Loading ...

Play interactive tourEdit tour

Analysis Report unmapped_executable_of_polyglot_duke.bin

Overview

General Information

Sample Name:unmapped_executable_of_polyglot_duke.bin (renamed file extension from bin to dll)
Analysis ID:356346
MD5:b06e835c0c28ecc8dec84cfc1ac10285
SHA1:de1df46e1fa3ff9c500efb8b367c663f2317f4dd
SHA256:68b2524160410a18cd61ba66d9699cdfde6a4c7ffc207667d20c90fa84a03a87
Tags:APT29PolyGlotDukeTrojanUnpacked

Most interesting Screenshot:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication

Classification

Startup

  • System is w10x64
  • loaddll64.exe (PID: 6992 cmdline: loaddll64.exe 'C:\Users\user\Desktop\unmapped_executable_of_polyglot_duke.dll' MD5: 40E30D559A47CDA935973FA18C34ABA6)
    • rundll32.exe (PID: 7048 cmdline: rundll32.exe C:\Users\user\Desktop\unmapped_executable_of_polyglot_duke.dll,InitSvc MD5: 73C519F050C20580F8A62C849D49215A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: unmapped_executable_of_polyglot_duke.dllVirustotal: Detection: 11%Perma Link
Source: C:\Windows\System32\rundll32.exeCode function: 2_2_67704578 CryptImportKey,malloc,CryptEncrypt,free,malloc,CryptDestroyKey,2_2_67704578
Source: C:\Windows\System32\rundll32.exeCode function: 2_2_6770163C malloc,CryptAcquireContextW,2_2_6770163C
Source: C:\Windows\System32\rundll32.exeCode function: 2_2_67703A1C CryptCreateHash,CryptHashData,CryptGetHashParam,lstrcpyA,free,malloc,malloc,CryptDestroyHash,2_2_67703A1C
Source: C:\Windows\System32\rundll32.exeCode function: 2_2_6770532C malloc,malloc,CryptGenRandom,free,free,2_2_6770532C
Source: C:\Windows\System32\rundll32.exeCode function: 2_2_67702804 lstrlenA,malloc,swprintf,free,free,CryptCreateHash,CryptHashData,CryptDestroyHash,CryptImportKey,CryptDestroyHash,CryptVerifySignatureW,free,2_2_67702804
Source: C:\Windows\System32\rundll32.exeCode function: 2_2_67704688 CryptImportKey,malloc,CryptDecrypt,free,malloc,CryptDestroyKey,2_2_67704688

Compliance:

barindex
Uses secure TLS version for HTTPS connectionsShow sources
Source: unknownHTTPS traffic detected: 5.9.110.84:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.244.42.1:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.244.42.70:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.204.156:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49774 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.244.42.1:443 -> 192.168.2.6:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49827 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49856 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49874 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49883 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49892 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49901 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49910 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49929 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49939 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49951 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49960 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49969 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49979 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49988 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.6:49997 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
Source: unmapped_executable_of_polyglot_duke.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
Source: C:\Windows\System32\rundll32.exeCode function: 2_2_67703C7C lstrcpyW,free,lstrlenW,SHFileOperationW,lstrcpyW,lstrcatW,FindFirstFileW,lstrcpyW,lstrcatW,lstrcatW,SHFileOperationW,FindNextFileW,FindClose,2_2_67703C7C
Source: C:\Windows\System32\rundll32.exeCode function: 2_2_677030C4 lstrcpyW,lstrcatW,FindFirstFileW,malloc,realloc,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose,2_2_677030C4

Networking:

