Windows Analysis Report
wOS0RzhMdr.exe

Overview

General Information

Sample name: wOS0RzhMdr.exe
renamed because original name is a hash value
Original sample name: 144c4c84df07f4f2b5cf6936c47b8fa71361adc613cf8a35b4ef076ad8ca51b1.exe
Analysis ID: 1438247
MD5: 99d5ce4db9fd3bf3cf7790139a0f9293
SHA1: 9d7030d1065f70d3e193ee19b98c82743197a2f1
SHA256: 144c4c84df07f4f2b5cf6936c47b8fa71361adc613cf8a35b4ef076ad8ca51b1
Tags: exe
Infos:

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found iframes
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTML body contains password input but no form action
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: wOS0RzhMdr.exe ReversingLabs: Detection: 42%
Source: wOS0RzhMdr.exe Virustotal: Detection: 57% Perma Link
Machine Learning detection for sample
Source: wOS0RzhMdr.exe Joe Sandbox ML: detected
Found iframes
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AaSxoQz4X74lSGkacpYUL8mtN5Hu1gIde5ASShP7MioCskV4RNtJtAWSRGeYNByO2EzPKbdFsab-&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-821141245%3A1715170855190271&theme=mn&ddm=0 HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=2015407927&timestamp=1715170861767
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AaSxoQz4X74lSGkacpYUL8mtN5Hu1gIde5ASShP7MioCskV4RNtJtAWSRGeYNByO2EzPKbdFsab-&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-821141245%3A1715170855190271&theme=mn&ddm=0 HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AaSxoQz4X74lSGkacpYUL8mtN5Hu1gIde5ASShP7MioCskV4RNtJtAWSRGeYNByO2EzPKbdFsab-&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-821141245%3A1715170855190271&theme=mn&ddm=0 HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=2015407927&timestamp=1715170861767
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AaSxoQz4X74lSGkacpYUL8mtN5Hu1gIde5ASShP7MioCskV4RNtJtAWSRGeYNByO2EzPKbdFsab-&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-821141245%3A1715170855190271&theme=mn&ddm=0 HTTP Parser: Iframe src: /_/bscframe
HTML body contains password input but no form action
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AaSxoQz4X74lSGkacpYUL8mtN5Hu1gIde5ASShP7MioCskV4RNtJtAWSRGeYNByO2EzPKbdFsab-&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-821141245%3A1715170855190271&theme=mn&ddm=0 HTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://www.facebook.com/video HTTP Parser: <input type="password" .../> found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AaSxoQz4X74lSGkacpYUL8mtN5Hu1gIde5ASShP7MioCskV4RNtJtAWSRGeYNByO2EzPKbdFsab-&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-821141245%3A1715170855190271&theme=mn&ddm=0 HTTP Parser: <input type="password" .../> found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AaSxoQz4X74lSGkacpYUL8mtN5Hu1gIde5ASShP7MioCskV4RNtJtAWSRGeYNByO2EzPKbdFsab-&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-821141245%3A1715170855190271&theme=mn&ddm=0 HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AaSxoQz4X74lSGkacpYUL8mtN5Hu1gIde5ASShP7MioCskV4RNtJtAWSRGeYNByO2EzPKbdFsab-&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-821141245%3A1715170855190271&theme=mn&ddm=0 HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AaSxoQz4X74lSGkacpYUL8mtN5Hu1gIde5ASShP7MioCskV4RNtJtAWSRGeYNByO2EzPKbdFsab-&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-821141245%3A1715170855190271&theme=mn&ddm=0 HTTP Parser: No favicon
Source: https://www.facebook.com/video HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/video HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/video HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/video HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AaSxoQz4X74lSGkacpYUL8mtN5Hu1gIde5ASShP7MioCskV4RNtJtAWSRGeYNByO2EzPKbdFsab-&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-821141245%3A1715170855190271&theme=mn&ddm=0 HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AaSxoQz4X74lSGkacpYUL8mtN5Hu1gIde5ASShP7MioCskV4RNtJtAWSRGeYNByO2EzPKbdFsab-&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-821141245%3A1715170855190271&theme=mn&ddm=0 HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AaSxoQz4X74lSGkacpYUL8mtN5Hu1gIde5ASShP7MioCskV4RNtJtAWSRGeYNByO2EzPKbdFsab-&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-821141245%3A1715170855190271&theme=mn&ddm=0 HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/video HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/video HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/video HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/video HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AaSxoQz4X74lSGkacpYUL8mtN5Hu1gIde5ASShP7MioCskV4RNtJtAWSRGeYNByO2EzPKbdFsab-&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-821141245%3A1715170855190271&theme=mn&ddm=0 HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AaSxoQz4X74lSGkacpYUL8mtN5Hu1gIde5ASShP7MioCskV4RNtJtAWSRGeYNByO2EzPKbdFsab-&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-821141245%3A1715170855190271&theme=mn&ddm=0 HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AaSxoQz4X74lSGkacpYUL8mtN5Hu1gIde5ASShP7MioCskV4RNtJtAWSRGeYNByO2EzPKbdFsab-&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-821141245%3A1715170855190271&theme=mn&ddm=0 HTTP Parser: No <meta name="copyright".. found
Uses 32bit PE files
Source: wOS0RzhMdr.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 96.7.158.101:443 -> 192.168.2.4:49800 version: TLS 1.2
Source: unknown HTTPS traffic detected: 96.7.158.101:443 -> 192.168.2.4:49805 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49937 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49960 version: TLS 1.2
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BC68EE FindFirstFileW,FindClose, 0_2_00BC68EE
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BC698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, 0_2_00BC698F
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BBD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_00BBD076
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BBD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_00BBD3A9
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BC9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_00BC9642
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BC979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_00BC979D
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BBDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, 0_2_00BBDBBE
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BC9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, 0_2_00BC9B2B
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BC5C97 FindFirstFileW,FindNextFileW,FindClose, 0_2_00BC5C97
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BCCE44 InternetReadFile,SetEvent,GetLastError,SetEvent, 0_2_00BCCE44
Source: global traffic HTTP traffic detected: GET /video HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /account HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3Fcbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1 HTTP/1.1Host: consent.youtube.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: SOCS=CAAaBgiAgeuxBg; YSC=-ySu_pYSdts; __Secure-YEC=Cgt4eWRkX3Q4N25nWSil3O2xBjIKCgJHQhIEGgAgMw%3D%3D; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgMw%3D%3D; PREF=f7=4000
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yr/l/0,cross/TsTPhJ8tnYK.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/y7/r/NbXdFDdRGFv.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iccu4/ya/l/en_US/6rQ0sXDAmAD2yCsfbFF-h9qHqAxrZ3H_zMNMKvjSlKEGPtRb-6Q4bh0DjHBN5qwLYeDYvatkvPhoO357SFudnydL47uT4r-mh8t1Rdzuzi16yg81ExzMY8nYrGc1wa-Oq19cr_l1DuzAtWVDh4cn1CMxub3y91qmloYqXUFMdCGiz3OF_eJMlvvhSHqBd7ucOoHW0Vp55HfXW__mMgFRlCsGN0FHzi95_wmB-51YxoStyBz2gE2pEQn4HVER6.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3ivxz4/yX/l/en_US/POM937Mb8xn.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3i1j-4/yd/l/en_US/CkmvYgW1RCO.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iIZT4/yV/l/en_US/RJSxxAXV_YC.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iqR14/ya/l/en_US/CZK9hIJfUT9MWQbd8r4el7cmNagSyOYRHxsw_y3zVOBS5r1v89-9txafWxL1rr0Obq.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iQbs4/y1/l/en_US/VqLax-jGUnU.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3i0Wo4/y7/l/en_US/S0UnEh8aVas.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iFd24/yj/l/en_US/dMtVZddq5N0.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iUWN4/ym/l/en_US/GMXqH6fpKj8kNh8HMurVWLCChF1PIAKaP1CbkgMq5FOPpOluDD8I1DX6ioRlvd0S7bHsNs6qzRz09kGvWYM3lY7b4QjbM1czRiNuk6-vmGVJGHrTRdkwmU8Y3aateXJfeaBmkOoKy1Hk65WVdCM02luxat.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3ipb54/yx/l/en_US/fzdAoWYPhmZ.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yA/r/hQRElf2H-cr.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/cookies/cookie_info_card_image_2.png HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/videoAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/cookies/cookie_info_card_image_4.png HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/videoAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/cookies/cookie_info_card_image_1.png HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/videoAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/cookies/cookie_info_card_image_3.png HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/videoAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iWd-4/yM/l/en_US/F4tb5aV_NsM.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yu/r/DoQsxX0OV5G.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yA/r/hQRElf2H-cr.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3i_8K4/yu/l/en_US/RRm2quQ_ymn.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yn/r/Fx1w5FZo4y2.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iGOv4/y4/l/en_US/-x90MGiC1no.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yh/r/JAwvXd3ezPi.