&oe=66278584 false
                                                                                              		high
                                                                                              https://scontent-atl3-2.xx.fbcdn.net/v/t15.5256-10/435297039_1622642408563885_856096703543016407_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=GWAVaQ02VJ8Ab6-Thma&_nc_ht=scontent-atl3-2.xx&oh=00_AfAGNYDZ7rzrA5aOKLdOlSZvN9nxTDaGyE2PI0T-WhTcwA&oe=6627AC74 false
                                                                                                		high
                                                                                                https://scontent-atl3-2.xx.fbcdn.net/v/t15.5256-10/438043668_951275763118012_9085738709733793549_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=Ag36yU8NZ2YAb6DVjhK&_nc_oc=AdhGlZK-sKtqhfza7ml_SykynPBUSx2UizoL0jq-Q1WsBlq6hBHetpwRDqkENWqjVAg&_nc_ht=scontent-atl3-2.xx&oh=00_AfA66vG8Ma9yADhKUsRHkt3rFZiZhApEGqODDzKsb816Dw&oe=6627B1A4 false
                                                                                                  		high
                                                                                                  https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19832.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7359387103923729254&__req=h&__rev=1012888762&__s=%3A2cd228%3Aqgd3o4&__spin_b=trunk&__spin_r=1012888762&__spin_t=1713490836&__user=0&dpr=1&jazoest=2903&lsd=AVq2Lh2l0hc&ph=C3 false
                                                                                                    		high
                                                                                                    https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19832.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7359387103923729254&__req=g&__rev=1012888762&__s=q3fhw7%3A2cd228%3Aqgd3o4&__spin_b=trunk&__spin_r=1012888762&__spin_t=1713490836&__user=0&dpr=1&jazoest=2903&lsd=AVq2Lh2l0hc&ph=C3 false
                                                                                                      		high
                                                                                                      https://scontent-atl3-2.xx.fbcdn.net/v/t15.5256-10/427423164_1136863804107170_2890424799444787669_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=B9Pc79yiemQAb6zBz4r&_nc_ht=scontent-atl3-2.xx&oh=00_AfCiWqDXjAXfVtRjlfSGhw15nEOc_vXUOs2xVTfr50viLg&oe=6627A6F7 false
                                                                                                        		high
                                                                                                        https://static.xx.fbcdn.net/rsrc.php/v3iNTg4/yA/l/en_US/2obelxd4ucH.js?_nc_x=Ij3Wp8lg5Kz false
                                                                                                          		high
                                                                                                          https://static.xx.fbcdn.net/rsrc.php/v3/yl/r/SDtEN57PJgl.js?_nc_x=Ij3Wp8lg5Kz false
                                                                                                            		high
                                                                                                            https://static.xx.fbcdn.net/rsrc.php/v3iFd24/yd/l/en_US/dj10Ym9OUFW.js?_nc_x=Ij3Wp8lg5Kz false
                                                                                                              		high
                                                                                                              https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19832.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7359387103923729254&__req=8&__rev=1012888762&__s=q3fhw7%3A2cd228%3Aqgd3o4&__spin_b=trunk&__spin_r=1012888762&__spin_t=1713490836&__user=0&dpr=1&jazoest=2903&lsd=AVq2Lh2l0hc&ph=C3 false
                                                                                                                		high
                                                                                                                https://static.xx.fbcdn.net/rsrc.php/v3iCjQ4/yT/l/en_US/-cuErFyZKsI.js?_nc_x=Ij3Wp8lg5Kz false
                                                                                                                  		high
                                                                                                                  https://scontent-atl3-2.xx.fbcdn.net/v/t39.30808-1/429682066_368649729457593_2210717644653039134_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=PCsmMolcaEYAb5liA2T&_nc_ht=scontent-atl3-2.xx&oh=00_AfAr3LnIIBAW4Oll3CfuMViVa6IZ_P_aBcdVZ1tFLfUJ0Q&oe=66278F81 false
                                                                                                                    		high
                                                                                                                    https://scontent-atl3-2.xx.fbcdn.net/v/t15.5256-10/438193634_720475476662614_5584509116371930153_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=-ExROFrTdmwAb5t0lBc&_nc_ht=scontent-atl3-2.xx&oh=00_AfDC4ORowz8xLhxbrweQGY8ubgpNS608cJQiE9HwjWJqyw&oe=66279C6D false
                                                                                                                      		high
                                                                                                                      https://static.xx.fbcdn.net/rsrc.php/v3iHrB4/y-/l/en_US/Sd6LZm7F8MR.js?_nc_x=Ij3Wp8lg5Kz false
                                                                                                                        		high
                                                                                                                        https://play.google.com/log?format=json&hasfast=true&authuser=0 false
                                                                                                                          		high
                                                                                                                          https://static.xx.fbcdn.net/rsrc.php/v3/yy/r/q9P8VRdD1Am.js?_nc_x=Ij3Wp8lg5Kz false
                                                                                                                            		high
                                                                                                                            https://play.google.com/log?hasfast=true&authuser=0&format=json false
                                                                                                                              		high
                                                                                                                              https://scontent-atl3-2.xx.fbcdn.net/v/t15.5256-10/435585243_1336893433647196_6208832241633396260_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=elYzPYAIG9kAb6SZKEF&_nc_ht=scontent-atl3-2.xx&oh=00_AfCvf0SUTHuy36cSdF56yN534pHFsf_uSWdDHk8TaBveJA&oe=6627852B false
                                                                                                                                		high
                                                                                                                                https://scontent-atl3-2.xx.fbcdn.net/v/t39.30808-1/438331716_2765174076970236_1145479496426679813_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=obA5gIRYYUYAb7KFZz4&_nc_ht=scontent-atl3-2.xx&oh=00_AfDhyPAWHnsY26BikqP407np3qhXfYGR6avsj0inolkFDg&oe=6627A836 false
                                                                                                                                  		high
                                                                                                                                  https://static.xx.fbcdn.net/rsrc.php/v3iwN74/yD/l/en_US/APoqa-iIOjvrn_I8kVuFfvi1Qie0qdVBFdoHo8RmQG6EroQ9FNgpiRhTLojQtsFNcs.js?_nc_x=Ij3Wp8lg5Kz false
                                                                                                                                    		high