barindex
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:54064 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:54982 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:63816 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:55014 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:62208 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:57574 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:56628 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:60778 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:53799 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:54683 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:61178 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:55066 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2018316 ET TROJAN Zeus GameOver Possible DGA NXDOMAIN Responses 8.8.8.8:53 -> 192.168.2.6:55066
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:56570 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:58454 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:55180 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:58721 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:57691 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:52943 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:59489 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:64022 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:50248 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:64413 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:60345 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:58730 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:53830 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:53187 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:55728 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2028850 ET TROJAN PolyglotDuke Domain Observed 192.168.2.6:55694 -> 8.8.8.8:53
Source: Joe Sandbox ViewIP Address: 104.244.42.1 104.244.42.1
Source: Joe Sandbox ViewIP Address: 104.244.42.1 104.244.42.1
Source: Joe Sandbox ViewIP Address: 216.239.32.21 216.239.32.21
Source: Joe Sandbox ViewIP Address: 216.239.32.21 216.239.32.21
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: C:\Windows\System32\rundll32.exeCode function: 2_2_67705440 ObtainUserAgentString,malloc,lstrlenA,malloc,lstrcpynA,lstrlenA,malloc,lstrcpynA,free,free,free,lstrlenA,lstrlenA,lstrlenA,realloc,lstrcatA,lstrcatA,lstrcatA,lstrcatA,free,lstrlenA,lstrlenA,lstrlenA,realloc,lstrcatA,lstrcatA,lstrcatA,lstrcatA,free,free,InternetOpenA,free,calloc,InternetSetOptionA,InternetSetOptionA,InternetSetOptionA,InternetConnectA,HttpOpenRequestA,lstrlenA,HttpAddRequestHeadersA,free,HttpSendRequestA,GetDesktopWindow,InternetErrorDlg,CloseHandle,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,malloc,realloc,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,free,free,free,2_2_67705440
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /publish/pBn8Jt HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: simp.lyConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /np8j7ovqdl HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: twitter.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /vz1g3wmwu HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: www.fotolog.comConnection: Keep-AliveCache-Control: no-cacheCookie: __cfduid=d16784b15f2ba7456290599dc38431f151614033840
Source: global trafficHTTP traffic detected: GET /billywilliams/5a0170161cb602262f000d2c HTTP/1.1Accept: text/html, application/xhtml+xml, */*User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)Host: thinkery.meConnection: Keep-AliveCache-Control: no-cache
Source: rundll32.exe, 00000002.00000003.423757010.000001DEAA276000.00000004.00000001.sdmpString found in binary or memory: https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdh equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.411842354.000001DEA853F000.00000004.00000001.sdmpString found in binary or memory: .tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnap equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000002.580858440.000001DEAA264000.00000004.00000001.sdmpString found in binary or memory: /vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdh equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.411842354.000001DEA853F000.00000004.00000001.sdmpString found in binary or memory: 7wimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.pd equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.543376737.000001DEAA273000.00000004.00000001.sdmpString found in binary or memory: ://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdh equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.384676127.000001DEAA27B000.00000004.00000001.sdmpString found in binary or memory: ://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://www.google-analytics.com https://twitter.com https: equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.384676127.000001DEAA27B000.00000004.00000001.sdmpString found in binary or memory: ; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytic equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000002.580858440.000001DEAA264000.00000004.00000001.sdmpString found in binary or memory: alytics.com https://app.app.simplenote.comapp.simplenote.com/vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdh equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.367356640.000001DEA854C000.00000004.00000001.sdmpString found in binary or memory: amaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://www.google-analytics.com https://twitter.com https://app.link 'nonce-MzZkMDU4ODctNjgyNC00ZmI4LWFlMTYtZGJlN2Q2MWY1Yjk2'; style-src 'self' 'unsafe-inline' https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.421030454.000001DEA8579000.00000004.00000001.sdmpString