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3i-N64/yR/l/en_US/__dKgJRlh2h.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yY/r/YT7n1sgH1lv.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/437264668_967687381470555_5828081054359529464_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=6n-Wkb-iis4Q7kNvgEOzISE&_nc_ht=scontent-sea1-1.xx&oh=00_AfCAuv6XaBVJrdk9DL_y0zi7PCB4aJDQLJxKBwecCAmAig&oe=66414FBE HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/436545513_446511401381578_5294566616458907574_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=LrEp4CTte5kQ7kNvgGM7NrM&_nc_ht=scontent-sea1-1.xx&oh=00_AfAHdnlW1-I74lc4ncfSEUQ1edsjH95bl1k7AdEg93s5ew&oe=6641409F HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/438140576_810879627154232_8018239213206393606_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=uY7g8JAoJlcQ7kNvgFbWS5R&_nc_ht=scontent-sea1-1.xx&oh=00_AfAJmoSm6MV81173nfdpCLx3SVJA25kwOWggTRc0aEpiZA&oe=66413BE9 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/437747031_1118259172742570_5211171622273621415_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=QebpijfmOCIQ7kNvgEzSrH5&_nc_ht=scontent-sea1-1.xx&oh=00_AfAi77PVaEdZE9uadoKKdxO7EO57QygleFiAfBjX1Ly_lg&oe=66413BE8 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yb/r/7NqDjYL3eb9.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/425420347_956740719067490_5810933074859730685_n.jpg?stp=dst-jpg_p206x206&_nc_cat=101&ccb=1-7&_nc_sid=5f2048&_nc_ohc=uah-oJmTJeUQ7kNvgGqdz1e&_nc_ht=scontent-sea1-1.xx&oh=00_AfBys6IS0ebsrEOs6PFJFFcUYjGLsLuoPEoe8jlQd9nT8w&oe=66412864 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/428071564_976566547521960_1479436606993040698_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=SDsEbVYg4JUQ7kNvgFyzlkx&_nc_ht=scontent-sea1-1.xx&oh=00_AfBSD9kwaUgGP3J7CbH99F_xqxOZGuQJ_-8-Kwm9SsNJUQ&oe=664138DA HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yy/r/QvRwf2kCBWN.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3iNTg4/yo/l/en_US/KPPpByZ8XA5.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/434097662_973297417657995_6459345088880227957_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=YEz1f7VVjZMQ7kNvgHWsV5o&_nc_ht=scontent-sea1-1.xx&oh=00_AfCvB7kRNZrveKbHblh6tKS5n22J3BkOX2Jkrxp-mzRaHw&oe=66412CCE HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/438210238_1563465891113989_5042759433644811503_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=r9MeOSD80dAQ7kNvgFj30wi&_nc_ht=scontent-sea1-1.xx&oh=00_AfArDHRY-1ooKjcBBxJP8qt3wSEOKvcQ8gKJ_8XflUSpmQ&oe=664149A8 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yi/r/Ky_UAhc7OWu.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/cookies/cookie_info_card_image_4.png HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/cookies/cookie_info_card_image_2.png HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/cookies/cookie_info_card_image_1.png HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/cookies/cookie_info_card_image_3.png HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yu/r/DoQsxX0OV5G.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yb/r/7NqDjYL3eb9.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/437264668_967687381470555_5828081054359529464_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=6n-Wkb-iis4Q7kNvgEOzISE&_nc_ht=scontent-sea1-1.xx&oh=00_AfCAuv6XaBVJrdk9DL_y0zi7PCB4aJDQLJxKBwecCAmAig&oe=66414FBE HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/436545513_446511401381578_5294566616458907574_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=LrEp4CTte5kQ7kNvgGM7NrM&_nc_ht=scontent-sea1-1.xx&oh=00_AfAHdnlW1-I74lc4ncfSEUQ1edsjH95bl1k7AdEg93s5ew&oe=6641409F HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/428071564_976566547521960_1479436606993040698_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=SDsEbVYg4JUQ7kNvgFyzlkx&_nc_ht=scontent-sea1-1.xx&oh=00_AfBSD9kwaUgGP3J7CbH99F_xqxOZGuQJ_-8-Kwm9SsNJUQ&oe=664138DA HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/437747031_1118259172742570_5211171622273621415_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=QebpijfmOCIQ7kNvgEzSrH5&_nc_ht=scontent-sea1-1.xx&oh=00_AfAi77PVaEdZE9uadoKKdxO7EO57QygleFiAfBjX1Ly_lg&oe=66413BE8 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/425420347_956740719067490_5810933074859730685_n.jpg?stp=dst-jpg_p206x206&_nc_cat=101&ccb=1-7&_nc_sid=5f2048&_nc_ohc=uah-oJmTJeUQ7kNvgGqdz1e&_nc_ht=scontent-sea1-1.xx&oh=00_AfBys6IS0ebsrEOs6PFJFFcUYjGLsLuoPEoe8jlQd9nT8w&oe=66412864 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/438140576_810879627154232_8018239213206393606_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=uY7g8JAoJlcQ7kNvgFbWS5R&_nc_ht=scontent-sea1-1.xx&oh=00_AfAJmoSm6MV81173nfdpCLx3SVJA25kwOWggTRc0aEpiZA&oe=66413BE9 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t51.29350-10/441511129_348580304902397_9003491016392867807_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=e1ggvPQAmigQ7kNvgGbS2iZ&_nc_ht=scontent-sea1-1.xx&oh=00_AfDE250ezaWT_9w3m9ob2BSrGGss8Tdtxs97O_a3MfbFMQ&oe=66413670 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/431156668_1620665545384605_915990377324220400_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=F7eU6iX3fFcQ7kNvgGadPCi&_nc_ht=scontent-sea1-1.xx&oh=00_AfAL99EvhbJBeI1YpHlqkSLKc5l4jf91sSisFIqExKnaTA&oe=6641493D HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/438044171_458137003331528_7227878656750103728_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=ePljllKw-kYQ7kNvgEd-kGE&_nc_ht=scontent-sea1-1.xx&oh=00_AfD_2WEGQ0a9qoIx3VLhEvcfJrzi7jsOB6W0YWnpg_ytXQ&oe=664151B8 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yO/r/q8Uic1K195T.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=MODERATE&__comet_req=15&__hs=19851.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7366602721685935352&__req=6&__rev=1013352039&__s=%3A%3Aj5cfe8&__spin_b=trunk&__spin_r=1013352039&__spin_t=1715170853&__user=0&dpr=1&jazoest=21012&lsd=AVpqbdyRMMQ&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t51.29350-10/442424379_767472772228727_2657730723615344547_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=rvJNJaeiJ9sQ7kNvgEHXJg4&_nc_ht=scontent-sea1-1.xx&oh=00_AfA8CcNHtLmKixOMzr3eda9nSVZWnB1XU0CVYdCqdgwwWQ&oe=66415ABA HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/435550579_821769886667232_1269198965642895530_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=h1lEuenbUjwQ7kNvgGu3Zy0&_nc_oc=AdgVm75zOPNJTuIzYyVMfOoFP6QzLoBcTAJ7NXgz5UZCFdASUhgG6EL5MWVy9kmztbs&_nc_ht=scontent-sea1-1.xx&oh=00_AfB-gNfChhR861J91DiocxYaLUhYBUHo1b9aD38xXWP0mQ&oe=66414442 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/435806348_2056030048129871_133965968391625813_n.jpg?stp=dst-jpg_s960x960&_nc_cat=105&ccb=1-7&_nc_sid=5f2048&_nc_ohc=EJduSeommVMQ7kNvgFeoICL&_nc_ht=scontent-sea1-1.xx&oh=00_AfDF60PAJV1hUDRUVe-SH1Pid5cK6tOGU_oYNZJ3tb46gg&oe=66415388 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /hads-ak-prn2/1487645_6012475414660_1439393861_n.png HTTP/1.1Host: scontent.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=MODERATE&__comet_req=15&__hs=19851.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7366602721685935352&__req=7&__rev=1013352039&__s=%3A%3Aj5cfe8&__spin_b=trunk&__spin_r=1013352039&__spin_t=1715170853&__user=0&dpr=1&jazoest=21012&lsd=AVpqbdyRMMQ&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/438210238_1563465891113989_5042759433644811503_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=r9MeOSD80dAQ7kNvgFj30wi&_nc_ht=scontent-sea1-1.xx&oh=00_AfArDHRY-1ooKjcBBxJP8qt3wSEOKvcQ8gKJ_8XflUSpmQ&oe=664149A8 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/434097662_973297417657995_6459345088880227957_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=YEz1f7VVjZMQ7kNvgHWsV5o&_nc_ht=scontent-sea1-1.xx&oh=00_AfCvB7kRNZrveKbHblh6tKS5n22J3BkOX2Jkrxp-mzRaHw&oe=66412CCE HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/yO/r/q8Uic1K195T.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/431156668_1620665545384605_915990377324220400_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=F7eU6iX3fFcQ7kNvgGadPCi&_nc_ht=scontent-sea1-1.xx&oh=00_AfAL99EvhbJBeI1YpHlqkSLKc5l4jf91sSisFIqExKnaTA&oe=6641493D HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/438203475_753736850079353_6987397595009032374_n.jpg?stp=dst-jpg_s960x960&_nc_cat=100&ccb=1-7&_nc_sid=5f2048&_nc_ohc=L1iyC-8OK9kQ7kNvgGrKsuY&_nc_oc=AdhimnicGWukCZHNwIg3afzyH8Evv5ekdJA3govYQSx01N71sEkkZKnkg7TUJFpVdcY&_nc_ht=scontent-sea1-1.xx&oh=00_AfAk3qGpIIE2f-sp6Y4mSRjdoQZVyDsB9I9qIqt5aBs8Xw&oe=66413188 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=MODERATE&__comet_req=15&__hs=19851.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7366602721685935352&__req=8&__rev=1013352039&__s=%3A%3Aj5cfe8&__spin_b=trunk&__spin_r=1013352039&__spin_t=1715170853&__user=0&dpr=1&jazoest=21012&lsd=AVpqbdyRMMQ&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/438258606_816413083681717_4862683362262365018_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=RT7FEn2ynS4Q7kNvgFiGZEu&_nc_ht=scontent-sea1-1.xx&oh=00_AfA2QK0n9HnB-F9e_4r57C-Zt7Qh-Je8hIxB_tw1bWC2vg&oe=66412657 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t51.29350-10/441511129_348580304902397_9003491016392867807_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=e1ggvPQAmigQ7kNvgGbS2iZ&_nc_ht=scontent-sea1-1.xx&oh=00_AfDE250ezaWT_9w3m9ob2BSrGGss8Tdtxs97O_a3MfbFMQ&oe=66413670 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /hads-ak-prn2/1487645_6012475414660_1439393861_n.png HTTP/1.1Host: scontent.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/440747117_8178751345487258_6869278153295176775_n.jpg?stp=cp6_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=H32TrQgLEdwQ7kNvgH4sVu1&_nc_ht=scontent-sea1-1.xx&oh=00_AfDU6VZZ02TZxL2tmNrrrgiTXJj97oDsGtlhZtdOqdDGGw&oe=66413350 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/426261347_251268561353867_26185636506664007_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=xZ-NDV8n6VwQ7kNvgHyGG3L&_nc_ht=scontent-sea1-1.xx&oh=00_AfCh3QfqjonPd7IHUGcRNZNMviFQZ-36STWy6Kh1RTg8aQ&oe=664130FF HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/409042630_2662008933950824_8025272100136268169_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=An-5CScO3F4Q7kNvgGM6SlA&_nc_ht=scontent-sea1-1.xx&oh=00_AfAAFB4guXhScPb46PeGdowgo0kurJG6HHPt0vOrif91fQ&oe=66413520 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/396702677_171658159346705_8717982570021657849_n.jpg?stp=c0.2.50.50a_cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=bHh6vqzJT4kQ7kNvgE4u0on&_nc_oc=Adi3yv6cPV6WUfRcRgElYwheMtb_FHVqiyL_c4RSaPt2ZyxAZckpYN9OOcwtdtWkDkw&_nc_ht=scontent-sea1-1.xx&oh=00_AfCZJIC46nDttj8YqfPyVx1FsXc0XqpNqO2BmA4xzMVxwQ&oe=6641384C HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/435550579_821769886667232_1269198965642895530_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=h1lEuenbUjwQ7kNvgGu3Zy0&_nc_oc=AdgVm75zOPNJTuIzYyVMfOoFP6QzLoBcTAJ7NXgz5UZCFdASUhgG6EL5MWVy9kmztbs&_nc_ht=scontent-sea1-1.xx&oh=00_AfB-gNfChhR861J91DiocxYaLUhYBUHo1b9aD38xXWP0mQ&oe=66414442 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/438044171_458137003331528_7227878656750103728_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=ePljllKw-kYQ7kNvgEd-kGE&_nc_ht=scontent-sea1-1.xx&oh=00_AfD_2WEGQ0a9qoIx3VLhEvcfJrzi7jsOB6W0YWnpg_ytXQ&oe=664151B8 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t51.29350-10/442424379_767472772228727_2657730723615344547_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=rvJNJaeiJ9sQ7kNvgEHXJg4&_nc_ht=scontent-sea1-1.xx&oh=00_AfA8CcNHtLmKixOMzr3eda9nSVZWnB1XU0CVYdCqdgwwWQ&oe=66415ABA HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/435806348_2056030048129871_133965968391625813_n.jpg?stp=dst-jpg_s960x960&_nc_cat=105&ccb=1-7&_nc_sid=5f2048&_nc_ohc=EJduSeommVMQ7kNvgFeoICL&_nc_ht=scontent-sea1-1.xx&oh=00_AfDF60PAJV1hUDRUVe-SH1Pid5cK6tOGU_oYNZJ3tb46gg&oe=66415388 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/435321163_806647388163956_1397772289246415064_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=R0gTO9Lz6QEQ7kNvgGVZ4AK&_nc_ht=scontent-sea1-1.xx&oh=00_AfB6acbfpLnFWa89Joi0cjBQluFVJL79RZaB9300G-6Awg&oe=66414346 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/393414989_10231917119529525_1328038575815312263_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=YJ69uZOi-gMQ7kNvgGNP4sW&_nc_ht=scontent-sea1-1.xx&oh=00_AfCap9xq5Xz2jCVo9GvtbyT9Og5NgmedZ93YYf_MCLOixQ&oe=6641385B HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t51.29350-10/442274967_1168580254145541_3493657569876780855_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=prUFMQSQvg8Q7kNvgF3_ZZ_&_nc_ht=scontent-sea1-1.xx&oh=00_AfCg-08EItEotvvjFISJQyzcY970MBfxUvUeH2wsP7D91Q&oe=66414D22 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t1.6435-1/117945607_10158758083394359_5707836482966237430_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=dp2GD43HuQMQ7kNvgHy63g1&_nc_ht=scontent-sea1-1.xx&oh=00_AfD5tFFg9zyFUSIZzIr3-wacTmG7LtVCH73NV1kpKirmCQ&oe=6662DC17 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=MODERATE&__comet_req=15&__hs=19851.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7366602721685935352&__req=9&__rev=1013352039&__s=%3A%3Aj5cfe8&__spin_b=trunk&__spin_r=1013352039&__spin_t=1715170853&__user=0&dpr=1&jazoest=21012&lsd=AVpqbdyRMMQ&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/437850765_466620355864943_8579133412090442779_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=Gupe0hN6rvYQ7kNvgG49q5f&_nc_ht=scontent-sea1-1.xx&oh=00_AfCaMdnNPyINakMNDgigiwXN07D6W_Ko-C7V8-KMNUxRtg&oe=6641561E HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/440747117_8178751345487258_6869278153295176775_n.jpg?stp=cp6_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=H32TrQgLEdwQ7kNvgH4sVu1&_nc_ht=scontent-sea1-1.xx&oh=00_AfDU6VZZ02TZxL2tmNrrrgiTXJj97oDsGtlhZtdOqdDGGw&oe=66413350 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/434042038_723594283310892_2034227974231447593_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=N9yAwFAQuYkQ7kNvgFsc0KZ&_nc_ht=scontent-sea1-1.xx&oh=00_AfDAw5KWrWQFlME7XKnU6RA1-JfDwLbpoIcej0am9DzaEw&oe=6641411C HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/396702677_171658159346705_8717982570021657849_n.jpg?stp=c0.2.50.50a_cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=bHh6vqzJT4kQ7kNvgE4u0on&_nc_oc=Adi3yv6cPV6WUfRcRgElYwheMtb_FHVqiyL_c4RSaPt2ZyxAZckpYN9OOcwtdtWkDkw&_nc_ht=scontent-sea1-1.xx&oh=00_AfCZJIC46nDttj8YqfPyVx1FsXc0XqpNqO2BmA4xzMVxwQ&oe=6641384C HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/409042630_2662008933950824_8025272100136268169_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=An-5CScO3F4Q7kNvgGM6SlA&_nc_ht=scontent-sea1-1.xx&oh=00_AfAAFB4guXhScPb46PeGdowgo0kurJG6HHPt0vOrif91fQ&oe=66413520 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/426261347_251268561353867_26185636506664007_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=xZ-NDV8n6VwQ7kNvgHyGG3L&_nc_ht=scontent-sea1-1.xx&oh=00_AfCh3QfqjonPd7IHUGcRNZNMviFQZ-36STWy6Kh1RTg8aQ&oe=664130FF HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/438203475_753736850079353_6987397595009032374_n.jpg?stp=dst-jpg_s960x960&_nc_cat=100&ccb=1-7&_nc_sid=5f2048&_nc_ohc=L1iyC-8OK9kQ7kNvgGrKsuY&_nc_oc=AdhimnicGWukCZHNwIg3afzyH8Evv5ekdJA3govYQSx01N71sEkkZKnkg7TUJFpVdcY&_nc_ht=scontent-sea1-1.xx&oh=00_AfAk3qGpIIE2f-sp6Y4mSRjdoQZVyDsB9I9qIqt5aBs8Xw&oe=66413188 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/438258606_816413083681717_4862683362262365018_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=RT7FEn2ynS4Q7kNvgFiGZEu&_nc_ht=scontent-sea1-1.xx&oh=00_AfA2QK0n9HnB-F9e_4r57C-Zt7Qh-Je8hIxB_tw1bWC2vg&oe=66412657 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/435321163_806647388163956_1397772289246415064_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=R0gTO9Lz6QEQ7kNvgGVZ4AK&_nc_ht=scontent-sea1-1.xx&oh=00_AfB6acbfpLnFWa89Joi0cjBQluFVJL79RZaB9300G-6Awg&oe=66414346 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/393414989_10231917119529525_1328038575815312263_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=YJ69uZOi-gMQ7kNvgGNP4sW&_nc_ht=scontent-sea1-1.xx&oh=00_AfCap9xq5Xz2jCVo9GvtbyT9Og5NgmedZ93YYf_MCLOixQ&oe=6641385B HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /data/manifest/ HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://www.facebook.com/videoAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/yT/r/aGT3gskzWBf.ico HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=2015407927&timestamp=1715170861767 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t1.6435-1/117945607_10158758083394359_5707836482966237430_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=dp2GD43HuQMQ7kNvgHy63g1&_nc_ht=scontent-sea1-1.xx&oh=00_AfD5tFFg9zyFUSIZzIr3-wacTmG7LtVCH73NV1kpKirmCQ&oe=6662DC17 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t15.5256-10/437850765_466620355864943_8579133412090442779_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=Gupe0hN6rvYQ7kNvgG49q5f&_nc_ht=scontent-sea1-1.xx&oh=00_AfCaMdnNPyINakMNDgigiwXN07D6W_Ko-C7V8-KMNUxRtg&oe=6641561E HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t51.29350-10/442274967_1168580254145541_3493657569876780855_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=prUFMQSQvg8Q7kNvgF3_ZZ_&_nc_ht=scontent-sea1-1.xx&oh=00_AfCg-08EItEotvvjFISJQyzcY970MBfxUvUeH2wsP7D91Q&oe=66414D22 HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v/t39.30808-1/434042038_723594283310892_2034227974231447593_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=N9yAwFAQuYkQ7kNvgFsc0KZ&_nc_ht=scontent-sea1-1.xx&oh=00_AfDAw5KWrWQFlME7XKnU6RA1-JfDwLbpoIcej0am9DzaEw&oe=6641411C HTTP/1.1Host: scontent-sea1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/yT/r/aGT3gskzWBf.ico HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/y0/r/eFZD1KABzRA.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://consent.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rsrc.php/v3/y0/r/eFZD1KABzRA.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=MODERATE&__comet_req=15&__hs=19851.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7366602721685935352&__req=c&__rev=1013352039&__s=%3A%3Aj5cfe8&__spin_b=trunk&__spin_r=1013352039&__spin_t=1715170853&__user=0&dpr=1&jazoest=21012&lsd=AVpqbdyRMMQ&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/user_preferences/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_/ConsentUi/browserinfo?f.sid=5971707709330216219&bl=boq_identityfrontenduiserver_20240505.08_p1&hl=en&gl=GB&_reqid=51669&rt=j HTTP/1.1Host: consent.youtube.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: SOCS=CAAaBgiAgeuxBg; __Secure-YEC=Cgt4eWRkX3Q4N25nWSil3O2xBjIKCgJHQhIEGgAgMw%3D%3D; PREF=f7=4000; OTZ=7547781_48_52_123900_48_436380
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=h9NAc+AL8yaYGzR&MD=w+4YUthO HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=MODERATE&__comet_req=15&__hs=19851.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7366602721685935352&__req=e&__rev=1013352039&__s=%3A%3Aj5cfe8&__spin_b=trunk&__spin_r=1013352039&__spin_t=1715170853&__user=0&dpr=1&jazoest=21012&lsd=AVpqbdyRMMQ&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=MODERATE&__comet_req=15&__hs=19851.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7366602721685935352&__req=f&__rev=1013352039&__s=%3A%3Aj5cfe8&__spin_b=trunk&__spin_r=1013352039&__spin_t=1715170853&__user=0&dpr=1&jazoest=21012&lsd=AVpqbdyRMMQ&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=h9NAc+AL8yaYGzR&MD=w+4YUthO HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=MODERATE&__comet_req=15&__hs=19851.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7366602721685935352&__req=g&__rev=1013352039&__s=%3A%3Aj5cfe8&__spin_b=trunk&__spin_r=1013352039&__spin_t=1715170853&__user=0&dpr=1&jazoest=21012&lsd=AVpqbdyRMMQ&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=MODERATE&__comet_req=15&__hs=19851.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7366602721685935352&__req=h&__rev=1013352039&__s=%3A%3Aj5cfe8&__spin_b=trunk&__spin_r=1013352039&__spin_t=1715170853&__user=0&dpr=1&jazoest=21012&lsd=AVpqbdyRMMQ&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: chromecache_190.7.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/A4tfXiHOGrs/ equals www.facebook.com (Facebook)
Source: chromecache_277.7.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/CCT5pM3qiNk/ equals www.facebook.com (Facebook)
Source: chromecache_190.7.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/Ga6vBwdwgUx/ equals www.facebook.com (Facebook)
Source: chromecache_174.7.dr, chromecache_277.7.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/MDzNl_j9yvg/ equals www.facebook.com (Facebook)
Source: chromecache_153.7.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/OKBVmODmb-W/ equals www.facebook.com (Facebook)
Source: chromecache_277.7.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/V9vdYColc4k/ equals www.facebook.com (Facebook)
Source: chromecache_277.7.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/WRsJ32R7YJG/ equals www.facebook.com (Facebook)
Source: chromecache_277.7.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/aJoeSHn7XcN/ equals www.facebook.com (Facebook)
Source: chromecache_174.7.dr, chromecache_277.7.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/t3hOLs8wlXy/ equals www.facebook.com (Facebook)
Source: wOS0RzhMdr.exe, 00000000.00000002.1617404409.0000000001678000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.0000000001678000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: >https://www.youtube.com/accountrosoft\WindowsINetCookies equals www.youtube.com (Youtube)
Source: chromecache_251.7.dr String found in binary or memory: _.Aw(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.Aw(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.Aw(_.Jw(c))+"&hl="+_.Aw(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.Aw(m)+"/chromebook/termsofservice.html?languageCode="+_.Aw(d)+"&regionCode="+_.Aw(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded":"")+"?hl="+_.Aw(d)+"&gl="+_.Aw(c)+(g?"&color_scheme="+ equals www.youtube.com (Youtube)
Source: chromecache_272.7.dr String found in binary or memory: __d("Chromedome",["fbt","gkx"],(function(a,b,c,d,e,f,g,h){function i(){if(document.domain==null)return null;var a=document.domain,b=/^intern\./.test(a);if(b)return null;b=/(^|\.)facebook\.(com|sg)$/.test(a);if(b)return"facebook";b=/(^|\.)instagram\.com$/.test(a);if(b)return"instagram";b=/(^|\.)threads\.net$/.test(a);if(b)return"threads";b=/(^|\.)messenger\.com$/.test(a);return b?"messenger":null}function j(a){if(a==="instagram")return h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable an Instagram feature or \"hack\" someone's account, it is a scam and will give them access to your Instagram account.");return a==="threads"?h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable a Threads feature or \"hack\" someone's account, it is a scam and will give them access to your Threads account."):h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable a Facebook feature or \"hack\" someone's account, it is a scam and will give them access to your Facebook account.")}function a(a){if(top!==window)return;a=i();if(a==null)return;var b=h._("Stop!");a=j(a);var d=h._("See {url} for more information.",[h._param("url","https://www.facebook.com/selfxss")]);if(window.chrome||window.safari||c("gkx")("2133")){var e="font-family:helvetica; font-size:20px; ";[[b,e+"font-size:50px; font-weight:bold; color:red; -webkit-text-stroke:1px black;"],[a,e],[d,e],["",""]].map(function(a){window.setTimeout(console.log.bind(console,"\n%c"+a[0].toString(),a[1]))})}else{b=[""," .d8888b. 888 888","d88P Y88b 888 888","Y88b. 888 888",' "Y888b. 888888 .d88b. 88888b. 888',' "Y88b. 888 d88""88b 888 "88b 888',' "888 888 888 888 888 888 Y8P',"Y88b d88P Y88b. Y88..88P 888 d88P",' "Y8888P" "Y888 "Y88P" 88888P" 888'," 888"," 888"," 888"];e=(""+a.toString()).match(/.{35}.+?\s+|.+$/g);if(e!=null){a=Math.floor(Math.max(0,(b.length-e.length)/2));for(var f=0;f<b.length||f<e.length;f++){var g=b[f];b[f]=g+new Array(45-g.length).join(" ")+(e[f-a]||"")}}console.log("\n\n\n"+b.join("\n")+"\n\n"+d.toString()+"\n");return}}g.start=a}),226); equals www.facebook.com (Facebook)
Source: chromecache_177.7.dr String found in binary or memory: __d("CometLegalFooter.react",["fbt","ix","BaseMiddot.react","CometErrorBoundary.react","CometLazyPopoverTrigger.react","CometLink.react","CometPressable.react","FBCookieSettingsLoggedOutConfig","JSResourceForInteraction","ServerTime","TetraIcon.react","TetraText.react","XHealthPolicyCometControllerRouteBuilder","XPrivacyPolicyCometControllerRouteBuilder","fbicon","gkx","react","useCurrentRoute"],(function(a,b,c,d,e,f,g,h,i){"use strict";var j,k=j||d("react"),l=c("JSResourceForInteraction")("CometLegalFooterMoreMenu.react").__setRef("CometLegalFooter.react");function m(){try{var a;return(a=new Date(d("ServerTime").getMillis()))==null?void 0:a.getFullYear()}catch(a){return null}}function a(a){var b=a.isHelpCenter;b=b===void 0?!1:b;var e=a.isPage;e=e===void 0?!1:e;var f=a.onClick;a=d("FBCookieSettingsLoggedOutConfig").should_show_cookie_settings;var g=c("useCurrentRoute")(),j=m(),n=c("XPrivacyPolicyCometControllerRouteBuilder").buildUri({entry_point:"comet_dropdown"}),o=c("XHealthPolicyCometControllerRouteBuilder").buildUri({});e=[{href:"https://www.facebook.com/legal/terms/information_about_page_insights_data",label:h._("Information about Page Insights Data"),render:e&&c("gkx")("22806")},{href:n.toString(),label:h._("Privacy"),testid:"CometDropdownPrivacy"},{href:o.toString(),label:h._("Consumer Health Privacy"),render:c("gkx")("2828"),testid:"CometDropdownHealthPrivacy"},{href:"/terms?ref=pf",label:"Impressum/Terms/NetzDG/UrhDaG",render:c("gkx")("22807")&&!c("gkx")("22808")},{href:"/terms?ref=pf",label:h._("Imprint\/Terms"),render:c("gkx")("22808")},{href:"/legal/germany/",label:"UrhDaG/MStV",render:c("gkx")("22808")},{href:"/policies?ref=pf",label:h._("Terms"),render:!c("gkx")("22807")&&!c("gkx")("22808"),testid:"CometDropdownTerms"},{href:"/business/",label:h._("Advertising")},{href:"/help/568137493302217",label:k.jsxs(k.Fragment,{children:[h._("Ad Choices")," ",k.jsx(c("CometErrorBoundary.react"),{children:k.jsx("span",{className:"x1n2onr6 x1qiirwl",children:k.jsx(c("TetraIcon.react"),{color:"secondary",icon:d("fbicon")._(i("871692"),12)})})})]})},{href:"/policies/cookies/",label:h._("Cookies"),testid:"CometDropdownCookies"},{href:"/privacy/cookie_settings/",label:h._("Cookie Settings"),render:a},{href:encodeURIComponent("https://www.facebook.com/help/cancelcontracts?source=facebook.com"),label:h._("Cancel contracts here"),open_in_new_tab:!0,render:c("gkx")("2344")&&!1}].filter(function(a){return a.render==null||a.render===!0});var p=[];if((g==null?void 0:(n=g.rootView.props)==null?void 0:n.seoCrawlingPool)&&(g==null?void 0:(o=g.rootView.props)==null?void 0:o.seoCrawlingPool.url)){Array.from(Array((g==null?void 0:(a=g.rootView.props)==null?void 0:a.seoCrawlingPool.multiple_links)||0)).forEach(function(a,b){p.push(k.jsxs("li",{className:"xt0psk2",children:[k.jsx(c("CometLink.react"),{color:"secondary",href:g==null?void 0:(a=g.rootView.props)==null?void 0:a.seoCrawlingPool.url,onClick:f,weight:"normal",children:g==null?void 0:(a=g.rootView.props)
Source: chromecache_153.7.dr String found in binary or memory: __d("FacebookCookieConsentCustomization",["fbt","ix","JSResourceForInteraction","XCookiesPolicyControllerRouteBuilder","isBaseline4EnabledForLoggedOut","isCNILEnabledForLoggedOut","lazyLoadComponent"],(function(a,b,c,d,e,f,g,h,i){"use strict";var j=c("lazyLoadComponent")(c("JSResourceForInteraction")("FacebookCometCookieConsentDialogDataSettings.react").__setRef("FacebookCookieConsentCustomization"));a=function(){var a,b,d,e=null;c("isBaseline4EnabledForLoggedOut")()||c("isCNILEnabledForLoggedOut")()?(b=i("1954651"),d=i("1954649"),e=h._("More options")):(b=i("856481"),d=i("856481"),e=h._("Manage Data Settings"));a=(a=(a=c("XCookiesPolicyControllerRouteBuilder").buildUri({}).getQualifiedUri())==null?void 0:(a=a.setDomain("www.facebook.com"))==null?void 0:a.toString())!=null?a:"";return{essentialCookiesOnly:!1,faviconDark:d,faviconLight:b,policyUrl:a,productName:"FACEBOOK",secondaryAction:{label:e,viewReference:j}}};b=a;g["default"]=b}),226); equals www.facebook.com (Facebook)
Source: chromecache_215.7.dr String found in binary or memory: __d("RealtimeGraphQLRequest",["invariant","RequestStreamCommonRequestStreamCommonTypes","TransportSelectingClientSingleton","nullthrows","regeneratorRuntime"],(function(a,b,c,d,e,f,g,h){"use strict";a=function(){function a(a){var b=this,e=a.method,f=a.doc_id,g=a.is_intern,i=a.extra_headers,j=a.body,k=a.instrumentation_data;a=a.sandbox;this.$12=function(a){switch(a){case d("RequestStreamCommonRequestStreamCommonTypes").FlowStatus.Started:if(b.$10){b.$9!=null||h(0,13576);a=Date.now()-c("nullthrows")(b.$9);b.$7!=null&&b.$7(a)}else b.$10=!0,b.$5!=null&&b.$5();break;case d("RequestStreamCommonRequestStreamCommonTypes").FlowStatus.Stopped:b.$9=Date.now();b.$6!=null&&b.$6(!1,!1);break;default:break}};this.$10=!1;e={method:e,doc_id:f};g===!0&&(e=babelHelpers["extends"]({},e,{www_tier:"intern"}));a!=null&&(e=babelHelpers["extends"]({},e,{www_sandbox:a.replace(/^not-www\.(\d+)\.(od|sb)\.internalfb\.com$/,"www.$1.$2.facebook.com")}));i!=null&&(e=babelHelpers["extends"]({},e,i));this.$1=e;this.$2=JSON.stringify(j);this.$11=k}var e=a.prototype;e.onResponse=function(a){this.$3=a;return this};e.onError=function(a){this.$4=a;return this};e.onActive=function(a){this.$5=a;return this};e.onPause=function(a){this.$6=a;return this};e.onResume=function(a){this.$7=a;return this};e.onRetryUpdateRequestBody=function(a){this.$8=a;this.$1=babelHelpers["extends"]({},this.$1,{request_stream_retry:"false"});return this};e.send=function(){var a,d;return b("regeneratorRuntime").async(function(e){while(1)switch(e.prev=e.next){case 0:this.$3!=null||h(0,33593);a={onData:c("nullthrows")(this.$3)};this.$4!=null&&(a=babelHelpers["extends"]({},a,{onTermination:this.$4}));a=babelHelpers["extends"]({},a,{onFlowStatus:this.$12});this.$8!=null&&(a=babelHelpers["extends"]({},a,{onRetryUpdateRequestBody:this.$8}));e.next=7;return b("regeneratorRuntime").awrap(c("TransportSelectingClientSingleton").requestStream(this.$1,this.$2,a,this.$11));case 7:d=e.sent;return e.abrupt("return",{cancel:function(){d.cancel()},amendExperimental:function(a){try{d.amendWithoutAck(JSON.stringify(a));return!0}catch(a){return!1}}});case 9:case"end":return e.stop()}},null,this)};return a}();g["default"]=a}),98); equals www.facebook.com (Facebook)
Source: wOS0RzhMdr.exe, 00000000.00000002.1617299815.0000000001638000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: bts://www.facebook.com/video[ equals www.facebook.com (Facebook)
Source: chromecache_146.7.dr String found in binary or memory: ff=u(["https://sandbox.google.com/tools/feedback/"]),gf=u(["https://www.google.cn/tools/feedback/"]),hf=u(["https://help.youtube.com/tools/feedback/"]),jf=u(["https://asx-frontend-staging.corp.google.com/inapp/"]),kf=u(["https://asx-frontend-staging.corp.google.com/tools/feedback/"]),lf=u(["https://localhost.corp.google.com/inapp/"]),mf=u(["https://localhost.proxy.googlers.com/inapp/"]),nf=S(Pe),of=[S(Qe),S(Re)],pf=[S(Se),S(Te),S(Ue),S(Ve),S(We),S(Xe),S(Ye),S(Ze),S($e),S(af)],qf=[S(bf),S(cf)],rf= equals www.youtube.com (Youtube)
Source: wOS0RzhMdr.exe, 00000000.00000003.1616705617.0000000001663000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.000000000166D000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000002.1617299815.0000000001638000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.facebook.com/video equals www.facebook.com (Facebook)
Source: wOS0RzhMdr.exe, 00000000.00000003.1616705617.0000000001663000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.000000000166D000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000002.1617404409.000000000166E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.facebook.com/video373 equals www.facebook.com (Facebook)
Source: wOS0RzhMdr.exe, 00000000.00000002.1617404409.0000000001678000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.0000000001678000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.facebook.com/video@ equals www.facebook.com (Facebook)
Source: wOS0RzhMdr.exe, 00000000.00000003.1616705617.0000000001663000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.000000000166D000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000002.1617299815.0000000001638000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: wOS0RzhMdr.exe, 00000000.00000002.1617342084.0000000001655000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616784963.0000000001654000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/account+3 equals www.youtube.com (Youtube)
Source: wOS0RzhMdr.exe, 00000000.00000003.1616705617.0000000001663000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.000000000166D000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000002.1617404409.000000000166E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/accountNz equals www.youtube.com (Youtube)
Source: wOS0RzhMdr.exe, 00000000.00000002.1617299815.0000000001638000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/account\ equals www.youtube.com (Youtube)
Source: wOS0RzhMdr.exe, 00000000.00000003.1616705617.0000000001663000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.000000000166D000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000002.1617404409.000000000166E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/accounts{= equals www.youtube.com (Youtube)
Source: wOS0RzhMdr.exe, 00000000.00000002.1617404409.0000000001678000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.0000000001678000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: wOS0RzhMdr.exe, 00000000.00000002.1617404409.0000000001678000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.0000000001678000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: wOS0RzhMdr.exe, 00000000.00000003.1616705617.0000000001663000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.000000000166D000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000002.1617404409.0000000001678000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: wOS0RzhMdr.exe, 00000000.00000003.1616705617.0000000001663000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.000000000166D000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000002.1617404409.000000000166E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: www.youtube.comEAZ equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: www.youtube.com
Source: global traffic DNS traffic detected: DNS query: www.facebook.com
Source: global traffic DNS traffic detected: DNS query: consent.youtube.com
Source: global traffic DNS traffic detected: DNS query: static.xx.fbcdn.net
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: scontent-sea1-1.xx.fbcdn.net
Source: global traffic DNS traffic detected: DNS query: scontent.xx.fbcdn.net
Source: global traffic DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic DNS traffic detected: DNS query: play.google.com
Source: unknown HTTP traffic detected: POST /ajax/qm/?__a=1&__user=0&__comet_req=15&jazoest=21012 HTTP/1.1Host: www.facebook.comConnection: keep-aliveContent-Length: 124sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedsec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/videoAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: chromecache_146.7.dr String found in binary or memory: http://localhost.corp.google.com/inapp/
Source: chromecache_146.7.dr String found in binary or memory: http://localhost.proxy.googlers.com/inapp/
Source: chromecache_251.7.dr String found in binary or memory: https://accounts.google.com
Source: wOS0RzhMdr.exe, 00000000.00000003.1616799581.0000000001678000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: wOS0RzhMdr.exe, 00000000.00000002.1617404409.0000000001678000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.0000000001678000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/2
Source: wOS0RzhMdr.exe, 00000000.00000002.1617404409.0000000001678000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.0000000001678000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/29
Source: wOS0RzhMdr.exe, 00000000.00000002.1617404409.0000000001678000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.0000000001678000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/R
Source: chromecache_251.7.dr String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: wOS0RzhMdr.exe, 00000000.00000002.1617404409.0000000001678000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.0000000001678000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/b
Source: wOS0RzhMdr.exe, 00000000.00000002.1617404409.0000000001678000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.0000000001678000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/bul
Source: wOS0RzhMdr.exe, 00000000.00000002.1617404409.0000000001678000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.0000000001678000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/d
Source: wOS0RzhMdr.exe, 00000000.00000002.1617404409.0000000001678000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.0000000001678000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ll
Source: wOS0RzhMdr.exe, 00000000.00000002.1617404409.0000000001678000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.0000000001678000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.comY
Source: chromecache_159.7.dr, chromecache_263.7.dr String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_146.7.dr String found in binary or memory: https://apis.google.com/js/client.js
Source: chromecache_251.7.dr String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: chromecache_146.7.dr String found in binary or memory: https://asx-frontend-autopush.corp.google.co.uk/inapp/
Source: chromecache_146.7.dr String found in binary or memory: https://asx-frontend-autopush.corp.google.co.uk/tools/feedback/
Source: chromecache_146.7.dr String found in binary or memory: https://asx-frontend-autopush.corp.google.com/inapp/
Source: chromecache_146.7.dr String found in binary or memory: https://asx-frontend-autopush.corp.google.com/tools/feedback/
Source: chromecache_146.7.dr String found in binary or memory: https://asx-frontend-autopush.corp.google.de/inapp/
Source: chromecache_146.7.dr String found in binary or memory: https://asx-frontend-autopush.corp.google.de/tools/feedback/
Source: chromecache_146.7.dr String found in binary or memory: https://asx-frontend-autopush.corp.youtube.com/inapp/
Source: chromecache_146.7.dr String found in binary or memory: https://asx-frontend-autopush.corp.youtube.com/tools/feedback/
Source: chromecache_146.7.dr String found in binary or memory: https://asx-frontend-staging.corp.google.com/inapp/
Source: chromecache_146.7.dr String found in binary or memory: https://asx-frontend-staging.corp.google.com/tools/feedback/
Source: chromecache_146.7.dr String found in binary or memory: https://asx-help-frontend-autopush.corp.youtube.com/inapp/
Source: chromecache_146.7.dr String found in binary or memory: https://asx-help-frontend-autopush.corp.youtube.com/tools/feedback/
Source: chromecache_251.7.dr String found in binary or memory: https://families.google.com/intl/
Source: chromecache_215.7.dr String found in binary or memory: https://fburl.com/comet_preloading
Source: chromecache_215.7.dr String found in binary or memory: https://fburl.com/dialog-provider).
Source: chromecache_215.7.dr String found in binary or memory: https://fburl.com/wiki/m19zmtlh
Source: chromecache_137.7.dr, chromecache_135.7.dr String found in binary or memory: https://fburl.com/wiki/xrzohrqb
Source: chromecache_146.7.dr String found in binary or memory: https://feedback-pa.clients6.google.com
Source: chromecache_146.7.dr String found in binary or memory: https://feedback.googleusercontent.com/resources/annotator.css
Source: chromecache_146.7.dr String found in binary or memory: https://feedback.googleusercontent.com/resources/render_frame2.html
Source: chromecache_146.7.dr String found in binary or memory: https://feedback2-test.corp.google.com/inapp/%
Source: chromecache_146.7.dr String found in binary or memory: https://feedback2-test.corp.google.com/tools/feedback/%
Source: chromecache_146.7.dr String found in binary or memory: https://feedback2-test.corp.googleusercontent.com/inapp/%
Source: chromecache_146.7.dr String found in binary or memory: https://feedback2-test.corp.googleusercontent.com/tools/feedback/%
Source: chromecache_250.7.dr String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chromecache_251.7.dr String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_251.7.dr String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_251.7.dr String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: chromecache_250.7.dr String found in binary or memory: https://fonts.gstatic.com/s/youtubesans/v30/Qw3hZQNGEDjaO2m6tqIqX5E-AVS5_rSejo46_PCTRspJ0OosolrBEJL3
Source: chromecache_251.7.dr String found in binary or memory: https://g.co/recover
Source: chromecache_146.7.dr String found in binary or memory: https://gstatic.com/uservoice/surveys/resources/
Source: chromecache_146.7.dr String found in binary or memory: https://help.youtube.com/tools/feedback/
Source: chromecache_146.7.dr String found in binary or memory: https://localhost.corp.google.com/inapp/
Source: chromecache_146.7.dr String found in binary or memory: https://localhost.proxy.googlers.com/inapp/
Source: chromecache_153.7.dr String found in binary or memory: https://optout.aboutads.info/
Source: chromecache_221.7.dr String found in binary or memory: https://play.google.com
Source: chromecache_181.7.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_251.7.dr String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: chromecache_251.7.dr String found in binary or memory: https://play.google/intl/
Source: chromecache_251.7.dr String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_251.7.dr String found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_251.7.dr String found in binary or memory: https://policies.google.com/privacy/additional/embedded?gl=kr
Source: chromecache_251.7.dr String found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_251.7.dr String found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_251.7.dr String found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_251.7.dr String found in binary or memory: https://policies.google.com/terms
Source: chromecache_251.7.dr String found in binary or memory: https://policies.google.com/terms/location/embedded
Source: chromecache_251.7.dr String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_146.7.dr String found in binary or memory: https://sandbox.google.com/inapp/
Source: chromecache_146.7.dr String found in binary or memory: https://sandbox.google.com/inapp/%
Source: chromecache_146.7.dr String found in binary or memory: https://sandbox.google.com/tools/feedback/
Source: chromecache_146.7.dr String found in binary or memory: https://sandbox.google.com/tools/feedback/%
Source: chromecache_146.7.dr String found in binary or memory: https://scone-pa.clients6.google.com
Source: chromecache_277.7.dr String found in binary or memory: https://scontent.xx.fbcdn.net/hads-ak-prn2/1487645_6012475414660_1439393861_n.png
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_darkmode.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_darkmode_v1.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_v1.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/get_family_link_2.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/get_family_link_dark_2.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_0.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_0.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_0.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_0.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/alreadyinstalledfamilylink.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/alreadyinstalledfamilylink_dark.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/installfamilylink.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/installfamilylink_dark.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
Source: chromecache_251.7.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
Source: chromecache_146.7.dr String found in binary or memory: https://stagingqual-feedback-pa-googleapis.sandbox.google.com
Source: chromecache_221.7.dr String found in binary or memory: https://support.google.com
Source: chromecache_146.7.dr String found in binary or memory: https://support.google.com/
Source: chromecache_251.7.dr String found in binary or memory: https://support.google.com/accounts?hl=
Source: chromecache_251.7.dr String found in binary or memory: https://support.google.com/accounts?p=new-si-ui
Source: chromecache_153.7.dr String found in binary or memory: https://support.google.com/chrome/answer/95647
Source: chromecache_146.7.dr String found in binary or memory: https://support.google.com/inapp/
Source: chromecache_146.7.dr String found in binary or memory: https://support.google.com/inapp/%
Source: chromecache_251.7.dr String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: chromecache_146.7.dr String found in binary or memory: https://test-scone-pa-googleapis.sandbox.google.com
Source: chromecache_159.7.dr, chromecache_263.7.dr String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_146.7.dr String found in binary or memory: https://www.google.cn/tools/feedback/
Source: chromecache_146.7.dr String found in binary or memory: https://www.google.cn/tools/feedback/%
Source: chromecache_221.7.dr, chromecache_251.7.dr String found in binary or memory: https://www.google.com
Source: chromecache_251.7.dr String found in binary or memory: https://www.google.com/intl/
Source: chromecache_146.7.dr String found in binary or memory: https://www.google.com/tools/feedback
Source: chromecache_146.7.dr String found in binary or memory: https://www.google.com/tools/feedback/
Source: chromecache_146.7.dr String found in binary or memory: https://www.google.com/tools/feedback/%
Source: chromecache_146.7.dr String found in binary or memory: https://www.google.com/tools/feedback/help_panel_binary.js
Source: chromecache_251.7.dr String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: chromecache_221.7.dr String found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: chromecache_251.7.dr String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_251.7.dr String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_251.7.dr String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_251.7.dr String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_251.7.dr String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: chromecache_251.7.dr String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
Source: chromecache_146.7.dr String found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/
Source: chromecache_146.7.dr String found in binary or memory: https://www.gstatic.com/uservoice/surveys/resources/
Source: chromecache_190.7.dr String found in binary or memory: https://www.internalfb.com/intern/invariant/
Source: chromecache_153.7.dr String found in binary or memory: https://www.youronlinechoices.com/
Source: wOS0RzhMdr.exe, 00000000.00000002.1617299815.0000000001638000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000002.1617404409.0000000001678000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000002.1617342084.0000000001655000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616784963.0000000001654000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.0000000001678000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000002.1617404409.000000000166E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/account
Source: wOS0RzhMdr.exe, 00000000.00000003.1616705617.0000000001663000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.000000000166D000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000002.1617404409.000000000166E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/accountNz
Source: wOS0RzhMdr.exe, 00000000.00000002.1617404409.0000000001678000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.0000000001678000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/accountrosoft
Source: wOS0RzhMdr.exe, 00000000.00000003.1616705617.0000000001663000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000003.1616799581.000000000166D000.00000004.00000020.00020000.00000000.sdmp, wOS0RzhMdr.exe, 00000000.00000002.1617404409.000000000166E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/accounts
Source: chromecache_251.7.dr String found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: chromecache_153.7.dr String found in binary or memory: https://youradchoices.ca/
Source: chromecache_251.7.dr String found in binary or memory: https://youtube.com/t/terms?gl=
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown Network traffic detected: HTTP traffic on port 49888 -> 443
Source: unknown HTTPS traffic detected: 96.7.158.101:443 -> 192.168.2.4:49800 version: TLS 1.2
Source: unknown HTTPS traffic detected: 96.7.158.101:443 -> 192.168.2.4:49805 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49937 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49960 version: TLS 1.2
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BCEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard, 0_2_00BCEAFF
Contains functionality to modify clipboard data
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BCED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard, 0_2_00BCED6A
Contains functionality to read the clipboard data
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BCEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard, 0_2_00BCEAFF
Contains functionality to retrieve information about pressed keystrokes
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BBAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput, 0_2_00BBAA57
Potential key logger detected (key state polling based)
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BE9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, 0_2_00BE9576

System Summary
barindex
Binary is likely a compiled AutoIt script file
Source: wOS0RzhMdr.exe String found in binary or memory: This is a third-party compiled AutoIt script.
Source: wOS0RzhMdr.exe, 00000000.00000000.1610213655.0000000000C12000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: This is a third-party compiled AutoIt script. memstr_93d0fc88-1
Source: wOS0RzhMdr.exe, 00000000.00000000.1610213655.0000000000C12000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer memstr_61ba30c1-5
Source: wOS0RzhMdr.exe String found in binary or memory: This is a third-party compiled AutoIt script. memstr_9e87937b-b
Source: wOS0RzhMdr.exe String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer memstr_3e52957e-0
Contains functionality to communicate with device drivers
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BBD5EB: CreateFileW,DeviceIoControl,CloseHandle, 0_2_00BBD5EB
Contains functionality to launch a process as a different user
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BB1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock, 0_2_00BB1201
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BBE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState, 0_2_00BBE8F6
Detected potential crypto function
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B58060 0_2_00B58060
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BC2046 0_2_00BC2046
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BB8298 0_2_00BB8298
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B8E4FF 0_2_00B8E4FF
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B8676B 0_2_00B8676B
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BE4873 0_2_00BE4873
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B7CAA0 0_2_00B7CAA0
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B5CAF0 0_2_00B5CAF0
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B6CC39 0_2_00B6CC39
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B86DD9 0_2_00B86DD9
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B591C0 0_2_00B591C0
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B6B119 0_2_00B6B119
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B71394 0_2_00B71394
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B71706 0_2_00B71706
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B7781B 0_2_00B7781B
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B719B0 0_2_00B719B0
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B57920 0_2_00B57920
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B6997D 0_2_00B6997D
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B77A4A 0_2_00B77A4A
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B77CA7 0_2_00B77CA7
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B71C77 0_2_00B71C77
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B89EEE 0_2_00B89EEE
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BDBE44 0_2_00BDBE44
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B71F32 0_2_00B71F32
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: String function: 00B70A30 appears 46 times
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: String function: 00B6F9F2 appears 31 times
Uses 32bit PE files
Source: wOS0RzhMdr.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engine Classification label: mal60.evad.winEXE@34/250@40/12
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BC37B5 GetLastError,FormatMessageW, 0_2_00BC37B5
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BB10BF AdjustTokenPrivileges,CloseHandle, 0_2_00BB10BF
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BB16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError, 0_2_00BB16C3
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BC51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode, 0_2_00BC51CD
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BDA67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle, 0_2_00BDA67C
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BC648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize, 0_2_00BC648E
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B542A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource, 0_2_00B542A2
Source: wOS0RzhMdr.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: wOS0RzhMdr.exe ReversingLabs: Detection: 42%
Source: wOS0RzhMdr.exe Virustotal: Detection: 57%
Source: unknown Process created: C:\Users\user\Desktop\wOS0RzhMdr.exe "C:\Users\user\Desktop\wOS0RzhMdr.exe"
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/account
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1992,i,14537402930629995017,4739273616812602229,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1880,i,11865719823189194152,2966907903393157711,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2244,i,936950003870815917,5166186172788337186,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5992 --field-trial-handle=2244,i,936950003870815917,5166186172788337186,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 --field-trial-handle=2244,i,936950003870815917,5166186172788337186,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/account Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/ Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2244,i,936950003870815917,5166186172788337186,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5992 --field-trial-handle=2244,i,936950003870815917,5166186172788337186,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 --field-trial-handle=2244,i,936950003870815917,5166186172788337186,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1880,i,11865719823189194152,2966907903393157711,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1992,i,14537402930629995017,4739273616812602229,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: windows.shell.servicehostbuilder.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A66AEDC-93C3-4ACC-BA96-08F5716429F7}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: wOS0RzhMdr.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: wOS0RzhMdr.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: wOS0RzhMdr.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: wOS0RzhMdr.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: wOS0RzhMdr.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: wOS0RzhMdr.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: wOS0RzhMdr.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: wOS0RzhMdr.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: wOS0RzhMdr.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: wOS0RzhMdr.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: wOS0RzhMdr.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: wOS0RzhMdr.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B542DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_00B542DE
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B70A76 push ecx; ret 0_2_00B70A89
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B6F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput, 0_2_00B6F98E
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BE1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, 0_2_00BE1C41
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe API coverage: 3.0 %
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BC68EE FindFirstFileW,FindClose, 0_2_00BC68EE
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BC698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, 0_2_00BC698F
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BBD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_00BBD076
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BBD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_00BBD3A9
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BC9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_00BC9642
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BC979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_00BC979D
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BBDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, 0_2_00BBDBBE
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BC9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, 0_2_00BC9B2B
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BC5C97 FindFirstFileW,FindNextFileW,FindClose, 0_2_00BC5C97
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B542DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_00B542DE
Source: wOS0RzhMdr.exe, 00000000.00000003.1616799581.0000000001678000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}a
Source: wOS0RzhMdr.exe, 00000000.00000003.1616799581.0000000001678000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BCEAA2 BlockInput, 0_2_00BCEAA2
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B82622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00B82622
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B542DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_00B542DE
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B74CE8 mov eax, dword ptr fs:[00000030h] 0_2_00B74CE8
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BB0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, 0_2_00BB0B62
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B82622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00B82622
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B7083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00B7083F
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B709D5 SetUnhandledExceptionFilter, 0_2_00B709D5
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B70C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00B70C21
Contains functionality to execute programs as a different user
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BB1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock, 0_2_00BB1201
Contains functionality to launch a program with higher privileges
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B92BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW, 0_2_00B92BA5
Contains functionality to simulate keystroke presses
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BBB226 SendInput,keybd_event, 0_2_00BBB226
Contains functionality to simulate mouse events
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BD22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event, 0_2_00BD22DA
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/account Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/ Jump to behavior
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BB0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, 0_2_00BB0B62
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BB1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid, 0_2_00BB1663
Source: wOS0RzhMdr.exe Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: wOS0RzhMdr.exe Binary or memory string: Shell_TrayWnd
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B70698 cpuid 0_2_00B70698
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BC8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW, 0_2_00BC8195
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BAD27A GetUserNameW, 0_2_00BAD27A
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B8BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte, 0_2_00B8BB6F
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00B542DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_00B542DE
OS version to string mapping found (often used in BOTs)
Source: wOS0RzhMdr.exe Binary or memory string: WIN_81
Source: wOS0RzhMdr.exe Binary or memory string: WIN_XP
Source: wOS0RzhMdr.exe Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: wOS0RzhMdr.exe Binary or memory string: WIN_XPe
Source: wOS0RzhMdr.exe Binary or memory string: WIN_VISTA
Source: wOS0RzhMdr.exe Binary or memory string: WIN_7
Source: wOS0RzhMdr.exe Binary or memory string: WIN_8
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BD1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket, 0_2_00BD1204
Source: C:\Users\user\Desktop\wOS0RzhMdr.exe Code function: 0_2_00BD1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket, 0_2_00BD1806
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1438247 Sample: wOS0RzhMdr.exe Startdate: 08/05/2024 Architecture: WINDOWS Score: 60 40 Multi AV Scanner detection for submitted file 2->40 42 Binary is likely a compiled AutoIt script file 2->42 44 Machine Learning detection for sample 2->44 7 wOS0RzhMdr.exe 12 2->7         started        process3 signatures4 46 Binary is likely a compiled AutoIt script file 7->46 48 Found API chain indicative of sandbox detection 7->48 10 chrome.exe 1 7->10         started        13 chrome.exe 7->13         started        15 chrome.exe 7->15         started        process5 dnsIp6 34 192.168.2.23 unknown unknown 10->34 36 192.168.2.4, 443, 49731, 49733 unknown unknown 10->36 38 239.255.255.250 unknown Reserved 10->38 17 chrome.exe 10->17         started        20 chrome.exe 10->20         started        22 chrome.exe 6 10->22         started        24 chrome.exe 13->24         started        26 chrome.exe 15->26         started        process7 dnsIp8 28 142.250.217.68 GOOGLEUS United States 17->28 30 consent.youtube.com 142.250.217.78, 443, 49741 GOOGLEUS United States 17->30 32 12 other IPs or domains 17->32
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.217.78
 consent.youtube.com United States
15169 GOOGLEUS false
157.240.3.35
 star-mini.c10r.facebook.com United States
32934 FACEBOOKUS false
142.251.215.228
 unknown United States
15169 GOOGLEUS false
142.250.69.196
 www.google.com United States
15169 GOOGLEUS false
157.240.3.29
 scontent.xx.fbcdn.net United States
32934 FACEBOOKUS false
142.251.33.78
 play.google.com United States
15169 GOOGLEUS false
142.250.217.68
 unknown United States
15169 GOOGLEUS false
142.251.215.238
 www3.l.google.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
142.250.69.206
 youtube-ui.l.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.4
192.168.2.23

Contacted Domains

Name IP Active
star-mini.c10r.facebook.com 157.240.3.35 true
youtube-ui.l.google.com 142.250.69.206 true
scontent.xx.fbcdn.net 157.240.3.29 true
scontent-sea1-1.xx.fbcdn.net 157.240.3.29 true
www3.l.google.com 142.251.215.238 true
play.google.com 142.251.33.78 true
consent.youtube.com 142.250.217.78 true
www.google.com 142.250.69.196 true
www.facebook.com unknown unknown
accounts.youtube.com unknown unknown
www.youtube.com unknown unknown
static.xx.fbcdn.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3Fcbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1 false
    		high
    https://static.xx.fbcdn.net/rsrc.php/v3i0Wo4/y7/l/en_US/S0UnEh8aVas.js?_nc_x=Ij3Wp8lg5Kz false
      		high
      https://static.xx.fbcdn.net/rsrc.php/v3i1j-4/yd/l/en_US/CkmvYgW1RCO.js?_nc_x=Ij3Wp8lg5Kz false
        		high
        https://scontent-sea1-1.xx.fbcdn.net/v/t15.5256-10/435806348_2056030048129871_133965968391625813_n.jpg?stp=dst-jpg_s960x960&_nc_cat=105&ccb=1-7&_nc_sid=5f2048&_nc_ohc=EJduSeommVMQ7kNvgFeoICL&_nc_ht=scontent-sea1-1.xx&oh=00_AfDF60PAJV1hUDRUVe-SH1Pid5cK6tOGU_oYNZJ3tb46gg&oe=66415388 false
          		high
          https://scontent-sea1-1.xx.fbcdn.net/v/t15.5256-10/431156668_1620665545384605_915990377324220400_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=F7eU6iX3fFcQ7kNvgGadPCi&_nc_ht=scontent-sea1-1.xx&oh=00_AfAL99EvhbJBeI1YpHlqkSLKc5l4jf91sSisFIqExKnaTA&oe=6641493D false
            		high
            https://www.facebook.com/video false
              		high
              https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=MODERATE&__comet_req=15&__hs=19851.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7366602721685935352&__req=f&__rev=1013352039&__s=%3A%3Aj5cfe8&__spin_b=trunk&__spin_r=1013352039&__spin_t=1715170853&__user=0&dpr=1&jazoest=21012&lsd=AVpqbdyRMMQ&ph=C3 false
                		high
                https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=MODERATE&__comet_req=15&__hs=19851.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7366602721685935352&__req=9&__rev=1013352039&__s=%3A%3Aj5cfe8&__spin_b=trunk&__spin_r=1013352039&__spin_t=1715170853&__user=0&dpr=1&jazoest=21012&lsd=AVpqbdyRMMQ&ph=C3 false
                  		high
                  https://scontent-sea1-1.xx.fbcdn.net/v/t39.30808-1/396702677_171658159346705_8717982570021657849_n.jpg?stp=c0.2.50.50a_cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=bHh6vqzJT4kQ7kNvgE4u0on&_nc_oc=Adi3yv6cPV6WUfRcRgElYwheMtb_FHVqiyL_c4RSaPt2ZyxAZckpYN9OOcwtdtWkDkw&_nc_ht=scontent-sea1-1.xx&oh=00_AfCZJIC46nDttj8YqfPyVx1FsXc0XqpNqO2BmA4xzMVxwQ&oe=6641384C false
                    		high
                    https://scontent-sea1-1.xx.fbcdn.net/v/t15.5256-10/438044171_458137003331528_7227878656750103728_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=ePljllKw-kYQ7kNvgEd-kGE&_nc_ht=scontent-sea1-1.xx&oh=00_AfD_2WEGQ0a9qoIx3VLhEvcfJrzi7jsOB6W0YWnpg_ytXQ&oe=664151B8 false
                      		high
                      https://scontent-sea1-1.xx.fbcdn.net/v/t1.6435-1/117945607_10158758083394359_5707836482966237430_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=dp2GD43HuQMQ7kNvgHy63g1&_nc_ht=scontent-sea1-1.xx&oh=00_AfD5tFFg9zyFUSIZzIr3-wacTmG7LtVCH73NV1kpKirmCQ&oe=6662DC17 false
                        		high
                        https://static.xx.fbcdn.net/rsrc.php/v3/yy/r/QvRwf2kCBWN.js?_nc_x=Ij3Wp8lg5Kz false
                          		high
                          https://static.xx.fbcdn.net/rsrc.php/v3i-N64/yR/l/en_US/__dKgJRlh2h.js?_nc_x=Ij3Wp8lg5Kz false
                            		high
                            https://scontent-sea1-1.xx.fbcdn.net/v/t51.29350-10/442274967_1168580254145541_3493657569876780855_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=prUFMQSQvg8Q7kNvgF3_ZZ_&_nc_ht=scontent-sea1-1.xx&oh=00_AfCg-08EItEotvvjFISJQyzcY970MBfxUvUeH2wsP7D91Q&oe=66414D22 false
                              		high
                              https://static.xx.fbcdn.net/rsrc.php/v3i_8K4/yu/l/en_US/RRm2quQ_ymn.js?_nc_x=Ij3Wp8lg5Kz false
                                		high
                                https://scontent-sea1-1.xx.fbcdn.net/v/t15.5256-10/437264668_967687381470555_5828081054359529464_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=6n-Wkb-iis4Q7kNvgEOzISE&_nc_ht=scontent-sea1-1.xx&oh=00_AfCAuv6XaBVJrdk9DL_y0zi7PCB4aJDQLJxKBwecCAmAig&oe=66414FBE false
                                  		high
                                  https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=MODERATE&__comet_req=15&__hs=19851.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7366602721685935352&__req=g&__rev=1013352039&__s=%3A%3Aj5cfe8&__spin_b=trunk&__spin_r=1013352039&__spin_t=1715170853&__user=0&dpr=1&jazoest=21012&lsd=AVpqbdyRMMQ&ph=C3 false
                                    		high
                                    https://static.xx.fbcdn.net/rsrc.php/v3iqR14/ya/l/en_US/CZK9hIJfUT9MWQbd8r4el7cmNagSyOYRHxsw_y3zVOBS5r1v89-9txafWxL1rr0Obq.js?_nc_x=Ij3Wp8lg5Kz false
                                      		high
                                      https://static.xx.fbcdn.net/rsrc.php/v3iGOv4/y4/l/en_US/-x90MGiC1no.js?_nc_x=Ij3Wp8lg5Kz false
                                        		high
                                        https://static.xx.fbcdn.net/rsrc.php/v3iUWN4/ym/l/en_US/GMXqH6fpKj8kNh8HMurVWLCChF1PIAKaP1CbkgMq5FOPpOluDD8I1DX6ioRlvd0S7bHsNs6qzRz09kGvWYM3lY7b4QjbM1czRiNuk6-vmGVJGHrTRdkwmU8Y3aateXJfeaBmkOoKy1Hk65WVdCM02luxat.js?_nc_x=Ij3Wp8lg5Kz false
                                          		high
                                          https://scontent-sea1-1.xx.fbcdn.net/v/t15.5256-10/435550579_821769886667232_1269198965642895530_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=h1lEuenbUjwQ7kNvgGu3Zy0&_nc_oc=AdgVm75zOPNJTuIzYyVMfOoFP6QzLoBcTAJ7NXgz5UZCFdASUhgG6EL5MWVy9kmztbs&_nc_ht=scontent-sea1-1.xx&oh=00_AfB-gNfChhR861J91DiocxYaLUhYBUHo1b9aD38xXWP0mQ&oe=66414442 false
                                            		high
                                            https://static.xx.fbcdn.net/rsrc.php/v3ivxz4/yX/l/en_US/POM937Mb8xn.js?_nc_x=Ij3Wp8lg5Kz false
                                              		high
                                              https://scontent-sea1-1.xx.fbcdn.net/v/t39.30808-1/393414989_10231917119529525_1328038575815312263_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=YJ69uZOi-gMQ7kNvgGNP4sW&_nc_ht=scontent-sea1-1.xx&oh=00_AfCap9xq5Xz2jCVo9GvtbyT9Og5NgmedZ93YYf_MCLOixQ&oe=6641385B false
                                                		high
                                                https://scontent-sea1-1.xx.fbcdn.net/v/t15.5256-10/437850765_466620355864943_8579133412090442779_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=Gupe0hN6rvYQ7kNvgG49q5f&_nc_ht=scontent-sea1-1.xx&oh=00_AfCaMdnNPyINakMNDgigiwXN07D6W_Ko-C7V8-KMNUxRtg&oe=6641561E false
                                                  		high
                                                  https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=MODERATE&__comet_req=15&__hs=19851.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7366602721685935352&__req=7&__rev=1013352039&__s=%3A%3Aj5cfe8&__spin_b=trunk&__spin_r=1013352039&__spin_t=1715170853&__user=0&dpr=1&jazoest=21012&lsd=AVpqbdyRMMQ&ph=C3 false
                                                    		high
                                                    https://scontent-sea1-1.xx.fbcdn.net/v/t15.5256-10/438258606_816413083681717_4862683362262365018_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=RT7FEn2ynS4Q7kNvgFiGZEu&_nc_ht=scontent-sea1-1.xx&oh=00_AfA2QK0n9HnB-F9e_4r57C-Zt7Qh-Je8hIxB_tw1bWC2vg&oe=66412657 false
                                                      		high
                                                      https://scontent-sea1-1.xx.fbcdn.net/v/t39.30808-1/435321163_806647388163956_1397772289246415064_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=R0gTO9Lz6QEQ7kNvgGVZ4AK&_nc_ht=scontent-sea1-1.xx&oh=00_AfB6acbfpLnFWa89Joi0cjBQluFVJL79RZaB9300G-6Awg&oe=66414346 false
                                                        		high
                                                        https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/DoQsxX0OV5G.png false
                                                          		high
                                                          https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=MODERATE&__comet_req=15&__hs=19851.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7366602721685935352&__req=b&__rev=1013352039&__s=%3A%3Aj5cfe8&__spin_b=trunk&__spin_r=1013352039&__spin_t=1715170853&__user=0&dpr=1&jazoest=21012&lsd=AVpqbdyRMMQ&ph=C3 false
                                                            		high
                                                            https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=MODERATE&__comet_req=15&__hs=19851.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7366602721685935352&__req=h&__rev=1013352039&__s=%3A%3Aj5cfe8&__spin_b=trunk&__spin_r=1013352039&__spin_t=1715170853&__user=0&dpr=1&jazoest=21012&lsd=AVpqbdyRMMQ&ph=C3 false
                                                              		high
                                                              https://www.facebook.com/shared/user_preferences/ false
                                                                		high
                                                                https://static.xx.fbcdn.net/rsrc.php/v3/yh/r/JAwvXd3ezPi.js?_nc_x=Ij3Wp8lg5Kz false
                                                                  		high
                                                                  https://www.facebook.com/images/cookies/cookie_info_card_image_3.png false
                                                                    		high
                                                                    https://www.youtube.com/account false
                                                                      		high
                                                                      https://www.google.com/favicon.ico false
                                                                        		high
                                                                        https://www.facebook.com/data/manifest/ false
                                                                          		high
                                                                          https://www.facebook.com/images/cookies/cookie_info_card_image_1.png false
                                                                            		high
                                                                            https://static.xx.fbcdn.net/rsrc.php/v3/yY/r/YT7n1sgH1lv.js?_nc_x=Ij3Wp8lg5Kz false
                                                                              		high
                                                                              https://static.xx.fbcdn.net/rsrc.php/yT/r/aGT3gskzWBf.ico false
                                                                                		high
                                                                                https://scontent-sea1-1.xx.fbcdn.net/v/t15.5256-10/436545513_446511401381578_5294566616458907574_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=LrEp4CTte5kQ7kNvgGM7NrM&_nc_ht=scontent-sea1-1.xx&oh=00_AfAHdnlW1-I74lc4ncfSEUQ1edsjH95bl1k7AdEg93s5ew&oe=6641409F false
                                                                                  		high
                                                                                  https://scontent-sea1-1.xx.fbcdn.net/v/t39.30808-1/409042630_2662008933950824_8025272100136268169_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=An-5CScO3F4Q7kNvgGM6SlA&_nc_ht=scontent-sea1-1.xx&oh=00_AfAAFB4guXhScPb46PeGdowgo0kurJG6HHPt0vOrif91fQ&oe=66413520 false
                                                                                    		high
                                                                                    https://scontent-sea1-1.xx.fbcdn.net/v/t15.5256-10/438210238_1563465891113989_5042759433644811503_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=r9MeOSD80dAQ7kNvgFj30wi&_nc_ht=scontent-sea1-1.xx&oh=00_AfArDHRY-1ooKjcBBxJP8qt3wSEOKvcQ8gKJ_8XflUSpmQ&oe=664149A8 false
                                                                                      		high
                                                                                      https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=MODERATE&__comet_req=15&__hs=19851.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7366602721685935352&__req=a&__rev=1013352039&__s=%3A%3Aj5cfe8&__spin_b=trunk&__spin_r=1013352039&__spin_t=1715170853&__user=0&dpr=1&jazoest=21012&lsd=AVpqbdyRMMQ&ph=C3 false
                                                                                        		high
                                                                                        https://scontent.xx.fbcdn.net/hads-ak-prn2/1487645_6012475414660_1439393861_n.png false
                                                                                          		high
                                                                                          https://scontent-sea1-1.xx.fbcdn.net/v/t15.5256-10/438140576_810879627154232_8018239213206393606_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=uY7g8JAoJlcQ7kNvgFbWS5R&_nc_ht=scontent-sea1-1.xx&oh=00_AfAJmoSm6MV81173nfdpCLx3SVJA25kwOWggTRc0aEpiZA&oe=66413BE9 false
                                                                                            		high
                                                                                            https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=MODERATE&__comet_req=15&__hs=19851.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7366602721685935352&__req=8&__rev=1013352039&__s=%3A%3Aj5cfe8&__spin_b=trunk&__spin_r=1013352039&__spin_t=1715170853&__user=0&dpr=1&jazoest=21012&lsd=AVpqbdyRMMQ&ph=C3 false
                                                                                              		high
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3iccu4/ya/l/en_US/6rQ0sXDAmAD2yCsfbFF-h9qHqAxrZ3H_zMNMKvjSlKEGPtRb-6Q4bh0DjHBN5qwLYeDYvatkvPhoO357SFudnydL47uT4r-mh8t1Rdzuzi16yg81ExzMY8nYrGc1wa-Oq19cr_l1DuzAtWVDh4cn1CMxub3y91qmloYqXUFMdCGiz3OF_eJMlvvhSHqBd7ucOoHW0Vp55HfXW__mMgFRlCsGN0FHzi95_wmB-51YxoStyBz2gE2pEQn4HVER6.js?_nc_x=Ij3Wp8lg5Kz false
                                                                                                		high
                                                                                                https://static.xx.fbcdn.net/rsrc.php/v3/yb/r/7NqDjYL3eb9.png false
                                                                                                  		high
                                                                                                  https://static.xx.fbcdn.net/rsrc.php/v3/y0/r/eFZD1KABzRA.png false
                                                                                                    		high
                                                                                                    https://static.xx.fbcdn.net/rsrc.php/v3/yr/l/0,cross/TsTPhJ8tnYK.css?_nc_x=Ij3Wp8lg5Kz false
                                                                                                      		high
                                                                                                      https://static.xx.fbcdn.net/rsrc.php/v3iWd-4/yM/l/en_US/F4tb5aV_NsM.js?_nc_x=Ij3Wp8lg5Kz false
                                                                                                        		high
                                                                                                        https://static.xx.fbcdn.net/rsrc.php/v3/y7/r/NbXdFDdRGFv.js?_nc_x=Ij3Wp8lg5Kz false
                                                                                                          		high
                                                                                                          https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/q8Uic1K195T.png false
                                                                                                            		high
                                                                                                            https://scontent-sea1-1.xx.fbcdn.net/v/t15.5256-10/437747031_1118259172742570_5211171622273621415_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=QebpijfmOCIQ7kNvgEzSrH5&_nc_ht=scontent-sea1-1.xx&oh=00_AfAi77PVaEdZE9uadoKKdxO7EO57QygleFiAfBjX1Ly_lg&oe=66413BE8 false
                                                                                                              		high
                                                                                                              https://scontent-sea1-1.xx.fbcdn.net/v/t39.30808-1/426261347_251268561353867_26185636506664007_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=5f2048&_nc_ohc=xZ-NDV8n6VwQ7kNvgHyGG3L&_nc_ht=scontent-sea1-1.xx&oh=00_AfCh3QfqjonPd7IHUGcRNZNMviFQZ-36STWy6Kh1RTg8aQ&oe=664130FF false
                                                                                                                		high