found in binary or memory: blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://www.google-analytics.com https://twitter.com https://app.link 'nonce-ZjNkYzhiZTItNDE4Ny00MDdhLTk0YzQtNjA0NmM0ZWM2Nc equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.416418693.000001DEA8542000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net h equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.350076633.000001DEA854D000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net h equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.450046492.000001DEA853F000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https:/ equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.423757010.000001DEAA276000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdh equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.338412221.000001DEA855C000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdh equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.426876801.000001DEA8573000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://www.google-analytics.com https://twitter.com https://app.link 'nonce-M2Q2ZGFmMjMtZTU5ZC00NWFmLWE5YmItNGI2ZThhMmEwZWQy'; style-src 'self' 'unsafe-inline' https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.508677476.000001DEAA295000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://www.google-analytics.com https://twitter.com https://app.link 'nonce-MDYxZWVjZjUtZjY5NC00MWY3LTg3NWMtZjc0ODhkMTBmYWZj'; style-src 'self' 'unsafe-inline' https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.547778922.000001DEAA298000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://www.google-analytics.com https://twitter.com https://app.link 'nonce-MjVkMzA1MWMtMWQ2Mi00MjE1LWFlY2EtNmRhMDE2M2IwMGI4'; style-src 'self' 'unsafe-inline' https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.508667623.000001DEAA290000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://www.google-analytics.com https://twitter.com https://app.link 'nonce-MmZhNWY3NWMtOTc1Mi00NTFlLThmMWEtZDA4MTFhMDhmZjUx'; style-src 'self' 'unsafe-inline' https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.547487384.000001DEA8549000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://www.google-analytics.com https://twitter.com https://app.link 'nonce-MzIwYzUwYzEtNWQ3YS00YWRlLTgyY2EtZGM2NmNjOTdhNTVj'; style-src 'self' 'unsafe-inline' https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.321010189.000001DEA855B000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://www.google-analytics.com https://twitter.com https://app.link 'nonce-MzdiNWFlNWYtZmJjNy00YTg1LTgxNzQtYWQ1YWM5N2Y0Y2Ux'; style-src 'self' 'unsafe-inline' https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000002.581005966.000001DEAA298000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://www.google-analytics.com https://twitter.com https://app.link 'nonce-NDRlZTViOTctYTg1Yy00ZTc5LWE4YjUtYmI2ODA0Njg5NDNh'; style-src 'self' 'unsafe-inline' https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.450020972.000001DEAA29B000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://www.google-analytics.com https://twitter.com https://app.link 'nonce-NTY3Mjg2Y2QtMjY0MS00N2FmLWIxZjctYzg1ODZjNThkNWNk'; style-src 'self' 'unsafe-inline' https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.508667623.000001DEAA290000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://www.google-analytics.com https://twitter.com https://app.link 'nonce-OTRlMzI0MzktZTVmNC00NGZhLWIxMmQtOWVkOWQzNGVhMDZj'; style-src 'self' 'unsafe-inline' https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.426876801.000001DEA8573000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://www.google-analytics.com https://twitter.com https://app.link 'nonce-OWZkODBmZTEtNWFjNS00MzY1LWI1ODUtNTk0NzQ3MGZhMjhi'; style-src 'self' 'unsafe-inline' https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.508667623.000001DEAA290000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://www.google-analytics.com https://twitter.com https://app.link 'nonce-YTNhMGIyZWUtMTQ0Ni00OGQ2LWI4MjgtODdlN2Q5ZjQ3YzNi'; style-src 'self' 'unsafe-inline' https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.547778922.000001DEAA298000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://www.google-analytics.com https://twitter.com https://app.link 'nonce-YTcxYzRjNGYtOTM4Ny00MWI4LTg0NTAtMGJiZDExNDliMThl'; style-src 'self' 'unsafe-inline' https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000002.581005966.000001DEAA298000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://www.google-analytics.com https://twitter.com https://app.link 'nonce-YThmMjMxOTgtNjdkOS00ZWZlLTkzMWQtZWRlNTliZTQ1NzYx'; style-src 'self' 'unsafe-inline' https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.403527373.000001DEA8575000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://www.google-analytics.com https://twitter.com https://app.link 'nonce-YjQyNWU0NzAtMGE4Ny00NTIwLTlhOTAtOWFmNTkzZTJjMjhm'; style-src 'self' 'unsafe-inline' https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.547778922.000001DEAA298000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://www.google-analytics.com https://twitter.com https://app.link 'nonce-YjczNzA0MmItNmY0NC00NzY5LWExYmMtODk4NDc2OTE3ZTE1'; style-src 'self' 'unsafe-inline' https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.469351386.000001DEAA28D000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://www.google-analytics.com https://twitter.com https://app.link 'nonce-YzljMjBhMGYtOTJkZi00YmMxLWEzNjktZTU3MGJkZTNiMGI3'; style-src 'self' 'unsafe-inline' https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false equals www.twitter.com (Twitter)
Source: rundll32.exe, 00000002.00000003.547778922.000001DEAA298000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh